jimnall
-
Posts
29 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by jimnall
-
-
Comments on some of these i've used:
OpenOffice - GREAT! and free worth a donation if you can
RealVNC - 'port forwarding' aka remote access to computer on a LAN remote from yours.... works great, displays entire desktop and allows remote running of any App on that desktop....there does appear to be some conflict with MBAM though....separate post
7ZIP - with Winzip changing its download rules 7zip appears to be a good alternative
AVAST & Avanti - i've had situations where neither program prevented an infection that MBAM picked up...I'm telling everyone that they should run MBAM in addition to any of these AV pgms
GIMP - only used it using UBUNTU but its very powerful there
Jim Nall
-
Just thought I'd post a topic where you can list any useful, free (non-security related) programs that you reccommend. This is my third attempt at posting this topic... due to the multitude of tabs open that it requires to get all the urls, I've accidently closed this halfway through the post, twice.
Back on topic, here's a few free programs I like:
7-Zip: Simple file archiver and extractor. Supports many file types including .zip, .rar and .7z. Simple, hassle-free install and easy to use.
Paint.NET: Fairly powerful image editor with support for layers, transparancy and plugins. Not as powerful as a full-featured editor, but much easier to use.
GIMP: Powerful multiplatform image editor. More difficult to use than Paint.NET, but more powerful.
Virtualdub: Simple .avi editor. Useful for basic editing such as cropping and compressing video. Can combine a sequence of images into a video for purposes such as time-lapse. Does not require install.
Apophysis: Fractal flame editor and renderer. Can be used to make interesting computer wallpaper. Does not need install.
Coretemp: Small application to measure the temperature of each individual CPU core. Logs teperatures for later analysis, and can run in the notification area to provide constant info. Does not install.
wPrime: Multithreaded CPU benchmark and stress test. Does not install.
CPU-Z: Application to gather information about the CPU, memory and motherboard. Does not install.
GPU-Z: A similar application to CPU-Z, but for the GPU (It's not made by the same person, but they got permission to use a name so similar to CPU-Z). It also measures GPU temperature.
****Great List but when I tried 7ZIP I got an MBAM notice that it has an virus......when I downloaded from http://www.7-zip.org/download.html I did not get the virus error..........be careful where you download 7zip from
-
I have a similar problem. Hope it's OK to post here as a reply....
13:44:39 jim nall IP-BLOCK 89.28.94.156 (Type: outgoing)
13:45:54 jim nall IP-BLOCK 62.45.206.211 (Type: outgoing)
are the blocked IPs i'm getting. Yes I do have P2P....filevoom vuse and maybe others.
do i need to uninstall P2P SW?
I just had a friend purchase and install mbam. He is now getting about 2-3 times an hour at :15 past the hour a blocked outgoing IP address. His machine is clean as far as I can tell. I have run TDSSkiller, GMER, autoruns, process explorer, gmer's mbr.exe and of course mbam and they are all clean.My question is there any semi-benign (ie. web surfing ad's) ways that a process/program would be trying to get out. The IP is in the Ukraine. Or is it most likely an infection that I'm missing.
-
I'm getting repeated IP Block outgoing messages...
13:44:39 jim nall IP-BLOCK 89.28.94.156 (Type: outgoing)
13:45:54 jim nall IP-BLOCK 62.45.206.211 (Type: outgoing)
The IP addresses are owned by someone in theNetherlands and the other in east europe. How can I remove this outgoing activity? It takes up unnecessary computer cycles.
I am getting repeated IP Blocks from Malwarebytes. From the logs:8:16:18 slc IP-BLOCK 174.132.79.61 (Type: outgoing, Port: 50412, Process: firefox.exe) (Dec. 19)
08:17:34 slc IP-BLOCK 174.132.79.61 (Type: outgoing, Port: 49986, Process: firefox.exe) (Dec 20)
14:28:37 slc IP-BLOCK 174.132.79.61 (Type: outgoing, Port: 52018, Process: firefox.exe)
18:56:28 slc IP-BLOCK 174.132.79.61 (Type: outgoing, Port: 54319, Process: firefox.exe)
22:55:10 slc IP-BLOCK 174.132.79.61 (Type: outgoing, Port: 54917, Process: firefox.exe)
And more including today. I
-
I'm running the latest (1.46) version of Malwarebytes.
I'm also running Norton AV 2010 (latest version).
Norton ignores wmpscfgs.exe but MBAM keeps asking if I want to quarantine wmpscfgs.exe. I tell it yes. The next time I reboot the virus is detected again by MBAM.
A description in PREVx seems to say that this virus creates many files/copies of itself under different names so removing it may be a problem.
I've read the previous post by Kahdah and am following it.
I'll post the results to this post in case I need to ask more questions.
Thanks in advance for your help.
OTL.TXT
OTL logfile created on: 5/23/2010 2:22:38 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = D:\COMPUTER\Anti-Virus antiSpyantiSpam\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 45.49 Gb Free Space | 61.04% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 67.80 Gb Free Space | 22.74% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MSI-6400
Current User Name: jim nall
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - D:\COMPUTER\Anti-Virus antiSpyantiSpam\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Prevx\prevx.exe (Prevx)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe (Ipswitch)
PRC - C:\Program Files\TrueSwitchEsaya\TrueWizard.exe (Esaya)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Search Protection\searchprotection.exe (Yahoo! Inc)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\DualCoreCenter.exe ()
PRC - C:\Program Files\MSI\DigiCell\DigiCell.exe ()
PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\drgtodsc.exe (Roxio)
PRC - C:\Program Files\ScanSoft\OmniPageSE2.0\opwarese2.exe (ScanSoft, Inc.)
PRC - C:\WINDOWS\system32\umonit.exe (General)
========== Modules (SafeList) ==========
MOD - D:\COMPUTER\Anti-Virus antiSpyantiSpam\OTL\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll (ScanSoft, Inc.)
========== Win32 Services (SafeList) ==========
SRV - (CSIScanner) -- C:\Program Files\Prevx\prevx.exe (Prevx)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)
========== Driver Services (SafeList) ==========
DRV - (pxrts) -- C:\WINDOWS\system32\drivers\pxrts.sys (Prevx)
DRV - (pxscan) -- C:\WINDOWS\System32\drivers\pxscan.sys (Prevx)
DRV - (pxkbf) -- C:\WINDOWS\system32\drivers\pxkbf.sys (Prevx)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100523.004\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100523.004\NAVENG.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\BASHDefs\20100429.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\SRTSPX.SYS (Symantec Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\ccHPx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\SYMDS.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\IPSDefs\20100513.002\IDSXpx86.sys (Symantec Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Cdralw2k) -- C:\WINDOWS\system32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (RushTopDevice2) -- C:\Program Files\ATI Technologies\ATI.ACE\RushTop.sys (Your Corporation)
DRV - (DualCoreCenter) -- C:\Program Files\ATI Technologies\ATI.ACE\NTGLM7X.sys (MICRO-STAR INT'L CO., LTD.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (NVR0Dev) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.)
DRV - (nvata) -- C:\WINDOWS\System32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (DigiCellDriver) -- C:\Program Files\MSI\DigiCell\NTGLM7X.sys (Your Corporation)
DRV - (cdudf_xp) -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys (Roxio)
DRV - (dvd_2K) -- C:\WINDOWS\system32\drivers\dvd_2k.sys (Roxio)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys (Windows ® 2000 DDK provider)
DRV - (UDFReadr) -- C:\WINDOWS\system32\drivers\Udfreadr.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\system32\drivers\mmc_2k.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\system32\drivers\Pwd_2k.sys (Roxio)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (fixustor) -- C:\WINDOWS\system32\drivers\fixustor.sys (Genesys Logic)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/12/17 11:34:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\IPSFFPlgn\ [2010/04/26 18:07:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/04/09 09:46:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/05/03 22:31:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SafeOnline BHO) - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll (Prevx)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [uMonit] C:\WINDOWS\system32\umonit.exe (General)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\searchprotection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk = C:\Program Files\ATI Technologies\ATI.ACE\StartUpDualCoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\jim nall\Start Menu\Programs\Startup\TrueAssistant.lnk = C:\Program Files\TrueSwitchEsaya\TrueWizard.exe (Esaya)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1261948522796 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1260844933624 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1260844921389 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitch.com/TrueInstall.exe (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop BackupWallPaper: D:\PICTURES\GOD Paints\Burtchart Gardens.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/14 21:30:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/28 13:05:32 | 000,000,000 | ---D | M] - D:\Auto RV Truck -- [ NTFS ]
O33 - MountPoints2\{83fdb14d-ec31-11de-bbd3-0019dbcf6414}\Shell\AutoRun\command - "" = K:\autorun.exe -- File not found
O33 - MountPoints2\{ccb4f8aa-ebf2-11de-bbd2-0019dbcf6414}\Shell - "" = AutoRun
O33 - MountPoints2\{ccb4f8aa-ebf2-11de-bbd2-0019dbcf6414}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ccb4f8aa-ebf2-11de-bbd2-0019dbcf6414}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/12/14 15:09:27 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56308550258917376)
========== Files/Folders - Created Within 30 Days ==========
[2010/05/23 13:05:20 | 000,061,440 | ---- | C] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2010/05/23 13:05:20 | 000,057,248 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/05/23 13:05:20 | 000,030,320 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/05/23 13:05:19 | 000,024,400 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/05/23 13:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2010/05/23 13:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/05/22 20:15:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jim nall\Recent
[2010/05/20 17:07:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/20 17:07:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/20 17:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/03 22:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/05/03 22:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/05/03 22:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/05/03 22:29:06 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/28 15:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim nall\Local Settings\Application Data\Yahoo!
