Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Access Security Site - No CMD Prompt HELP!


  • This topic is locked This topic is locked
7 replies to this topic

#1 vcaponejr

vcaponejr

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 15 May 2009 - 07:11 PM

To All,

Looks like I picked up something. McAfee scan comes up clean but when trying to pull down updates it gives me an error: "An error occurred while updating. Please reinstall these programs: McAfee VirusScan Plus" Can't get to the website to reinstall the pgm and so far it's the only site I can't get to. Can't start a cmd prompt either. I'm even having trouble creating the DDS and Attach files. Black window blinks on by and the only file I can find on my hard drive is pasted below. No sign of the Attach file. Hope this is enough to go on. Google search results indicated my pc might be infected with something. I'm reaching out to you folks! Thanks for helping me out. Let me know if I can do anything else.

hijackthis_051509.txt:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:38 AM, on 5/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ACT\ACT for Windows\Act8.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\MSC\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Windows\Act8.exe" -stayrunning
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RCHotKey] "C:\PROGRA~1\RINGCE~1\RINGCE~1\RCHotKey.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Launch High Impact eMail 3.0 - {670F87A1-88B0-11d4-9030-000021D9C559} - C:\Program Files\KMT Software\High Impact eMail 3.0\HIE3.exe
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {C4A67F75-88B2-11d4-9030-000021D9C559} - C:\Program Files\KMT Software\High Impact eMail 3.0\HIE3.exe
O9 - Extra 'Tools' menuitem: Launch High Impact eMail 3.0 - {C4A67F75-88B2-11d4-9030-000021D9C559} - C:\Program Files\KMT Software\High Impact eMail 3.0\HIE3.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugin/IEGetPlugin.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {D539DEBB-DF36-4689-B543-85AFFCDF7381} (CCheckInstall Object) - https://fedapps.csc.com/citrix/metaframe/ic...llationFile.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: getPlus® Installer - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 11958 bytes

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:34 AM

Posted 15 May 2009 - 07:22 PM

Hi vcaponejr,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.

Please download http://OTListIt2 by OldTimer.
  • Save it to your desktop.
  • Double click on the OTListIt2 icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Type or copy and paste in the Custom Scans/Fixes section: drivers32
  • Click Run Scan button.
  • Two reports will open, copy and paste them to your reply:
  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


#3 vcaponejr

vcaponejr
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 15 May 2009 - 10:52 PM

farbar, thanks for your help. Here's the requested info.

OTListIt logfile created on: 5/15/2009 11:39:41 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 59.52% Memory free
3.72 Gb Paging File | 3.07 Gb Available in Paging File | 82.39% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.75 Gb Total Space | 183.21 Gb Free Space | 80.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 4.12 Gb Total Space | 2.38 Gb Free Space | 57.76% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive J: | 596.02 Gb Total Space | 550.08 Gb Free Space | 92.29% Space Free | Partition Type: FAT32

Computer Name: HOME-988D61EBD3
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/11/10 11:46:26 | 01,504,304 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2007/03/15 15:57:46 | 03,069,512 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/01/08 21:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2005/09/26 15:07:00 | 00,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2009/01/09 12:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\program files\common files\mcafee\mna\mcnasvc.exe
PRC - [2009/01/09 09:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2006/04/05 17:30:56 | 01,015,808 | ---- | M] (Sage Software SB, Inc) -- C:\Program Files\ACT\ACT for Windows\Act8.exe
PRC - [2006/01/30 12:00:00 | 00,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
PRC - [2006/12/15 04:23:27 | 00,075,520 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
PRC - [2006/10/30 10:36:36 | 00,256,576 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/03/25 11:05:48 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2003/05/08 12:00:58 | 00,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
PRC - [2009/05/04 10:06:06 | 00,078,136 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozybackup.exe
PRC - [2006/10/25 19:58:18 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2008/12/28 13:24:04 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2004/08/04 08:00:00 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dumprep.exe
PRC - [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2007/07/09 18:36:10 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/03/15 15:57:44 | 01,033,800 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2007/03/15 17:16:42 | 00,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2009/03/19 11:42:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2007/09/19 05:33:46 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2003/05/31 18:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
PRC - [2009/05/04 10:06:08 | 02,834,744 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2004/10/06 16:56:28 | 00,483,412 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
PRC - [2006/07/30 09:29:52 | 00,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/10/30 10:36:32 | 00,492,608 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/24 00:03:18 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2006/12/15 04:23:26 | 00,251,648 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/23 15:09:50 | 00,199,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2008/10/13 12:25:02 | 12,310,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/02/28 00:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/05/15 23:38:52 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/11/10 11:46:26 | 01,504,304 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
SRV - [2009/03/16 17:45:14 | 00,059,552 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Installer [On_Demand | Stopped])
SRV - [2007/02/06 12:56:21 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 08:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - [2006/10/30 10:36:32 | 00,492,608 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2007/03/15 15:57:46 | 03,069,512 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])
SRV - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2009/01/08 21:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2009/01/09 12:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc [Auto | Running])
SRV - [2009/04/01 14:21:30 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2009/01/09 09:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2009/03/25 11:05:48 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2009/03/24 00:03:18 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2009/05/04 10:06:06 | 00,078,136 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozybackup.exe -- (mozybackup [Auto | Running])
SRV - [2009/03/19 11:42:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2003/05/31 18:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -- (MSSQL$ACT7 [Auto | Running])
SRV - [2002/12/17 19:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2005/09/18 08:32:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/07/30 09:29:52 | 00,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
SRV - [2002/12/17 19:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -- (SQLAgent$ACT7 [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/09/23 14:26:40 | 01,094,751 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2005/09/26 15:07:00 | 03,644,800 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2005/03/09 15:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2004/10/15 10:41:24 | 00,285,216 | ---- | M] (NETGEAR, Inc.) -- C:\WINDOWS\system32\DRIVERS\wg11tnd5.sys -- (AR5523 [On_Demand | Stopped])
DRV - [2004/10/14 18:24:00 | 00,043,392 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\Drivers\ATHFMWDL.sys -- (ATHFMWDL [On_Demand | Stopped])
DRV - [2005/05/17 05:51:34 | 00,005,315 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
DRV - [2006/11/10 11:44:52 | 00,305,788 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
DRV - [2006/09/21 18:55:16 | 00,126,864 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys -- (DNE [On_Demand | Running])
DRV - [2003/07/24 12:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\DNINDIS5.SYS -- (DNINDIS5 [On_Demand | Stopped])
DRV - [2007/03/22 12:57:14 | 00,028,672 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DRIVERS\elagopro.sys -- (elagopro [Auto | Running])
DRV - [2007/03/22 12:57:14 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DRIVERS\elaunidr.sys -- (elaunidr [Auto | Running])
DRV - [2006/09/19 16:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/07/30 19:45:33 | 00,015,890 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
DRV - [2009/03/25 11:06:28 | 00,079,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2009/03/25 11:06:28 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2009/03/25 11:06:28 | 00,214,024 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2009/03/25 11:05:54 | 00,034,216 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2009/03/25 11:06:30 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2009/05/04 10:06:02 | 00,053,752 | ---- | M] (Mozy, Inc.) -- C:\WINDOWS\system32\DRIVERS\mozy.sys -- (mozyFilter [System | Running])
DRV - [2008/10/23 14:08:54 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2005/09/18 08:32:00 | 03,493,984 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2005/07/29 17:11:02 | 00,034,048 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2005/07/29 17:11:04 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/29 04:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003/03/26 17:40:14 | 00,228,096 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\sndp202.sys -- (SNDP202 [On_Demand | Stopped])
DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2004/08/04 00:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2005/01/26 08:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-746137067-861567501-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-746137067-861567501-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-746137067-861567501-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-746137067-861567501-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-746137067-861567501-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKU\S-1-5-21-746137067-861567501-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-746137067-861567501-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-746137067-861567501-682003330-500\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKU\S-1-5-21-746137067-861567501-682003330-500\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKU\S-1-5-21-746137067-861567501-682003330-500\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKU\S-1-5-21-746137067-861567501-682003330-500\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKU\S-1-5-21-746137067-861567501-682003330-500\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKU\S-1-5-21-746137067-861567501-682003330-500\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKU\S-1-5-21-746137067-861567501-682003330-500\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKU\S-1-5-21-746137067-861567501-682003330-500\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKU\S-1-5-21-746137067-861567501-682003330-500\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKU\S-1-5-21-746137067-861567501-682003330-500\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKU\S-1-5-21-746137067-861567501-682003330-500\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKU\S-1-5-21-746137067-861567501-682003330-500\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKU\S-1-5-21-746137067-861567501-682003330-500\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKU\S-1-5-21-746137067-861567501-682003330-500\S-1-5-21-746137067-861567501-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2009/04/27 22:19:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2008/12/28 13:24:35 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\S-1-5-21-746137067-861567501-682003330-500\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O3 - HKU\S-1-5-21-746137067-861567501-682003330-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll (Google Inc.)
O3 - HKU\S-1-5-21-746137067-861567501-682003330-500\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Windows\Act8.exe" -stayrunning (Sage Software SB, Inc)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Computer, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" (ScanSoft, Inc.)
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe" File not found
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-746137067-861567501-682003330-500..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKU\S-1-5-21-746137067-861567501-682003330-500..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all (Kontiki Inc.)
O4 - HKU\S-1-5-21-746137067-861567501-682003330-500..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-746137067-861567501-682003330-500..\Run: [RCHotKey] "C:\PROGRA~1\RINGCE~1\RINGCE~1\RCHotKey.exe" File not found
O4 - HKU\S-1-5-21-746137067-861567501-682003330-500..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe (NETGEAR)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-861567501-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-746137067-861567501-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html ()
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html ()
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Launch High Impact eMail 3.0 - {670F87A1-88B0-11d4-9030-000021D9C559} - C:\Program Files\KMT Software\High Impact eMail 3.0\HIE3.exe (KMT Software, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Launch High Impact eMail 3.0 - {C4A67F75-88B2-11d4-9030-000021D9C559} - C:\Program Files\KMT Software\High Impact eMail 3.0\HIE3.exe (KMT Software, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-746137067-861567501-682003330-500\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.com/nos_dl_manager/plugin/IEGetPlugin.cab (get_atlcom Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D539DEBB-DF36-4689-B543-85AFFCDF7381} https://fedapps.csc.com/citrix/metaframe/ic...llationFile.cab (CCheckInstall Object)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab (DownloadManager Control)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/30 09:04:20 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - H:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/11/05 13:19:36 | 00,000,052 | RHS- | M] () - J:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/04/10 12:57:10 | 00,000,000 | ---D | M] - J:\autorun -- [ FAT32 ]
O33 - MountPoints2\{6cb04a80-1fcc-11db-b39e-001558475a0b}\Shell\AutoRun\command - "" = J:\mri.exe -- File not found
O33 - MountPoints2\{6cb04a80-1fcc-11db-b39e-001558475a0b}\Shell\customizer\command - "" = Customizer.exe
O33 - MountPoints2\{6cb04a80-1fcc-11db-b39e-001558475a0b}\Shell\mri\command - "" = J:\mri.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/15 23:38:48 | 00,000,000 | ---D | M]
Drivers32: aux - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\..\eqli.onc File not found
Drivers32: midi - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\system32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\system32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\system32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\system32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\system32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\system32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\system32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\system32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\system32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\system32\VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\system32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\system32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\system32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\system32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\system32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\system32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\system32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\system32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\system32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/05/15 23:38:44 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/05/15 19:39:46 | 00,359,883 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2009/05/15 16:14:28 | 00,369,049 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Drive_C.xml
[2009/05/15 16:14:28 | 00,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Drive_C.dat
[2009/05/15 16:12:31 | 00,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2009/05/15 16:12:30 | 00,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2009/05/15 15:55:22 | 00,000,000 | ---D | C] -- C:\Program Files\Western Digital Corporation
[2009/05/15 15:55:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\WDC
[2009/05/15 15:55:18 | 00,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009/05/15 07:14:13 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk
[2009/05/15 07:12:19 | 00,053,752 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\mozy.sys
[2009/05/15 07:12:16 | 00,000,000 | ---D | C] -- C:\Program Files\MozyHome
[2009/05/15 06:19:13 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/05/15 06:19:13 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/15 06:02:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{75EE35BC-E993-41FD-9DBA-9AD37F50E521}
[2009/05/15 06:02:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
[2009/05/15 06:02:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}
[2009/05/14 19:54:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{E40FD160-D3F8-4151-96D1-7B73567D4FF3}(2)
[2009/05/14 19:27:55 | 00,000,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Stamps.com.lnk
[2009/05/14 19:26:06 | 00,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2009/05/06 18:00:49 | 00,323,968 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\FoxWood_2Qtr_2009.pdf
[2009/05/05 15:52:33 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/05/04 10:06:12 | 00,004,104 | ---- | C] () -- C:\WINDOWS\mozy.blk
[2009/05/04 10:06:12 | 00,001,880 | ---- | C] () -- C:\WINDOWS\mozy.flt
[2009/04/28 21:07:02 | 00,652,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\2009olischukFINAL LL.doc
[2009/04/28 16:24:47 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Finance 1st Qtr 09.V2.xls
[2009/04/20 20:14:21 | 00,000,838 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Gabriel Baby MOV03183.lnk
[2009/04/19 12:02:27 | 00,052,224 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\BA - Steps.doc