[2010/04/26 16:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim nall\My Documents\Ipswitch WS_FTP 12
[2010/04/26 16:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim nall\My Documents\OpenOffice.org 3.2 (en-US) Installation Files
[2010/04/26 12:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/04/26 12:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\W3i
[2010/04/26 12:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\W3i
[2010/04/26 11:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Free ISO Creator
[2010/04/24 16:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\TrueSwitch
[2010/04/24 16:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim nall\Application Data\TrueSwitch
[2010/04/24 16:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\TrueSwitchEsaya
[2010/04/24 10:01:33 | 000,000,000 | ---D | C] -- C:\backup boot ini
[2010/04/23 18:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Yahoo
[2010/04/23 18:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Winamp Toolbar
[2010/04/23 18:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/05/23 14:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/05/23 13:43:23 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\jim nall\NTUSER.DAT
[2010/05/23 13:05:20 | 000,061,440 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2010/05/23 13:05:20 | 000,057,248 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/05/23 13:05:20 | 000,030,320 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/05/23 13:05:19 | 000,024,400 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/05/23 13:05:09 | 000,000,051 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/05/23 13:00:10 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/05/23 12:58:13 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/23 12:54:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/23 12:53:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/23 12:53:53 | 000,167,952 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/05/23 00:28:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\jim nall\ntuser.ini
[2010/05/23 00:02:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/05/22 23:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/05/22 22:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/05/22 21:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/05/22 20:16:23 | 000,002,346 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\cc_20100522_201616.reg
[2010/05/22 20:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/05/22 19:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/05/22 18:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/05/22 17:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/05/22 16:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/05/22 15:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/05/22 12:16:34 | 000,001,514 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\reg052210.reg
[2010/05/21 02:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/05/21 01:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/05/20 19:46:35 | 000,642,842 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\Cat.DB
[2010/05/20 19:46:26 | 000,001,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2010/05/20 17:07:22 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/20 12:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/05/20 11:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/05/19 22:06:35 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\whois search.doc
[2010/05/19 22:06:13 | 000,017,455 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\whois search.odt
[2010/05/19 11:06:30 | 000,001,264 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr
[2010/05/19 10:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/05/18 18:30:15 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\cc_20100518_183011.reg
[2010/05/18 18:27:18 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\jim nall\Desktop\CCleaner.lnk
[2010/05/15 04:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/05/15 03:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/05/14 16:06:44 | 000,854,150 | ---- | M] () -- C:\00.bmp
[2010/05/14 01:36:08 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\isolate.ini
[2010/05/05 23:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symtdi.sys
[2010/05/05 23:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symtdiv.sys
[2010/05/05 23:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2010/05/05 23:01:43 | 000,001,473 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symnetv.inf
[2010/05/05 23:01:43 | 000,001,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symnet.inf
[2010/05/03 09:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/05/03 08:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/05/03 07:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/05/03 06:48:38 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/05/03 06:48:38 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/04/29 16:16:57 | 000,007,601 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\ironx86.sys
[2010/04/29 00:03:51 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\iron.cat
[2010/04/29 00:03:51 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\iron.inf
[2010/04/27 22:32:28 | 000,032,636 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\cc_20100427_223224.reg
[2010/04/26 11:57:33 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\jim nall\Desktop\Free ISO Creator.lnk
[2010/04/26 03:18:40 | 000,007,873 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symefa.cat
[2010/04/25 11:58:38 | 000,005,866 | --S- | M] () -- C:\Documents and Settings\jim nall\My Documents\Untitled.rcl
[2010/04/25 11:32:11 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/04/24 16:16:55 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\jim nall\Start Menu\Programs\Startup\TrueAssistant.lnk
[2010/04/24 16:16:54 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TrueSwitch Wizard.lnk
[2010/04/24 12:05:29 | 000,044,332 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\Recent History norton av 2010 4-24.2010
[2010/04/24 06:31:04 | 000,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symefa.inf
[2010/04/23 16:55:52 | 006,453,916 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\Recent History norton av 2010 4-23-10.mcf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/05/22 20:16:20 | 000,002,346 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\cc_20100522_201616.reg
[2010/05/22 12:16:34 | 000,001,514 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\reg052210.reg
[2010/05/20 17:07:22 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/19 22:06:32 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\whois search.doc
[2010/05/19 21:29:38 | 000,017,455 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\whois search.odt
[2010/05/18 18:30:14 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\cc_20100518_183011.reg
[2010/05/05 12:55:13 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\jim nall\Desktop\Volume Control.lnk
[2010/05/03 21:33:52 | 000,002,230 | ---- | C] () -- C:\Documents and Settings\jim nall\Desktop\Nero Burning ROM.lnk
[2010/04/29 16:16:57 | 000,001,264 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.usr
[2010/04/27 22:32:26 | 000,032,636 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\cc_20100427_223224.reg
[2010/04/26 16:55:34 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\jim nall\Desktop\Windows Media Player.lnk
[2010/04/26 11:57:33 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\jim nall\Desktop\Free ISO Creator.lnk
[2010/04/25 11:58:38 | 000,005,866 | --S- | C] () -- C:\Documents and Settings\jim nall\My Documents\Untitled.rcl
[2010/04/25 11:32:11 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/04/24 16:13:35 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\jim nall\Start Menu\Programs\Startup\TrueAssistant.lnk
[2010/04/24 16:13:34 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TrueSwitch Wizard.lnk
[2010/04/24 12:05:20 | 000,044,332 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\Recent History norton av 2010 4-24.2010
[2010/04/23 16:55:50 | 006,453,916 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\Recent History norton av 2010 4-23-10.mcf
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/04/23 14:37:10 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/02/27 12:14:34 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/02/17 14:35:21 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2010/02/11 18:16:45 | 000,026,491 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010/01/03 11:37:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/21 16:03:11 | 000,000,559 | ---- | C] () -- C:\WINDOWS\System32\iconcfg.ini
[2009/12/20 19:53:40 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2009/12/20 19:53:21 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/12/20 19:40:17 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/12/20 19:36:46 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2009/12/18 11:31:27 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/12/17 12:10:54 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/12/17 11:50:44 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2009/12/17 11:50:32 | 000,000,066 | ---- | C] () -- C:\WINDOWS\EPSC66PE.ini
[2009/12/17 11:44:42 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2009/12/15 10:46:31 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2009/12/14 22:05:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/08/10 18:58:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\WlanInstallDll.dll
[2005/11/30 04:49:56 | 000,161,792 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2005/04/27 13:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 13:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/09/10 17:34:26 | 000,220,160 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll
[2002/12/10 01:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[2002/12/10 01:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2002/12/10 01:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[2002/12/10 01:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2001/08/23 07:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2001/08/23 07:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2001/08/23 07:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2001/08/23 07:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2001/08/23 07:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
========== LOP Check ==========
[2010/01/24 14:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/01/19 17:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/12/18 13:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/03/23 16:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/12/18 19:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/01/19 16:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/12/25 17:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2010/05/23 13:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2009/12/20 19:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009/12/20 19:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2009/12/25 15:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TreeCardGames
[2009/12/27 10:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/04/26 12:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2010/04/02 15:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\Azureus
[2010/05/18 10:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\Canon