[2009/04/19 10:57:16 | 00,210,944 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\CR Estimation 1710 MAPD_1062 Adh.xls
[2009/04/19 10:57:13 | 01,408,000 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Reqs Doc for MAPD_1062 (CR 1710)040809.doc
[2009/04/19 10:55:30 | 00,130,560 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RequirementsWalkthrough_Checklist_MAPD1062.doc
[2009/04/16 23:34:28 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/04/16 23:34:28 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/02/22 12:29:19 | 00,000,755 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/16 19:07:53 | 00,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2009/01/16 19:07:01 | 00,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/08/28 19:33:05 | 00,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/02/08 21:51:10 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2008/02/08 21:51:07 | 00,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2008/01/18 12:02:02 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7K.DLL
[2008/01/18 11:58:43 | 00,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/07/13 21:10:52 | 00,028,747 | ---- | C] () -- C:\WINDOWS\System32\KMemoryMMX.dll
[2007/07/13 21:10:52 | 00,024,653 | ---- | C] () -- C:\WINDOWS\System32\KMemoryPIII.dll
[2007/07/13 21:10:52 | 00,024,632 | ---- | C] () -- C:\WINDOWS\System32\KMemory.dll
[2007/07/13 21:10:52 | 00,020,546 | ---- | C] () -- C:\WINDOWS\System32\KMemoryC.dll
[2007/07/13 21:10:30 | 00,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2007/07/13 21:10:26 | 00,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2007/07/13 21:10:26 | 00,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2007/07/13 21:10:26 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2007/07/13 21:10:26 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
[2007/07/13 21:10:26 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2007/06/20 16:29:29 | 00,294,912 | ---- | C] () -- C:\WINDOWS\System32\sndp2023.dll
[2007/06/20 16:29:29 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\sndp2022.dll
[2007/06/20 16:29:29 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\dsndp202.dll
[2007/06/20 16:29:29 | 00,015,522 | ---- | C] () -- C:\WINDOWS\sndp202.ini
[2007/06/20 16:29:28 | 00,228,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\sndp202.sys
[2007/06/20 16:29:28 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\vsndp202.dll
[2006/08/25 12:54:22 | 00,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/08/17 20:58:02 | 00,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2006/07/30 20:53:04 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\CSVRes.dll
[2006/07/30 20:52:42 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2006/07/30 20:52:41 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\HTTPUploadDownload.dll
[2006/07/30 20:52:41 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\LLHttpsUpload2.dll
[2006/07/30 20:24:07 | 00,001,734 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/30 20:24:07 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\98CEA54703.sys
[2006/07/30 19:45:20 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/07/30 19:45:20 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/07/30 11:51:49 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/30 09:46:38 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/30 09:46:38 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/30 09:46:38 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/07/30 09:46:37 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/30 09:46:37 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/07/30 09:46:37 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/07/30 09:46:35 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/30 09:39:40 | 00,156,672 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/07/30 09:39:36 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2006/07/30 09:29:52 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/07/30 09:19:53 | 00,000,024 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/04 08:00:00 | 00,000,924 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 08:00:00 | 00,000,282 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/15 23:38:52 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/05/15 22:44:08 | 00,004,104 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2009/05/15 22:44:08 | 00,001,880 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2009/05/15 19:39:48 | 00,359,883 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2009/05/15 19:34:57 | 00,035,827 | ---- | M] () -- C:\logfile
[2009/05/15 19:34:53 | 00,033,417 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/05/15 19:34:40 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/15 19:33:48 | 00,001,734 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/05/15 19:32:58 | 00,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/15 19:32:52 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\desktop.ini
[2009/05/15 19:32:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/15 19:32:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/15 16:14:30 | 00,369,049 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Drive_C.xml
[2009/05/15 16:14:30 | 00,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Drive_C.dat
[2009/05/15 16:12:31 | 00,000,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2009/05/15 15:55:18 | 00,020,992 | ---- | M] () -- C:\WINDOWS\jestertb.dll
[2009/05/15 11:22:02 | 00,000,452 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2009/05/15 07:14:17 | 00,000,169 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2009/05/15 07:14:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk
[2009/05/15 06:19:14 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/05/15 01:17:29 | 00,000,280 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/05/14 23:13:51 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/05/14 19:53:30 | 00,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat
[2009/05/11 09:00:08 | 00,000,368 | ---- | M] () -- C:\WINDOWS\tasks\McQClean.job
[2009/05/10 00:27:18 | 00,731,136 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/05/10 00:27:18 | 00,384,000 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/05/06 18:02:02 | 00,086,528 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\Thumbs.db
[2009/05/06 18:00:49 | 00,323,968 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\FoxWood_2Qtr_2009.pdf
[2009/05/05 15:52:33 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/05/04 10:06:02 | 00,053,752 | ---- | M] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\mozy.sys
[2009/05/03 13:10:20 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk
[2009/04/28 21:07:03 | 00,652,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\2009olischukFINAL LL.doc
[2009/04/28 16:40:26 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Finance 1st Qtr 09.V2.xls
[2009/04/20 20:14:21 | 00,000,838 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Gabriel Baby MOV03183.lnk
[2009/04/19 12:18:50 | 00,052,224 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\BA - Steps.doc
[2009/04/19 10:57:00 | 01,408,000 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Reqs Doc for MAPD_1062 (CR 1710)040809.doc
[2009/04/19 10:57:00 | 00,210,944 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\CR Estimation 1710 MAPD_1062 Adh.xls
[2009/04/19 10:55:00 | 00,130,560 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RequirementsWalkthrough_Checklist_MAPD1062.doc
[2009/04/16 23:34:28 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/04/16 08:24:00 | 00,504,466 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/16 08:24:00 | 00,426,952 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/16 08:24:00 | 00,071,896 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/16 03:03:02 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/16 03:01:00 | 00,000,924 | ---- | M] () -- C:\WINDOWS\win.ini
< End of report >