[2010/04/09 14:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\DAK
[2010/01/19 16:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\DriverCure
[2010/05/14 17:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\FileVOoM
[2009/12/17 11:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\Leadertech
[2009/12/19 16:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\OpenOffice.org
[2009/12/20 19:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\ScanSoft
[2009/12/27 23:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\SolSuite
[2010/01/08 11:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\Tific
[2010/04/24 16:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\TrueSwitch
[2009/12/27 10:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\Ulead Systems
[2010/05/23 00:02:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/05/03 09:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/05/19 10:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/05/20 11:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/05/20 12:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/05/23 13:00:10 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/05/23 14:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/05/22 15:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/05/22 16:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/05/22 17:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/05/22 18:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/05/21 01:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/05/22 19:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/05/22 20:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/05/22 21:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/05/22 22:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/05/22 23:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/05/21 02:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/05/15 03:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/05/15 04:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/05/03 06:48:38 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/05/03 06:48:38 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/05/03 07:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/05/03 08:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2009/12/14 22:27:08 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/12/14 22:27:08 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS >
[2009/12/14 22:27:08 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/12/14 22:27:08 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2001/08/23 07:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\ATAPI.SYS
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\NETLOGON.DLL
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: NVATA.SYS >
[2006/08/21 05:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\WINDOWS\system32\drivers\nvata.sys
< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\SCECLI.DLL
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< End of report >
Extras.txt
OTL Extras logfile created on: 5/23/2010 2:22:39 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = D:\COMPUTER\Anti-Virus antiSpyantiSpam\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 45.49 Gb Free Space | 61.04% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 67.80 Gb Free Space | 22.74% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MSI-6400
Current User Name: jim nall
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe" = C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe:*:Enabled:Symantec Service Framework -- File not found
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\yahoomessenger .exe" = C:\Program Files\Yahoo!\Messenger\yahoomessenger .exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C95D52-2172-B580-CDD3-695DDAA193BC}" = CCC Help English
"{02B232C3-46A6-03C0-EEB6-2F518E329457}" = Catalyst Control Center HydraVision Full
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{088A077A-8028-408C-AE7B-4512AE2A65A0}" = Canon CanoScan Toolbox 4.6
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0EC8FEB1-5F6C-C110-26E3-98688B131C7B}" = Catalyst Control Center Core Implementation
"{10f7091e-f017-4f66-94bc-88efd353ca60}" = Nero 9
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1C4B921A-724F-742D-A848-87BA42680DCA}" = CCC Help Korean
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{21AA8C0C-0700-0434-A439-95A735A805D0}" = CCC Help Italian
"{234305B0-B206-26E0-263D-D62F89E58493}" = CCC Help Spanish
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java 6 Update 20
"{2AEB1EAF-9E1C-4361-8562-5AC7AE6AC177}" = ATI AVIVO Codecs
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{318089B6-063F-5F09-F84E-742AAA512F3B}" = CCC Help Thai
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3794889D-F4E3-C5CD-D3B0-B605D137BD9E}" = CCC Help Polish
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{395A57A6-E0E1-C599-3A28-19A96682B4C6}" = Adobe Photoshop.com Inspiration Browser
"{3C105379-729D-992E-AFF1-3AD9D9CD5847}" = ccc-utility
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F7022C8-0E0B-DD89-0424-4DDBBEAE9662}" = Catalyst Control Center Graphics Full Existing
"{3F80E737-C04B-742F-39CF-16D472780D2F}" = CCC Help Greek
"{4003780A-8579-4701-B397-C76725BB44B1}" = CCC Help Japanese
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{47B02FDB-17F9-A8BE-23C9-B080313DA1BD}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5192AB64-1154-5D5B-9292-E9DF51AE4759}" = Catalyst Control Center Localization All
"{533EA890-F246-66D0-DBD2-C87078C5991B}" = CCC Help Chinese Standard
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{54C1F42B-0BA1-7CB2-F175-C2B69D7FF74E}" = ccc-core-preinstall
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6D2C2571-E4F0-41C6-9B01-95629C06C738}" = LS_HSI
"{6E535222-B704-F8CB-C235-70CB58C362D9}" = CCC Help Swedish
"{70B59829-7C8F-C378-B9F0-78E5C9879224}" = CCC Help Russian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77251F6F-90CB-C80D-D709-701517C6FF36}" = ccc-core-static
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{79A3E128-DE54-2E2A-99F8-37F7872A26FD}" = CCC Help Norwegian
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7AC64083-A73C-FA07-7BE9-BEFDBDCA393F}" = CCC Help Dutch
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{80D12CA0-52A2-4E50-9379-3B101D53B8BA}" = CCC Help French
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8D05DE05-5FC1-6C0C-8DA1-807BE4EE72BB}" = CCC Help Finnish
"{96F56519-91DF-4D42-A36D-3D4BCA0B8329}" = DAK Wave MP3 Editor PRO v6.1b
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A083E0DD-212F-F991-EC8D-673DDD3BD9F5}" = Catalyst Control Center Graphics Light
"{A1AEDF29-CC4F-CB06-227C-ACE1C3F92A8E}" = CCC Help Hungarian
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A409609F-E81D-B613-B7AE-89D28DAAFD26}" = CCC Help Danish
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP 12
"{ADF62610-0391-4ABA-E67C-8DF8F51F897E}" = CCC Help German
"{B15F6758-D185-4377-9F3A-7B30B03E9A97}" = MSI DigiCell
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAD68DAA-DA40-3681-996C-7B91959EC9CA}" = Catalyst Control Center Graphics Full New
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CB543BA1-82D4-4B45-96BF-30D0E5ED220A}" = InstallIQ Updater
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF7D89CA-6AB3-FD7E-903B-1821EE6453B5}" = CCC Help Chinese Traditional
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D8A6B20B-C028-9C52-41BF-CA706A666B45}" = CCC Help Czech
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E13FD48B-341E-0A3F-5306-C407E60AB28F}" = CCC Help Turkish
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EF714D4E-B503-D848-73DD-2FE18ECA7BFB}" = Catalyst Control Center Graphics Previews Common
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4862B43-A087-4826-8C50-D41646EC7728}" = Roxio Easy Media Creator 7 Basic Edition
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{F8EFF5E4-9B76-417B-A0BC-325659CFDA82}" = ImageMate 8 in 1 Read/Writer (SDDR-88)
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BurnInTest_is1" = BurnInTest v6.0 Pro
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAKDePopper3" = DAK DePopper 3.x
"Dell_HostCD" = Dell Printer Software Uninstall
"DualCoreCenter_is1" = DualCoreCenter
"EPSON Printer and Utilities" = EPSON Printer Software
"FixUstor" = Generic USB Mass Storage Patch Driver
"Free ISO Creator (by minidvdsoft)_is1" = Free ISO Creator version 2.8
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Liveupdate4_is1" = Liveupdate4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.2
"NAV" = Norton AntiVirus
"NVIDIA Drivers" = NVIDIA Drivers
"PCSI" = Prevx
"PE Builder_is1" = PE Builder 3.1.10a
"PerformanceTest 7_is1" = PerformanceTest v7.0
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.
1" = Adobe Photoshop.com Inspiration Browser
"PPTView97" = Microsoft PowerPoint Viewer 97
"RealVNC_is1" = VNC Free Edition 4.1.3
"SolSuite" = SolSuite
"Trailer Life Directory Campground Navigator 2008_is1" = Trailer Life Directory Campground Navigator 2008
"TrueSwitch Wizard" = TrueSwitch Wizard
"Vuze" = Vuze
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/26/2010 6:36:39 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/26/2010 6:36:43 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.
Error - 4/27/2010 11:42:06 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/27/2010 11:42:10 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.
Error - 4/27/2010 11:42:15 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/27/2010 11:42:18 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.
Error - 4/29/2010 5:19:31 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/29/2010 5:19:35 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.
Error - 4/29/2010 5:26:20 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/29/2010 5:26:22 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.
[ System Events ]
Error - 5/20/2010 8:45:41 PM | Computer Name = MSI-6400 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
Error - 5/20/2010 8:46:29 PM | Computer Name = MSI-6400 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdr4_xp
Error - 5/20/2010 9:00:00 PM | Computer Name = MSI-6400 | Source = Schedule | ID = 7901
Description = The At21.job command failed to start due to the following error: %%2147942402
Error - 5/20/2010 10:00:00 PM | Computer Name = MSI-6400 | Source = Schedule | ID = 7901
Description = The At22.job command failed to start due to the following error: %%2147942402
Error - 5/21/2010 9:54:03 PM | Computer Name = MSI-6400 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdr4_xp
Error - 5/22/2010 12:30:20 PM | Computer Name = MSI-6400 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdr4_xp
Error - 5/22/2010 1:12:27 PM | Computer Name = MSI-6400 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdr4_xp
Error - 5/23/2010 | Computer Name = MSI-6400 | Source = Schedule | ID = 7901
Description = The At24.job command failed to start due to the following error: %%2147942402
Error - 5/23/2010 1:02:00 AM | Computer Name = MSI-6400 | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402
Error - 5/23/2010 1:55:08 PM | Computer Name = MSI-6400 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdr4_xp
< End of report >
-
I'm running the latest (1.46) version of Malwarebytes.
I'm also running Norton AV 2010 (latest version).
Norton ignores wmpscfgs.exe but MBAM keeps asking if I want to quarantine wmpscfgs.exe. I tell it yes. The next time I reboot the virus is detected again by MBAM.
A description in PREVx seems to say that this virus creates many files/copies of itself under different names so removing it may be a problem.
I've read the previous post by Kahdah and am following it.
I'll post the results to this post in case I need to ask more questions.
Thanks in advance for your help.
-
Hello Jimnall,
Do you still need help? or have you resolved all issues?
Maurice....sorry if i'm using this post incorrectly, but yes I do need help.
The computers involved have been infected with the fuefue.exe malware. Windows explorer can't see the fuefue files but under some circumstances the Nero CD/DVD burn program can see them.
What is the best way to remove fuefue?
-
******************************************************12/03/09****************************
I downloaded and ran combofix.exe as instructed. Below is the result. MBAM did not detect the infections. FYI
ComboFix 09-12-03.02 - RevLynn 12/03/2009 16:45.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.134 [GMT -6:00]
Running from: c:\documents and settings\RevLynn\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\RevLynn\My Documents\reg-afterRebuild-12-03-09.reg
c:\recycler\S-1-5-21-1449584909-2326681697-841056466-500
c:\windows\system32\drivers\fad.sys
c:\windows\system32\msssc.dll
Infected copy of c:\windows\system32\hid.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\hid.dll
Infected copy of c:\windows\system32\midimap.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\midimap.dll
.
((((((((((((((((((((((((( Files Created from 2009-11-03 to 2009-12-03 )))))))))))))))))))))))))))))))
.
2009-12-03 23:14 . 2009-12-03 23:14 67424 ----a-w- c:\documents and settings\RevLynn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-03 22:25 . 2009-12-03 22:25 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 19:41 . 2009-12-03 19:41 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-03 19:41 . 2009-12-03 19:41 -------- d-----w- c:\program files\MSBuild
2009-12-03 19:40 . 2009-12-03 19:40 -------- d-----w- c:\program files\Reference Assemblies
2009-12-03 19:40 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-03 19:40 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-03 19:40 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-03 19:40 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-03 19:40 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-03 19:40 . 2009-12-03 19:40 -------- d-----w- C:\99e319f18eb581b5a7d3
2009-12-03 19:40 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-03 19:40 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-03 19:40 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-03 19:40 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-03 19:40 . 2009-12-03 20:06 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-03 18:40 . 2009-12-03 18:40 -------- d-----w- c:\documents and settings\RevLynn\Local Settings\Application Data\Identities
2009-12-03 18:24 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-03 03:38 . 2009-12-03 03:38 -------- d-----w- c:\documents and settings\Webmaster\Local Settings\Application Data\Ahead
2009-12-03 03:38 . 2009-12-03 03:38 -------- d-----w- c:\documents and settings\Webmaster\Application Data\Nero
2009-12-03 03:06 . 2009-12-03 03:06 -------- d-----w- c:\documents and settings\RevLynn\Local Settings\Application Data\Ahead
2009-12-03 02:30 . 2009-12-03 02:30 -------- d-----w- c:\documents and settings\RevLynn\Application Data\Nero
2009-12-03 02:26 . 2009-12-03 02:29 -------- d-----w- c:\program files\Common Files\Nero
2009-12-03 02:26 . 2009-12-03 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-12-03 02:26 . 2009-12-03 02:26 -------- d-----w- c:\program files\Nero
2009-12-03 02:17 . 2009-12-03 02:17 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-03 02:16 . 2009-12-03 22:02 -------- d-----w- c:\windows\ShellNew
2009-12-03 02:16 . 2009-12-03 02:16 -------- d-----w- c:\program files\Common Files\L&H
2009-12-03 02:12 . 2009-12-03 02:13 -------- d-----w- c:\program files\Common Files\Computer Helper
2009-12-03 02:11 . 2009-12-03 02:11 -------- d-----w- c:\documents and settings\RevLynn\Local Settings\Application Data\Downloaded Installations
2009-12-03 02:06 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-12-03 01:56 . 2009-12-03 01:57 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-03 01:54 . 2009-12-03 01:55 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-12-03 01:54 . 2009-12-03 01:54 -------- d-----w- c:\windows\system32\LogFiles
2009-12-03 01:40 . 2009-12-03 01:52 -------- d-----w- c:\program files\PhoneTreeMVPu
2009-12-03 01:36 . 2009-12-03 01:36 -------- d-----w- c:\windows\Downloaded Installations
2009-12-03 01:33 . 2009-12-03 01:33 -------- d-----w- c:\documents and settings\RevLynn\Application Data\Malwarebytes
2009-12-03 01:22 . 2009-12-03 01:22 -------- d-sh--w- c:\documents and settings\RevLynn\IECompatCache
2009-12-03 01:21 . 2009-12-03 01:21 -------- d-sh--w- c:\documents and settings\RevLynn\PrivacIE
2009-12-03 01:20 . 2009-12-03 01:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-03 01:19 . 2009-12-03 01:19 152576 ----a-w- c:\documents and settings\RevLynn\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-03 01:18 . 2009-12-03 01:18 79488 ----a-w- c:\documents and settings\RevLynn\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-03 01:14 . 2009-12-03 01:14 65536 ----a-r- c:\documents and settings\RevLynn\Application Data\Microsoft\Installer\{4D8314D2-11FE-4397-A7CC-7015CFF50BCE}\PalmDesktopShortcut.exe
2009-12-03 01:14 . 2009-12-03 01:14 65536 ----a-r- c:\documents and settings\RevLynn\Application Data\Microsoft\Installer\{4D8314D2-11FE-4397-A7CC-7015CFF50BCE}\ARPPRODUCTICON.exe
2009-12-03 01:14 . 2009-12-03 01:34 -------- d-----w- c:\program files\Palm
2009-12-03 00:04 . 2009-12-03 00:06 -------- d-----w- c:\documents and settings\LYNN Saved
2009-12-03 00:04 . 2009-12-03 00:04 -------- d-----w- c:\documents and settings\LYNN Saved\Microsoft OE
2009-12-03 00:00 . 2009-12-03 00:00 -------- d-sh--w- c:\documents and settings\Webmaster\IETldCache
2009-12-02 23:56 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-12-02 23:56 . 2009-12-02 23:56 -------- d-----w- c:\windows\ie8updates
2009-12-02 23:55 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-12-02 23:55 . 2009-08-29 08:08 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-02 23:55 . 2009-08-29 08:08 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-02 23:55 . 2009-08-29 08:08 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-12-02 23:55 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-02 23:55 . 2009-08-29 08:08 11069440 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-12-02 23:54 . 2009-12-02 23:55 -------- dc-h--w- c:\windows\ie8
2009-12-02 21:24 . 2009-12-02 21:24 13104 ----a-w- c:\documents and settings\Webmaster\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-02 21:17 . 2009-12-02 21:17 -------- d-----w- c:\windows\system32\scripting
2009-12-02 21:17 . 2009-12-02 21:17 -------- d-----w- c:\windows\l2schemas
2009-12-02 21:17 . 2009-12-02 21:17 -------- d-----w- c:\windows\system32\en
2009-12-02 21:17 . 2009-12-02 21:17 -------- d-----w- c:\windows\system32\bits
2009-12-02 21:16 . 2009-12-02 21:16 -------- d-----w- c:\windows\ServicePackFiles
2009-12-02 21:08 . 2004-08-04 05:08 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2009-12-02 21:07 . 2009-12-02 21:07 -------- d-----w- c:\documents and settings\Webmaster\Application Data\Malwarebytes
2009-12-02 21:06 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-02 21:06 . 2009-12-03 22:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-02 21:06 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 21:06 . 2009-12-02 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-02 17:04 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-12-02 16:58 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-12-02 16:58 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-02 16:58 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-02 16:58 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-12-02 16:58 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-12-02 16:58 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-02 16:55 . 2004-08-04 04:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2009-12-02 16:55 . 2004-08-04 04:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2009-12-02 16:55 . 2004-08-04 04:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2009-12-02 16:55 . 2004-08-04 04:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2009-12-02 16:45 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-12-02 16:45 . 2009-07-31 04:35 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-12-02 16:45 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-12-02 16:45 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-12-02 16:44 . 2009-12-02 16:44 -------- d-s---w- c:\documents and settings\Webmaster\UserData
2009-12-02 16:42 . 2009-01-08 00:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-12-02 16:42 . 2009-12-02 23:59 -------- d--h--w- c:\windows\$hf_mig$
2009-12-02 16:34 . 2003-03-11 11:09 155648 ----a-w- c:\windows\system32\igfxres.dll
2009-12-02 16:32 . 2009-12-02 16:32 -------- d-----w- c:\program files\Program Shortcuts
2009-12-02 16:18 . 2004-05-25 11:04 192 ----a-w- c:\windows\logoffper2.reg
2009-12-02 16:18 . 2004-05-25 11:04 278 ----a-w- c:\windows\logonper2.reg
2009-12-02 16:17 . 1998-10-30 00:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-12-02 16:16 . 2002-05-28 20:11 4605 ----a-w- c:\windows\system32\dllcache\oembios.dat
2009-12-02 16:16 . 2002-05-28 20:11 13107200 ----a-w- c:\windows\system32\dllcache\oembios.bin
2009-12-02 16:16 . 2009-12-02 16:17 -------- d-----w- c:\program files\Compaq
2009-12-02 16:16 . 2009-12-02 16:16 -------- d-----w- c:\program files\PDF Complete