---------------------------------------------------------------------------------------------------

OTListIt Extras logfile created on: 5/15/2009 11:39:41 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 59.52% Memory free
3.72 Gb Paging File | 3.07 Gb Available in Paging File | 82.39% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.75 Gb Total Space | 183.21 Gb Free Space | 80.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 4.12 Gb Total Space | 2.38 Gb Free Space | 57.76% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive J: | 596.02 Gb Total Space | 550.08 Gb Free Space | 92.29% Space Free | Partition Type: FAT32

Computer Name: HOME-988D61EBD3
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe:*:Enabled:RingCentral
[2006/04/05 17:30:56 | 01,015,808 | ---- | M] (Sage Software SB, Inc) -- C:\Program Files\ACT\ACT for Windows\Act8.exe:*:Enabled:ACT! 8.x/2006
[2006/06/22 14:33:42 | 00,745,472 | ---- | M] (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421) -- C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe:*:Enabled:WS_FTP Pro Application
[2006/10/30 10:36:32 | 15,338,560 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2007/03/15 15:57:46 | 03,069,512 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
[2007/03/08 01:25:56 | 09,950,760 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
[2007/02/06 13:30:17 | 03,679,784 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\CSC Nortel VPN Client\Extranet.exe:*:Enabled:Contivity VPN Client
[2008/03/05 23:29:49 | 10,343,712 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
[2007/10/22 19:56:52 | 03,597,600 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
[2007/09/19 05:33:46 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2008/12/28 13:24:09 | 00,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2009/01/09 12:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{180D45DA-5140-48D4-BDEA-8B9CE3A6D9A4}" = TurboTax 2008 WinBizTaxSupport
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{341E9A67-9E45-4CAE-9AAC-49AD3EBACA41}" = ACT!
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{459E93B6-150E-45d5-8D4B-45C66FC035FE}" = getPlus® for Corel
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{4AEBD86C-C82E-401A-9AA0-8B8AF7A5A3CA}" = TurboTax 2008 WinBizFedFormset
"{4F8D44E7-3F47-4002-AE6A-BCB6A46A1788}" = Lizardtech Express View Browser Plug-in
"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime
"{51123D42-6B9C-4B93-900C-29F9EC5963C9}" = NETGEAR WG111T Smart Wizard Wireless Utility
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{56D4C8A0-6126-11DD-AD8B-0800200C9A66}" = TurboTax 2008 WinBizUserEducation
"{595ED82D-446E-4C0B-B327-216AE31E9471}" = TurboTax 2008 wmdiper
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{60C55062-CFC0-4F13-9FBD-6675175E3746}" = ACT! 2006
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91057632-CA70-413C-B628-2D3CDBBB906B}" = Macromedia Flash Player 8 Plugin
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9809E95B-6AB5-445C-8BCB-6B0FBD62B823}" = High Impact eMail 3.0
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B48D2154-28DB-4DC8-94EF-0D2B2C789717}" = MozyHome Remote Backup
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6C2466E-D773-4EF5-9350-9D3D68F668BE}" = TurboTax 2008 WinBizProgramHelp
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4028FB-4F2E-4368-8B1E-6C5684315C03}" = TurboTax 2008 wmdobpm
"{CCFFC1DA-7A65-4C1B-98DC-3F7861F50254}" = TurboTax 2008 wrapper
"{CE4C9170-F517-42EB-A5CB-F16DE610315A}" = Stamps.com Application Support for Microsoft Outlook 2000, 2002, 2003
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}" = Virtual Earth 3D (Beta)
"{DAD4DE93-9438-4823-AE5E-93A1BE846FE0}" = Stamps.com Application Support for Microsoft Word 2000, 2002, 2003
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E85397AD-D60E-4141-82E6-FAA312A09271}" = Dual Mode Camera (8008 VGA)
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{F8D8A515-3D81-431D-BCBB-9EBA3CFE0987}" = TurboTax 2008 WinBizReleaseEngine
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"BigFix" = BigFix
"DOC to Image Converter_is1" = DOC to Image Converter 2.00
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0044)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"Google Desktop" = Google Desktop
"gtw_logo" = gtw_logo
"HijackThis" = HijackThis 2.0.2
"HP-LaserJet 1020 series" = LaserJet 1020 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImTOO MPEG to DVD Converter" = ImTOO MPEG to DVD Converter
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"InstallShield_{60C55062-CFC0-4F13-9FBD-6675175E3746}" = ACT! 2006
"kdx_aolhqvprod" = AOL HI-Q Video
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MP Navigator 2.0" = Canon MP Navigator 2.0
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"PUBLISHERR" = Microsoft Office Publisher 2007 Trial
"RealPlayer 6.0" = RealPlayer
"ROXIO_PRISM_V4_0" = PhotoSuite 4 (Remove Only)
"ScrewDrivers Client v4" = ScrewDrivers Client v4
"Six Steps to Mastering Foreclosures 2007_is1" = Six Steps to Mastering Foreclosures 2007 Support Documents
"Stamps.com" = Stamps.com
"Stamps.com support for Microsoft Outlook 2000, 2002, 2003" = Stamps.com support for Microsoft Outlook 2000, 2002, 2003
"Stamps.com support for Microsoft Outlook 2000-2007" = Stamps.com support for Microsoft Outlook 2000-2007
"Stamps.com support for Microsoft Word 2000, 2002, 2003" = Stamps.com support for Microsoft Word 2000, 2002, 2003
"Stamps.com support for Microsoft Word 2000-2007" = Stamps.com support for Microsoft Word 2000-2007
"SwiftPage Email for ACT!" = SwiftPage Email for ACT! 7.4.46
"Swiftpage for ACT!" = Swiftpage for ACT! 8.3.5
"TurboTax 2008" = TurboTax 2008
"TurboTax Business 2008" = TurboTax Business 2008
"TurboTax Home & Business 2006" = TurboTax Home & Business 2006
"TurboTax Home & Business 2007" = TurboTax Home & Business 2007
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-746137067-861567501-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/15/2009 4:07:02 PM | Computer Name = HOME-988D61EBD3 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 5/15/2009 4:07:17 PM | Computer Name = HOME-988D61EBD3 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/15/2009 4:07:17 PM | Computer Name = HOME-988D61EBD3 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/15/2009 4:07:17 PM | Computer Name = HOME-988D61EBD3 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/15/2009 4:07:17 PM | Computer Name = HOME-988D61EBD3 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/15/2009 4:07:17 PM | Computer Name = HOME-988D61EBD3 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/15/2009 4:07:17 PM | Computer Name = HOME-988D61EBD3 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/15/2009 4:14:10 PM | Computer Name = HOME-988D61EBD3 | Source = VSS | ID = 6013
Description = Sqllib error: OLEDB Error encountered calling IDBInitialize::Initialize.
hr = 0x80040e4d. SQLSTATE: 42000, Native Error: 18456 Error state: 1, Severity: 14
Source:
Microsoft OLE DB Provider for SQL Server Error message: Login failed for user 'NT
AUTHORITY\SYSTEM'.