2009-12-02 16:16 . 2003-05-16 13:49 20569 ----a-w- c:\windows\system32\pxc25pm.dll
2009-12-02 16:14 . 2009-12-02 16:14 -------- d-----w- C:\cpqs
2009-12-02 16:14 . 2002-11-21 18:57 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2009-12-02 16:14 . 2002-11-21 18:57 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2009-12-02 16:14 . 2002-11-21 18:57 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2009-12-02 16:14 . 2002-11-21 18:57 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2009-12-02 16:14 . 2002-11-21 18:57 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2009-12-02 16:14 . 2002-11-21 18:57 20480 ----a-w- c:\windows\system32\IVIresize.dll
2009-12-02 16:14 . 2009-12-02 16:14 -------- d-----w- c:\program files\InterVideo
2009-12-02 16:14 . 2009-12-02 16:14 -------- d-----w- c:\program files\Altiris
2009-12-02 16:12 . 2009-12-03 01:19 -------- d-----w- c:\program files\Java
2009-12-02 16:12 . 2009-12-02 16:12 -------- d-----w- c:\program files\Common Files\Java
2009-12-02 16:11 . 2009-12-02 16:11 -------- d-----w- c:\windows\system32\URTTemp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-03 01:14 . 2009-12-02 16:13 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-02 21:19 . 2004-08-09 20:32 86843 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-02 16:17 . 2009-12-02 16:17 1588 --sha-r- c:\windows\system32\drivers\103C_HP_BPC_HP dc5000 uT(DZ216AV)_YB_0CBD_Q2UA547_EU_46_I090Ch_SHP_V_B786B0 v1.00_T040212_WXP2_L409_M504_J80_7Intel_8Pentium 4_92.99_#091202_N14E41696_(DZ216AV)_X_CD7_Z_2_G80862572_OHL-DT-ST RW DVD GCC-4482B.MRK
2009-12-02 16:14 . 2009-12-02 16:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-02 16:13 . 2009-12-02 16:13 -------- d-----w- c:\program files\Analog Devices
2009-12-02 15:05 . 2009-12-02 15:05 -------- d-----w- c:\program files\microsoft frontpage
2009-09-25 05:37 . 2009-09-25 05:37 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2004-08-04 07:56 136192 ----a-w- c:\windows\system32\msv1_0.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-07-10 14:23 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" [X]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-03-11 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-03-11 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-03 149280]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2003-06-06 167936]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-07-10 2049320]
"InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-07-10 1083176]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392]
c:\documents and settings\RevLynn\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-9-25 299008]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-12-2 106560]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/2/2009 3:06 PM 276816]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [7/10/2008 8:23 AM 53032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/2/2009 3:06 PM 19160]
.
Contents of the 'Scheduled Tasks' folder
2009-12-02 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Webmaster.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-02 22:14]
2009-12-02 c:\windows\Tasks\Malwarebytes' Scheduled Update for Webmaster.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-02 22:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.umckc.org/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\program files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe REMOVEALL
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-03 17:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3548)
c:\windows\system32\WININET.dll
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Nero\Nero8\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\PDF Complete\pdfsaver.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2009-12-03 17:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-03 23:19
Pre-Run: 57,366,712,320 bytes free
Post-Run: 57,360,220,160 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - E28AD910FA038D0EE7E4E4A4DA926478
-
Many users have asked us about an automatic switch that they can pass to Malwarebytes' Anti-Malware and it will scan, quarantine, and remove threats all without any feedback from their users. We have now implemented this command line parameter.
1. The product will scan for threats on the entire computer.
2. The product will quarantine the threats.
3. The product will then create a log file and place it in the Logs folder.
If you are interested in such a feature, we urge you to visit the corporate licensing page of our website.
I'll contact the corporate site but given comments below I'm not hopefull for a quick solutions.
I represent a church with about 10 desktops and peer to peer network. We also use wireless password protected.
I've recently had a problem with a church member bringing an infected USB flash drive and plugging it into their desktop. The USB flash drive was not automatically checked and the malware proliferated quickly thru the network.
How can I configure MBAM to automatically scan all USB devices when they are connected rather than at a certain time of day?
Jim Nall for Rev. Lynn Dyke at Kimberling City UMC
-
So are you saying use WeatherBug Live if weatherbug is reported as MBAM as a malicious site (66.235.126.71)???
-
(JimNALL) So are you saying use WeatherBug Live if MBAM reports weatherbug site (66.235.126.71) as malicious and blicks it?DaChew - you might look at using Weather Watcher as a replacement app for a desktop weather app - great features, actively developed, and it uses data from TWC.If you still prefer data from WeatherBug, which Mike, the developer of WW, has realized is much more willing to listen to him for enhancements and optimization, check out the new (still in Beta) Weather Watcher Live - some of the features available in WW are not yet finalized in WWL, but overall is a great app.
Also, be aware that SiteAdvisor has marked the site as malicious, but it is not in fact malicious at all - but don't get me started ranting on the idiocy of the SiteAdvisor ratings system....
-
I have reviewed the page with proposed fixes and not found them applicable to my situation. My Error Code is 2 ...not shown in fixes.
I am not running any other anti-virus software. MBAM is my only Anti-virus/malware software.
I am running XP SP3 and IE8 SP1.
Can you provide any other help?
http://www.malwarebytes.org/forums/index.php?showtopic=10138
-
I consistently receive this XP error [Open Event] Failed to perform desired action Error code: 2 when I first boot up XP.
I'm running XP Pro SP3, IE8, etc....try to be current on all Microsoft.
Can you help me debug this?
-
Google CCleaner , it is the only free reg cleaner that I have never seen destroy a system .
IMO registry cleaners are a very bad idea unless you are 100% capable of performing the task yourself .
Thanks for the help. MBAM is a VERY good service.
-
The program generates alot of false positives as a goad to purchase a license to "fix" the problems it has found. The website makes several false and/or misleading statements concerning the program and what others in the security industry say regarding it.
The affiliate program isn't much better. They allow trojan.downloaders to install the package as well.
OK....Letting any trojan install is bad, and I assume you mean you've seen this happen.....i'll stop using it. what do you recommend as a registry cleaner?
-
Please visit this link for more information. This is not a false positive.
I checked the link and scanned down to the last entry. That entry talks about consumers-reports.net as a scam web site. It says that Netcom3 is linked to the consumers-reports which is usually the case if you offer to sell Netcom3 thru your own web site. My own web site, www.yourpcathome.com has a similar linkage.
What's confusing me is that everyone seems to point elsewhere to prove that Netcom3 is a scam organization. I don't see anywhere that a specific corruption of windows, or personal info being sent somewhere, etc. is documented. Can you please help me sort this out.
I'm in the process of checking with BBB and others in california to see if they have any info and will let you know.
-
Here's what the last quoted site says...
Online affiliations for consumers-reviews.net:
Linked to red site
When we tested this site we found links to netcom3.com, which we found to be a distributor of downloads some people consider adware, spyware or other potentially unwanted programs.
Malwarebytes also offers a 'commission' if you are an affiliate to people who purchase at your direction. Netcom3 does the same thing using a different payment mechanism. This would explain why Netcom3 was 'linked to a red site'. The red site is the problem not the Netcom3 linked to site.
I'm not sure what 'mung' ing means, but YES I do get a commission if people buy Netcom3 thru my web site, www.yourpcathome.com. I am in business to remove virus/malware/spyware. I got started with Malwarebytes when I began encountering AV2008 and later AV2009.
It may be just my ignorance or misunderstanding of the posts here, but what is the specific problem that you attribute to Netcom3? I've seen many instances where one AV program detects another as spyware/adware etc. Just running the program isn't enough of an indication that another program has taken malevolent action. What is it that you see Netcom3 doing? corrupting registry? adding spurious registry entries? feeding personal info back to some site for sale?
Please let me know.
-
I purchased Netcom3 www.netcom3.com as a means to clean up my registry and also to detect spyware/adware.
Malwarebytes 1.33 is reporting it as malware. I do not believe it should be doing so.
Does anyone have any experience with Netcom3?
To Malwarebytes tech support.... would you please investigate. The latest log is below.