Error - 5/15/2009 4:15:33 PM | Computer Name = HOME-988D61EBD3 | Source = VSS | ID = 6013
Description = Sqllib error: OLEDB Error encountered calling IDBInitialize::Initialize.
hr = 0x80040e4d. SQLSTATE: 42000, Native Error: 18456 Error state: 1, Severity: 14
Source:
Microsoft OLE DB Provider for SQL Server Error message: Login failed for user 'NT
AUTHORITY\SYSTEM'.

Error - 5/15/2009 4:50:33 PM | Computer Name = HOME-988D61EBD3 | Source = Application Error | ID = 1000
Description = Faulting application simple_screensaver_gtw_slow.exe, version 8.0.22.0,
faulting module simple_screensaver_gtw_slow.exe, version 8.0.22.0, fault address
0x00240000.

[ System Events ]
Error - 5/15/2009 11:37:46 PM | Computer Name = HOME-988D61EBD3 | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 5/15/2009 11:38:26 PM | Computer Name = HOME-988D61EBD3 | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 5/15/2009 11:39:07 PM | Computer Name = HOME-988D61EBD3 | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 5/15/2009 11:39:47 PM | Computer Name = HOME-988D61EBD3 | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 5/15/2009 11:40:27 PM | Computer Name = HOME-988D61EBD3 | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 5/15/2009 11:41:08 PM | Computer Name = HOME-988D61EBD3 | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 5/15/2009 11:41:48 PM | Computer Name = HOME-988D61EBD3 | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 5/15/2009 11:42:29 PM | Computer Name = HOME-988D61EBD3 | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 5/15/2009 11:43:09 PM | Computer Name = HOME-988D61EBD3 | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 5/15/2009 11:43:50 PM | Computer Name = HOME-988D61EBD3 | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.


< End of report >

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:34 AM

Posted 16 May 2009 - 06:23 AM

Hi again,
  • Please open OTListTt2.
    • Copy the text in code box and paste it to Custom Scans/Fixes section:

      :Processes
      explorer.exe
      :otli
      O3 - HKU\S-1-5-21-746137067-861567501-682003330-500\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Reg Error: Key error. File not found
      O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
      O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
      O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
      O33 - MountPoints2\{6cb04a80-1fcc-11db-b39e-001558475a0b}\Shell\AutoRun\command - "" = J:\mri.exe -- File not found
      O33 - MountPoints2\{6cb04a80-1fcc-11db-b39e-001558475a0b}\Shell\mri\command - "" = J:\mri.exe -- File not found
      Drivers32: aux2 - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\..\eqli.onc File not found
      :reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
      "DisableMonitoring" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
      "DisableMonitoring" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
      "aux2"="wdmaud.drv"
      :commands
      [start explorer]
      [emptytemp]
      [Reboot]
    • Click Run Fix button.
    • If the fix needed a reboot please do it.
    • After finished a log will open. Copy and paste the log to your reply. Also tell me how is your computer running.
  • Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Look for "Java Runtime Environment (JRE)" JRE 6 Update 13.
    • Click the Download button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
    -- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
    -- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
    -- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

  • Please copy and paste a fresh Hijackthis log to your reply for a final review. Tell me also how is your computer running.


#5 vcaponejr

vcaponejr
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 16 May 2009 - 08:42 AM

Hi there,

Reboot was required after fix. System came up and auto updated McAfee... something it hasn't done in a week. Following msg,"McAfee has automatically blocked and removed a Trojan. About this Trojan
Detected: Generic Downloader.dp (Trojan), Generic Downloader.dp (Trojan)
Location: C:\Documents and Settings\Administrator\Local Settings\EQLI.ONC
Trojans appear as legitimate programs but can damage valuable files, disrupt performance, and allow unauthorized access to your computer
."

I also have my cmd prompt back. I can access security site and everything seems great! This time I did not ignore my Java Update msg. I pulled down the outstanding updates.

Thanks so much for your help. I can't be of much assistance but please let me know if there is anything I can do.

Here's the log. Thanks again.

========== PROCESSES ==========
Process explorer.exe killed successfully!
========== OTLISTIT ==========
Registry value HKEY_USERS\S-1-5-21-746137067-861567501-682003330-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append Link Target to Existing PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cb04a80-1fcc-11db-b39e-001558475a0b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6cb04a80-1fcc-11db-b39e-001558475a0b}\ not found.
File J:\mri.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cb04a80-1fcc-11db-b39e-001558475a0b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6cb04a80-1fcc-11db-b39e-001558475a0b}\ not found.
File J:\mri.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\aux2 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring" not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring" not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\"aux2"|"wdmaud.drv" /E : value set successfully!
========== COMMANDS ==========
Explorer started successfully
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_2f4.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\~DF5A73.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\~DF6009.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\~DFF6A.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcmsc_a1q8W60aJgeL1jK scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_Hh1lanz0Kct2WvN scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_164.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5ec.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_65c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_d406rr4F61fIgX4 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_hjQiwqoXc2uMKSD scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_pAYweNmHJN7Te6G scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05162009_092044

Files moved on Reboot...
File C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_2f4.dat not found!
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF5A73.tmp moved successfully.
File C:\Documents and Settings\Administrator\Local Settings\Temp\~DF6009.tmp not found!
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFF6A.tmp moved successfully.
File C:\WINDOWS\temp\mcmsc_a1q8W60aJgeL1jK not found!
File C:\WINDOWS\temp\mcmsc_Hh1lanz0Kct2WvN not found!
File C:\WINDOWS\temp\Perflib_Perfdata_164.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_5ec.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_65c.dat not found!
C:\WINDOWS\temp\sqlite_d406rr4F61fIgX4 moved successfully.
C:\WINDOWS\temp\sqlite_hjQiwqoXc2uMKSD moved successfully.
C:\WINDOWS\temp\sqlite_pAYweNmHJN7Te6G moved successfully.

Registry entries deleted on Reboot...

#6 vcaponejr

vcaponejr
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 16 May 2009 - 08:53 AM

Current Log:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Administrator at 9:45:11.89 on Sat 05/16/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1918.1173 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RCHotKey] "c:\progra~1\ringce~1\ringce~1\RCHotKey.exe"
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Act! Preloader] "c:\program files\act\act for windows\Act8.exe" -stayrunning
mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [RCHotKey] "c:\program files\ringcentral\ringcentral call controller\RCHotKey.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t configuration utility\wlan111t.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {670F87A1-88B0-11d4-9030-000021D9C559} - c:\program files\kmt software\high impact email 3.0\HIE3.exe
IE: {C4A67F75-88B2-11d4-9030-000021D9C559} - c:\program files\kmt software\high impact email 3.0\HIE3.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager/plugin/IEGetPlugin.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D539DEBB-DF36-4689-B543-85AFFCDF7381} - hxxps://fedapps.csc.com/citrix/metaframe/icaweb_common/en/ica32/CheckInstallationFile.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2006-7-30 214024]
R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2009-5-15 53752]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-5 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-8-1 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2006-7-30 144704]
R2 MSSQL$ACT7;MSSQL$ACT7;c:\program files\microsoft sql server\mssql$act7\binn\sqlservr.exe -sact7 --> c:\program files\microsoft sql server\mssql$act7\binn\sqlservr.exe -sACT7 [?]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2006-7-30 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2006-7-30 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2006-7-30 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2006-7-30 40552]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\athfmwdl.sys [2006-7-30 43392]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2006-7-30 17149]
S3 getPlus® Installer;getPlus® Installer;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-3-28 59552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2006-7-30 34216]
S3 SNDP202;Dual Mode Camera (8008 VGA);c:\windows\system32\drivers\sndp202.sys [2007-6-20 228096]
S3 SQLAgent$ACT7;SQLAgent$ACT7;c:\program files\microsoft sql server\mssql$act7\binn\sqlagent.exe -i act7 --> c:\program files\microsoft sql server\mssql$act7\binn\sqlagent.EXE -i ACT7 [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-1-16 280344]