Malwarebytes' Anti-Malware 1.33
Database version: 1713
Windows 5.1.2600 Service Pack 3
02/01/2009 2:03:49 PM
mbam-log-2009-02-01 (14-03-49).txt
Scan type: Full Scan (C:\|F:\|)
Objects scanned: 257949
Time elapsed: 1 hour(s), 9 minute(s), 25 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 19
Memory Processes Infected:
C:\Program Files\Netcom3 Cleaner\Netcom3D.exe (Rogue.Netcom3) -> Not selected for removal.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netcom3 (Rogue.Netcom3) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\netcom3 (Rogue.Netcom3) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netcom3 (Rogue.Netcom3) -> Not selected for removal.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spyclean (Rogue.Netcom3) -> Not selected for removal.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Netcom3 Cleaner\Netcom3D.exe (Rogue.Netcom3) -> Not selected for removal.
C:\Program Files\Netcom3 Cleaner\netcom3.exe (Rogue.Netcom3) -> Not selected for removal.
C:\Program Files\Netcom3 Cleaner\BackupManager.dll (Rogue.Netcom3) -> Not selected for removal.
C:\Program Files\Netcom3 Cleaner\Logger.dll (Rogue.Netcom3) -> Not selected for removal.
C:\Program Files\Netcom3 Cleaner\PscMonitor.dll (Rogue.NetCom3) -> Not selected for removal.
C:\Program Files\Netcom3 Cleaner\RegistryChecker.dll (Rogue.NetCom3) -> Not selected for removal.
C:\Program Files\Netcom3 Cleaner\RegManagers.dll (Rogue.NetCom3) -> Not selected for removal.
C:\Program Files\Netcom3 Cleaner\SpyGuard.dll (Rogue.Netcom3) -> Not selected for removal.
C:\Program Files\Netcom3 Cleaner\SpywareRemover.dll (Rogue.Netcom3) -> Not selected for removal.
C:\System Volume Information\_restore{6505B2CE-D6E4-4080-96A8-13D12CCF4732}\RP423\A0047554.dll (Rogue.NetCom3) -> Not selected for removal.
C:\System Volume Information\_restore{6505B2CE-D6E4-4080-96A8-13D12CCF4732}\RP423\A0047546.exe (Rogue.Netcom3) -> Not selected for removal.
C:\System Volume Information\_restore{6505B2CE-D6E4-4080-96A8-13D12CCF4732}\RP423\A0047547.dll (Rogue.NetCom3) -> Not selected for removal.
C:\System Volume Information\_restore{6505B2CE-D6E4-4080-96A8-13D12CCF4732}\RP423\A0047548.dll (Rogue.NetCom3) -> Not selected for removal.
C:\System Volume Information\_restore{6505B2CE-D6E4-4080-96A8-13D12CCF4732}\RP423\A0047549.dll (Rogue.Netcom3) -> Not selected for removal.
C:\System Volume Information\_restore{6505B2CE-D6E4-4080-96A8-13D12CCF4732}\RP423\A0047550.dll (Rogue.Netcom3) -> Not selected for removal.
C:\System Volume Information\_restore{6505B2CE-D6E4-4080-96A8-13D12CCF4732}\RP423\A0047551.dll (Rogue.Netcom3) -> Not selected for removal.
C:\System Volume Information\_restore{6505B2CE-D6E4-4080-96A8-13D12CCF4732}\RP423\A0047552.dll (Rogue.Netcom3) -> Not selected for removal.
C:\System Volume Information\_restore{6505B2CE-D6E4-4080-96A8-13D12CCF4732}\RP423\A0047553.exe (Rogue.Netcom3) -> Not selected for removal.
F:\System Volume Information\_restore{6505B2CE-D6E4-4080-96A8-13D12CCF4732}\RP440\A0048597.exe (Rogue.Installer) -> Quarantined and deleted successfully.
-
I'm running XP SP3 as well. I'm running MBAM 1.31. I tend to get this error when my download/upload (DSL 1.5Mb) is busy with another task. Trying again later usually works. HOWEVER, this error message at least is incorrect. I always have a valid internet connection for the update. At minimum the message should be changed to say "internet busy, try again later" or something similar.
-
If you have access to a work computer or a friends computer where you can burn a disk please follow these instructions.
Once the PC is up and running well enough then post a new post as shown below.
Requires access to a working computer with a CD/DVD burner to create a bootable CD.
- Avira AntiVir Rescue System
Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to:
repair a damaged system,rescue data,scan the system for virus infections.Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer.
The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available.
Then hopefully your system will be cleaned enough to get back into it and install / run MBAM. If so please follow these instructions.
Please read and follow the instructions provided here: Pre- HJT Post Instructions
When ready please post your logs here: Malware Removal - HijackThis Logs
Someone will be happy to assist you further with cleaning your system.
During this scan and cleanup process you should not install any other software unless requested to do so.
I've also had luck with BART PE bootable version of windows to allow running MBAM
- Avira AntiVir Rescue System
-
Hello Jim,
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.
In a new reply, place all 4 of your reports from above "in-line" of the reply !!
Next, Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from here:
http://cid-6aaab341ce47c5c2.skydrive.live....FixPolicies.exe
- Double-click FixPolicies.exe.
- Click the "Install" button on the bottom toolbar of the box that will open.
- The program will create a new Folder called FixPolicies.
- Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
- A black box will briefly appear and then close.
- This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.
1. Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.
"CHECK" (turn on) Display the contents of system folders.
Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.
Do not go back to review these settings as the malware may reset it. Just keep moving forward with these steps.
2. Take out the trash (temporary files & temporary internet files)
Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.
Start ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser, do this also:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
ATF-Cleaner should be run per the above in every user-login account {User Profile}
=
3. Important! => Open Notepad > Click on Format > Uncheck Word wrap, if checked. Exit Notepad.
Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
- Double click on RSIT.exe to run RSIT.
- Click Continue at the disclaimer screen.
- Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
I've followed the instructions on one of my computers. I have others to check which I'll post later.
info.txt logfile of random's system information tool 1.04 2008-12-16 10:16:23
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1&1 EasyLogin-->C:\Program Files\1&1\1&1 EasyLogin\Uninstall.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 5.5-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 5.5\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 5.5\Uninst.dll"
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AzureBay Screen Saver 3.5-->MsiExec.exe /X{958A793F-F1D2-4A90-B6A5-C52E2D74E8FE}
AzureBay Screen Saver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\AzureBay\AzureBay Screen Saver\Uninst.isu"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon CanoScan Toolbox 4.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{088A077A-8028-408C-AE7B-4512AE2A65A0}\setup.exe" -l0x9 anything
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Church Windows (F:\CW\)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78D1001C-1EA9-4592-90F5-3507BC2EFBE0}\setup.exe" -l0x9 -removeonly
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Core Center-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Core Center\Uninst.isu"
Debugging Tools for Windows (x86)-->MsiExec.exe /I{1CD0C3C5-809D-4CFC-904A-1B67C6243637}
Dell Printer Software Uninstall-->C:\Program Files\Dell_HostCD\Install\Uninstall.exe
Dolet Light for Finale 2004-->MsiExec.exe /X{512D0FB7-4104-46BA-BE72-3A1633E7946C}
DualCoreCenter-->"C:\Program Files\MSI\DualCoreCenter\unins000.exe"
DumbiTV 5.0.0-->f:\DumbiTV\unins000.exe
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
File Waster-->C:\WINDOWS\File Waster Uninstaller.exe
Finale 2004-->C:\WINDOWS\unvise32.exe f:\Finale 2004\uninstal.log
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\WINDOWS\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
GetDataBack for NTFS-->"C:\Program Files\Runtime Software\GetDataBack for NTFS\Uninstall.exe" "C:\Program Files\Runtime Software\GetDataBack for NTFS\install.log" -u
GNU Privacy Guard-->"f:\GnuPG\uninst-gnupg.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GPGee 1.4.0-BETA1-->F:\GnuPG\GPGee\uninst.exe
Greetings Workshop-->C:\Program Files\Greetings Workshop\SETUP\setup.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet 3900 series-->C:\Program Files\HP\Digital Imaging\{3819891A-030B-4a4e-98ED-B28A649E48AB}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
Indeo
-
That was the error between 2AM and 9AM today , when was the last time you tried ? All of the ones I have worked with directly are no longer experiencing any problems .
I've experienced this problem today updating from Securityworks after 9am. I've had to run 'update' 2 or 3 times before it finally worked. I don't get the error updating from Malwarebytes. What was the problem resolution?
-
spyscan is a component of netcom3, an anti-virus/spam/spyware and registry cleaner product.
it is not a virus, etc. see www.netcom3.com for details.
why is MB 1.31 showing it as a virus? can you fix?
-
I successfully went thru the cleanup and repair (VS) instructions in the topic "Install Problems".