=============== Created Last 30 ================

2009-05-16 09:31 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-16 09:31 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-16 09:20 <DIR> --d----- C:\_OTListIt
2009-05-15 16:12 <DIR> --d----- c:\program files\Runtime Software
2009-05-15 15:55 <DIR> --d----- c:\program files\Western Digital Corporation
2009-05-15 15:55 20,992 a------- c:\windows\jestertb.dll
2009-05-15 07:12 53,752 a------- c:\windows\system32\drivers\mozy.sys
2009-05-15 07:12 <DIR> --d----- c:\program files\MozyHome
2009-05-15 06:19 <DIR> --d----- c:\program files\Trend Micro
2009-05-15 06:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{75EE35BC-E993-41FD-9DBA-9AD37F50E521}
2009-05-15 06:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
2009-05-15 06:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8737778F-82C6-4680-A660-E8B2B8C8C22B}
2009-05-14 19:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{E40FD160-D3F8-4151-96D1-7B73567D4FF3}(2)
2009-05-14 19:26 36 a---h--- c:\windows\system32\f9t.dat
2009-05-04 10:06 4,104 a------- c:\windows\mozy.blk
2009-05-04 10:06 1,880 a------- c:\windows\mozy.flt
2009-04-16 23:34 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-16 23:34 1,409 a------- c:\windows\QTFont.for

==================== Find3M ====================

2009-05-16 09:24 1,734 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-03-25 11:06 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 11:06 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-03-25 11:06 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 11:06 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-03-25 11:05 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-03-06 10:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 14:09 78,336 a------- c:\windows\system32\ieencode.dll
2008-08-18 18:27 60,744 a------- c:\documents and settings\administrator\g2mdlhlpx.exe
2008-07-09 14:30 1,084,936 a------- c:\program files\APEX9_Win_WEB_WWEFG.exe
2008-02-16 11:21 1,024 a------- c:\docume~1\alluse~1\applic~1\imgdoc2.dll
2007-08-13 22:00 1,533,096 a------- c:\program files\wp6rtf.exe
2007-07-15 22:39 265,949,336 a------- c:\program files\AcroPro80_efg.exe
2006-11-14 21:58 57,132,912 a------- c:\program files\w_turbotax_1040_hab_2006_00.exe
2006-08-30 16:08 458 a------- c:\program files\MapDrives.bat
2006-08-29 16:50 3,322,477 a------- c:\program files\mlgbonus.zip
2006-08-26 13:38 7,378,496 a------- c:\program files\stamps.exe
2003-06-20 03:05 138,288 a------- c:\windows\inf\usbport.sys
2003-06-20 03:05 49,776 a------- c:\windows\inf\usbhub20.sys
2003-06-20 03:05 24,752 a------- c:\windows\inf\hidclass.sys
2003-06-20 03:05 20,688 a------- c:\windows\inf\usbd.sys
2003-06-20 03:05 19,728 a------- c:\windows\inf\usbehci.sys
2006-07-30 20:25 56 ---shr-- c:\windows\system32\98CEA54703.sys

============= FINISH: 9:45:53.76 ===============

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:34 AM

Posted 16 May 2009 - 08:57 AM

You are welcome and thanks for your the feedback. Thanks also for the assistance offer.
Seems McAfee is starting to detect this trojan.

Everything looks good.
  • Please run OTListIt2.
    • Click Clean Up button.
    • Accept any prompts.
    • This will remove any tools we used, including OTListIt2, and will require a reboot.
  • First Set a New Restore Point then Remove the Old Restore Points to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    To set a new restore point:
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    To remove the old restore points:
    • Go to Start > Run then type: Cleanmgr in the box and click "OK".
    • You get a window to select the drive to clean, the default is already set to (C:) drive. Click OK.
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
    • Click OK and Yes.

Optional Recommendations:
  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office.
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC. Windows XP Service Pack 2 is now outdated. Microsoft has released Service Pack 3 which has more features and is more secure than Service Pack 2.

    You can update by going to start > All Programs > Windows update > click on Custom button.

    Note: Download Service Pack 3 but before installing it disable your antivirus real-time protection.

  • Install Javacoolsİ SpywareBlaster
    SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. What you need is updating it once in 2-3 weeks and enabling the restriction. You can find more information and a download link.

  • The rule of thumb: One AntiVirus with real-time protection, one firewall (other than Windows firewall) and one antispyware with real-time protection. Any additional anti-malware shouldn't be running. You might have two or three antispyware but they should not be running at the same time and should be set not to start with Windows.


#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:34 AM

Posted 20 May 2009 - 02:41 PM

This thread is closed as the issue appears to be resolved.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users