BUT, XP is still not as it should be in 2 respects:
1. Display - right click on the desktop and select properties brings up a familiar screen...BUT without the 'desktop' tab which controls the background picture for the desktop...
2. All system drives are now visible, C D E etc., but the C: drive has a red X to the left of it rather than the disk drive symbol.
How can I repair the above? Even if not malware caused i'd like to 'get back to normal' for XP.
1 Hijack and 3 MBAM logs are attached.
mbam_log_2008_12_06__17_18_24_.txt
mbam_log_2008_12_05__13_11_26_.txt
mbam_log_2008_12_05__09_29_22_.txt
mbam_log_2008_12_06__17_18_24_.txt
(JimNALL) So are you saying use WeatherBug Live if MBAM reports weatherbug site (66.235.126.71) as malicious and blicks it?
tcpview - 'unknown'
in Resolved Malware Removal Logs
Posted
I'm following the 'im infected' procedure in the forum.
My system has been running slow but i'm also hearing a sound, probably from "C", that is an abnormal clicking.
I'm also trying to receive audio streaming from "Broadwave' unsuccessfully.
When I ran TCPVIEW I saw a procedure labelled 'unknown' which I was unable to display th properties of. After a few minutes that procedure line in TCPVIEW suddenly turned RED and disappeared.
Whan I ran GMER rootkit I got an error saying I had a malicious win32.mbroot code @ 156280323. I also have PE Builder on my system with an address of 156280345.
For all of the above reasons I'd like your assistance to determine whether I have a reason to be concerned.
I'm running Microsoft Security Essentials and MBAM only.
I didn't run the diagnostic programs in the exact order specified in the 'im infected' post. If I need to do that please let me know and i'll redo this.
The requested logs from DDS, TCPVIEW, GMER, MBAM and MSE are attached/copied.
DDS.txt
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by jim nall at 10:12:14 on 2011-08-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1029 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\NCH Swift Sound\VRS\vrs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NCH Swift Sound\VRS\vrs.exe
C:\Program Files\MSI\DigiCell\DigiCell.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\DualCoreCenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\jim nall\Desktop\c5pkrslg.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://search.myheritage.com
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [skyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [VRS] "c:\program files\nch swift sound\vrs\vrs.exe" -logon
StartupFolder: c:\docume~1\jimnal~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digicell.lnk - c:\program files\msi\digicell\DigiCell.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dualco~1.lnk - c:\program files\ati technologies\ati.ace\StartUpDualCoreCenter.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1309482421578
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F3DCFC89-8C6E-4052-9176-B7806D188FD5} - hxxp://www.mytripjournal.com/ImageUploader7.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6EC65E08-84D6-4F4C-AF1C-9EC8484B386B} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C438724-3BAD-4391-8163-FC4F0A4641DD} : DhcpNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKslf5eee746;MpKslf5eee746;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{89ffd821-30e7-40d0-b522-0301504e33f9}\MpKslf5eee746.sys [2011-8-24 28752]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-1 366640]
R2 VRSService;VRS Recording System;c:\program files\nch swift sound\vrs\vrs.exe [2011-8-22 1206276]
R3 DigiCellDriver;DigiCellDriver;c:\program files\msi\digicell\NTGLM7X.sys [2006-6-7 28672]
R3 DualCoreCenter;DualCoreCenter;c:\program files\ati technologies\ati.ace\NTGLM7X.sys [2011-6-30 28160]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-1 22712]
R3 RushTopDevice2;RushTopDevice2;c:\program files\ati technologies\ati.ace\RushTop.sys [2011-6-30 46080]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2011-8-22 49240]
S0 cerc6;cerc6; [x]
S1 MpKsl11f4823c;MpKsl11f4823c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\mpksl11f4823c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\MpKsl11f4823c.sys [?]
S1 MpKsl15de8a0c;MpKsl15de8a0c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d6c0199a-3047-4cd2-8778-fc3c58cc67ce}\mpksl15de8a0c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d6c0199a-3047-4cd2-8778-fc3c58cc67ce}\MpKsl15de8a0c.sys [?]
S1 MpKsl2abbd54e;MpKsl2abbd54e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\mpksl2abbd54e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\MpKsl2abbd54e.sys [?]
S1 MpKsl5ef8b15e;MpKsl5ef8b15e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\mpksl5ef8b15e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\MpKsl5ef8b15e.sys [?]
S1 MpKsl706531cd;MpKsl706531cd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\mpksl706531cd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\MpKsl706531cd.sys [?]
S1 MpKsl7b3f26d9;MpKsl7b3f26d9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\mpksl7b3f26d9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\MpKsl7b3f26d9.sys [?]
S1 MpKslefbd943c;MpKslefbd943c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\mpkslefbd943c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\MpKslefbd943c.sys [?]
S1 MpKslf0e7be37;MpKslf0e7be37;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d6c0199a-3047-4cd2-8778-fc3c58cc67ce}\mpkslf0e7be37.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d6c0199a-3047-4cd2-8778-fc3c58cc67ce}\MpKslf0e7be37.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-5 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-5 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
.
=============== Created Last 30 ================
.
2011-08-24 15:07:10 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{89ffd821-30e7-40d0-b522-0301504e33f9}\MpKslf5eee746.sys
2011-08-24 15:06:52 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{89ffd821-30e7-40d0-b522-0301504e33f9}\mpengine.dll
2011-08-22 20:15:48 49240 ----a-w- c:\windows\system32\drivers\stdriver32.sys
2011-08-22 20:09:51 -------- d-----w- c:\documents and settings\jim nall\local settings\application data\Nero
2011-08-22 19:02:16 0 ----a-w- c:\windows\ativpsrm.bin
2011-08-20 20:58:36 -------- d-----w- c:\program files\Rocket Division Software
2011-08-05 15:38:54 -------- d-----w- c:\windows\Logs
2011-08-05 15:27:13 -------- d-----w- c:\documents and settings\jim nall\local settings\application data\Google
2011-08-01 15:44:00 -------- d-----w- c:\program files\RealVNC
2011-07-31 21:23:58 -------- d-----w- c:\documents and settings\jim nall\application data\NCH Software
2011-07-31 21:23:29 -------- d-----w- c:\program files\NCH Swift Sound
2011-07-31 21:23:11 -------- d-----w- c:\program files\NCH Software
2011-07-31 21:12:59 -------- d-----w- c:\documents and settings\all users\application data\AVS4YOU
2011-07-31 21:12:58 -------- d-----w- c:\documents and settings\jim nall\application data\AVS4YOU
2011-07-31 21:11:25 -------- d-----w- c:\program files\common files\AVSMedia
2011-07-31 21:11:11 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-07-31 21:11:10 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-07-31 21:11:10 -------- d-----w- c:\program files\AVS4YOU
2011-07-30 19:49:41 -------- d-----w- c:\documents and settings\jim nall\local settings\application data\Identities
2011-07-30 17:07:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-07-30 17:07:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-07-30 17:07:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-07-30 17:07:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-07-30 17:07:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-07-30 17:07:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-07-30 17:07:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-07-30 17:06:34 -------- d-----w- c:\documents and settings\jim nall\local settings\application data\Apple
2011-07-30 17:05:49 -------- d-----w- c:\documents and settings\jim nall\local settings\application data\Apple Computer
2011-07-27 16:09:58 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-07-27 16:09:58 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-27 16:09:56 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-07-27 16:09:56 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
.
==================== Find3M ====================
.
2011-08-11 18:42:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ------w- c:\windows\system32\html.iec
2011-06-21 21:23:58 389136 ----a-w- c:\windows\system32\FTBSaver.scr
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-14 03:09:22 65328 ----a-w- c:\windows\apppatch\matsshim.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 10:13:02.14 ===============
ATTACH.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/30/2011 6:35:47 PM
System Uptime: 8/24/2011 9:34:00 AM (1 hours ago)
.
Motherboard: MSI | | MS-7250
Processor: AMD Athlon 64 X2 Dual Core Processor 6400+ | CPU 1 | 3200/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 55.368 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 298 GiB total, 145.749 GiB free.
G: is FIXED (NTFS) - 932 GiB total, 699.624 GiB free.
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&126B373&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&126B373&0
Service: i8042prt
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&126B373&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&126B373&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP1: 6/30/2011 6:37:51 PM - System Checkpoint
RP2: 6/30/2011 6:43:44 PM - Installed Realtek High Definition Audio Driver
RP3: 6/30/2011 6:46:44 PM - Installed Realtek High Definition Audio Driver
RP4: 6/30/2011 6:49:29 PM - Installed MSI DigiCell
RP5: 6/30/2011 7:45:45 PM - Software Distribution Service 3.0
RP6: 6/30/2011 7:48:09 PM - Software Distribution Service 3.0
RP7: 6/30/2011 8:16:13 PM - Windows Product Key Update Tool
RP8: 6/30/2011 8:20:47 PM - Software Distribution Service 3.0
RP9: 6/30/2011 8:31:52 PM - Installed Windows XP WgaNotify.
RP10: 6/30/2011 8:42:39 PM - Installed Windows Media Player 11
RP11: 6/30/2011 8:42:46 PM - Installed Windows XP Wudf01000.
RP12: 6/30/2011 8:43:24 PM - Installed Windows XP MSCompPackV1.
RP13: 6/30/2011 8:44:23 PM - Software Distribution Service 3.0
RP14: 6/30/2011 11:57:47 PM - Software Distribution Service 3.0
RP15: 7/1/2011 9:36:24 AM - Microsoft Antimalware Checkpoint
RP16: 7/1/2011 10:15:06 AM - Software Distribution Service 3.0
RP17: 7/1/2011 10:31:59 AM - Software Distribution Service 3.0
RP18: 7/1/2011 4:55:25 PM - Installed Microsoft Office Professional Edition 2003
RP19: 7/1/2011 5:12:10 PM - Software Distribution Service 3.0
RP20: 7/2/2011 10:11:22 AM - Software Distribution Service 3.0
RP21: 7/2/2011 10:21:08 AM - Software Distribution Service 3.0
RP22: 7/2/2011 10:43:56 AM - Installed Adobe Reader X (10.1.0).
RP23: 7/3/2011 3:42:15 PM - Software Distribution Service 3.0
RP24: 7/3/2011 6:04:45 PM - Software Distribution Service 3.0
RP25: 7/5/2011 11:37:33 AM - Software Distribution Service 3.0
RP26: 7/7/2011 8:35:35 AM - Software Distribution Service 3.0
RP27: 7/7/2011 9:56:45 AM - Installed %1 %2.
RP28: 7/7/2011 3:47:34 PM - Software Distribution Service 3.0
RP29: 7/7/2011 6:49:22 PM - Installed DAK Wave MP3 Editor PRO v6.1b
RP30: 7/7/2011 7:22:50 PM - Installed OmniPage SE
RP31: 7/7/2011 8:07:54 PM - Installed Manual CanoScan 4200F
RP32: 7/7/2011 9:21:46 PM - Printer Driver HP Officejet Pro 8500 A909a Series fax Installed
RP33: 7/8/2011 6:31:06 PM - Software Distribution Service 3.0
RP34: 7/8/2011 6:49:39 PM - Installed HP Product Detection.
RP35: 7/8/2011 8:19:59 PM - Software Distribution Service 3.0
RP36: 7/10/2011 9:32:15 AM - Software Distribution Service 3.0
RP37: 7/10/2011 10:15:17 AM - Software Distribution Service 3.0
RP38: 7/11/2011 11:14:13 AM - Software Distribution Service 3.0
RP39: 7/12/2011 9:17:30 AM - Removed NetAssistant
RP40: 7/12/2011 9:29:29 AM - Removed MPM
RP41: 7/12/2011 7:05:49 PM - Installed Windows XP KB932716-v2.
RP42: 7/12/2011 7:05:55 PM - Software Distribution Service 3.0
RP43: 7/13/2011 12:21:21 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP44: 7/13/2011 12:21:37 AM - Installed Java 6 Update 22
RP45: 7/13/2011 12:21:57 AM - Installed OpenOffice.org 3.3
RP46: 7/15/2011 10:00:48 AM - Software Distribution Service 3.0
RP47: 7/15/2011 12:10:33 PM - Installed DirectX
RP48: 7/15/2011 12:11:08 PM - Installed Nero 9 4.4.9.0
RP49: 7/16/2011 9:31:31 AM - Software Distribution Service 3.0
RP50: 7/16/2011 10:28:48 AM - Software Distribution Service 3.0
RP51: 7/16/2011 5:00:32 PM - Software Distribution Service 3.0
RP52: 7/18/2011 11:33:07 AM - Software Distribution Service 3.0
RP53: 7/18/2011 5:54:03 PM - Installed Adobe Photoshop Elements 8.0.
RP54: 7/20/2011 10:07:30 AM - Software Distribution Service 3.0
RP55: 7/27/2011 11:21:02 AM - Software Distribution Service 3.0
RP56: 7/27/2011 11:26:38 AM - Installed Java 6 Update 26
RP57: 7/28/2011 1:30:31 PM - Software Distribution Service 3.0
RP58: 7/30/2011 11:25:23 AM - Software Distribution Service 3.0
RP59: 7/30/2011 12:06:49 PM - Installed QuickTime
RP60: 7/31/2011 3:58:36 PM - Software Distribution Service 3.0
RP61: 8/1/2011 4:20:12 PM - System Checkpoint
RP62: 8/3/2011 9:00:46 AM - Software Distribution Service 3.0
RP63: 8/4/2011 10:08:37 AM - Software Distribution Service 3.0
RP64: 8/5/2011 10:21:01 AM - Software Distribution Service 3.0
RP65: 8/5/2011 10:59:06 AM - Installed DirectX
RP66: 8/7/2011 3:43:24 PM - Software Distribution Service 3.0
RP67: 8/9/2011 9:27:58 AM - Software Distribution Service 3.0
RP68: 8/9/2011 10:09:24 PM - Software Distribution Service 3.0
RP69: 8/10/2011 9:00:13 PM - Software Distribution Service 3.0
RP70: 8/11/2011 9:09:42 AM - Software Distribution Service 3.0
RP71: 8/12/2011 10:56:30 AM - Software Distribution Service 3.0
RP72: 8/12/2011 10:03:40 PM - Software Distribution Service 3.0
RP73: 8/14/2011 12:44:15 PM - Software Distribution Service 3.0
RP74: 8/16/2011 4:28:07 PM - Software Distribution Service 3.0
RP75: 8/17/2011 5:04:36 PM - System Checkpoint
RP76: 8/17/2011 8:15:08 PM - Software Distribution Service 3.0
RP77: 8/19/2011 11:04:31 AM - Software Distribution Service 3.0
RP78: 8/20/2011 12:18:40 PM - System Checkpoint
RP79: 8/22/2011 10:47:38 AM - Software Distribution Service 3.0
RP80: 8/23/2011 12:25:41 PM - Software Distribution Service 3.0
RP81: 8/23/2011 6:25:57 PM - Software Distribution Service 3.0
RP82: 8/24/2011 10:06:45 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 4.57
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 8.0
Adobe Photoshop.com Inspiration Browser
Adobe Reader X (10.1.0)
Advertising Center
Apple Application Support
Apple Software Update
Ask Toolbar
AVS Image Converter 2.0.2.160
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Bing Bar
Bing Bar Platform
bpd_scan
Canon CanoScan Toolbox 4.6
DAK DePopper 3.x
DAK Wave MP3 Editor PRO v6.1b
Dell Driver Download Manager
DolbyFiles
DualCoreCenter
Express Burn Disc Burning Software
Google Earth
Google Update Helper
Grab & Burn, Version 4.0.1 ( Build 2005-09-21, Win32, CSS )
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Deskjet 3900 series
HP Product Detection
HP Update
HPDeskjet3900Series
ImagXpress
Internet Explorer (Enable DEP)
Java Auto Updater
Java 6 Update 26
Malwarebytes' Anti-Malware version 1.51.1.1800
Manual CanoScan 4200F
Menu Templates - Starter Kit
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Fix it Center
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Templates - Starter Kit
MSI DigiCell
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyHeritage Family Tree Builder
Nero 9
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
NVIDIA Drivers
OmniPage SE 2.0
OpenOffice.org 3.3
PhotoPad Image Editor
PhotoStage Slideshow Producer
Pixillion Image Converter
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SoundTap Streaming Audio Recorder
SoundTrax
Switch Sound File Converter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VNC Free Edition 4.1.3
VRS Recording System
WavePad Sound Editor
WebFldrs XP
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell 1.0
Yahoo! Detect
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/20/2011 10:12:32 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
8/19/2011 10:54:24 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
MBAM quick scan log
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7553
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
8/24/2011 10:50:04 AM
mbam-log-2011-08-24 (10-50-04).txt
Scan type: Quick scan
Objects scanned: 171596
Time elapsed: 12 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
_____________________________________END
GMER
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-24 11:24:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000073 ST3808110AS rev.3.AAD
Running: c5pkrslg.exe; Driver: C:\DOCUME~1\JIMNAL~1\LOCALS~1\Temp\pglyypow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB955F000, 0x29C9F0, 0xE8000020]
? C:\DOCUME~1\JIMNAL~1\LOCALS~1\Temp\pglyypog.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3696] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB98 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3696] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E569F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 156280323
Disk \Device\Harddisk0\DR0 PE file @ sector 156280345
---- EOF - GMER 1.0.15 ----