Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection with ZBOT ZEUS Trojan


  • This topic is locked This topic is locked
24 replies to this topic

#1 melanieb

melanieb

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 16 February 2010 - 11:36 PM

My name is Melanie and I am from Texas. My introduction is also on this forum.

Recently, while attempting to log on to my bank's online member connect, instead of the usual secondary password page I was directed to a page that said "Online Banking" which said my computer could not be verified. To verify my computer, additional; information was needed. Fields were open asking for my credit card number, expiration date, security number, and ATM pin code.

I knew not to enter information. This page had also appeared approximately a week prior when a friend attempted to check her bank info using my computer. At that time we assumed she had mistyped the URL. Now that I was being directed to the same page I decided something was wrong.

A scan with both my virus program (McAfee Security Center) and my malware program (MalwareBytes) returned no threats. I called my credit union and they gave me the information on the ZBOT/ZEUS trojan, and how many programs fail to detect it. I spent time reseaching its removal. The recommended procedure was to make sure all required security updates were taken care of, drivers and vital programs, and then attempt a scan in safe mode followed by a change to a couple of registry keys.

I performed the scans in safe mode (without network connection) and still no threats were detected. Following this I returned to normal operation but still felt uncertain. While ordering dinner last evening one web page was extremely slow to load. Today, while attempting to validate my registration to the bleepingcomputer.com forums I found an e-mail in my inbox from the malwarebytes forum, which I have not visited in some time. An automated message was generated after someone attempted to change my password. An I.P. was logged and I traced it to Amsterdam. I deleted the message as I had not geneated it and did not want anyone gaining access to my e-mail or the registration change link.

In preparing for this post I backed up all of my data and ran Defogger, followed by DDS. When I ran GMER the program scanned for a good 2 hours and then gave me the blue screen hard disk stop error and said something like DD00000014 or something close to that. I shut down, started the computer back up, and when I was sure that all the start-up programs were done I attempted to open the GMER program to see if any log had been created. There was no log after all the time spent scanning so I closed the program. At this moment there was a brief (flash/warp) distortion and a dialog box appeared asking me if I wanted to send Microsoft an error report. I clicked yes for the hell of it and it created the report (nothing unusal there) and then Internet Explorer opened to the page about updating a driver (still not unusual) and when I attempted to close that IE window I received another blue stop screen and the error codes 0X000000F4, 0X00000003, 048A6E9650, 0X8A6E97C4, 0X805FB066.

Following that I chose not to try GMER again. After starting up I deleted the DDS program and the GMER program from my Desktop. I then went to delete them from my Recycle bin. I found four items there, the DDS program, the GMER Program, the GMER zip file, and a shortcut to free MSN Hotmail that didn't recognize. I clicked on EMPTY THE RECYCLE BIN and everything but the Hotmail shortcut disappeared. When I attempted to click on the Hotmail icon the option to delete it disappeared from the left hand column of the recycle bin. I tried a left click with my mouse and the icon deleted but I was again presented with an option to send Microsoft an error report. I chose not to send and began my post here instead.

While writing this report I frequently found that I hit keys on my keyboard but nothing appeared on the screen, and I had to look over what I'd written for missing letters or places where the space bar did not register. Yet another recent anomaly.

Please advise regarding scans in light of stop errors. ~melanie

DDS (Ver_09-12-01.01) - NTFSx86
Run by Los at 18:27:31.51 on Tue 02/16/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1297 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Los\Desktop\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer provided by Roadrunner
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sonic RecordNow!]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Dell AIO Printer A940] "c:\program files\dell aio printer a940\dlbabmgr.exe"
mRun: [FineReader7NewsReaderPro] "c:\program files\abbyy finereader 7.0 professional edition\ABBYYNewsReader.exe"
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~2\mimboot.exe
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: <NO NAME> =
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\los\start menu\programs\>imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209335544265
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://download.shockwave.com/pub/otoy/OTOYAX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\los\applic~1\mozilla\firefox\profiles\vhppbqkd.default\
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-19 214664]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-2-19 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-2-19 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-2-19 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-19 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-19 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-19 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-19 34248]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2010-02-17 00:24:09 0 ----a-w- c:\documents and settings\los\defogger_reenable
2010-02-11 23:55:44 0 d-sh--w- c:\documents and settings\los\IECompatCache
2010-02-11 23:50:59 0 d-sh--w- c:\documents and settings\los\PrivacIE
2010-02-11 23:04:23 0 d-sh--w- c:\documents and settings\los\IETldCache
2010-02-11 22:55:51 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-02-11 22:55:28 0 d-----w- c:\windows\ie8updates
2010-02-11 22:55:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-02-11 22:55:13 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-11 22:52:12 0 dc-h--w- c:\windows\ie8
2010-02-09 17:14:08 3245 ----a-w- c:\windows\system32\wbem\Outlook_01caa9ab4a329a54.mof

==================== Find3M ====================

2010-01-07 22:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00:21 133120 ----a-w- c:\windows\system32\dllcache\extmgr.dll
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-12-21 19:14:05 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-12-21 19:14:04 5942784 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-12-21 19:14:04 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-12-21 19:14:03 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-21 19:14:03 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-21 19:14:03 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-12-21 19:14:03 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-12-21 19:14:03 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-12-21 19:14:02 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-12-21 19:14:01 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 17:11:44 1291776 ------w- c:\windows\system32\quartz.dll
2009-11-27 17:11:44 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2009-11-27 16:07:35 8704 ------w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:35 28672 ------w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:35 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:07:34 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 16:07:34 84992 ------w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ------w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34 11264 ------w- c:\windows\system32\msrle32.dll
2009-11-27 16:07:34 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2009-11-21 15:51:04 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2009-03-11 21:40:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009031120090312\index.dat

============= FINISH: 18:29:29.56 ===============


[attachment=47738:DDSAttach.txt]

BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:49 PM

Posted 20 February 2010 - 09:54 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 melanieb

melanieb
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 21 February 2010 - 11:42 AM

I ran the scans. I had to run GMER in safe mode because it gave me a blue screen and unknown hard error d0000144 when I tried running it normally.

I also noticed that my malware protection(Malwarebytes) was turned off without any action on my part before I performed the scans. I thought this odd, particularly in light of the recent message found in my e-mail box.


The scans are attached.

[attachment=48175:DDS_Melanieb.txt] [attachment=48176:Attach_Melanieb.zip] [attachment=48177:gmer.txt]

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:49 PM

Posted 21 February 2010 - 12:08 PM

Hello, melanieb
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 melanieb

melanieb
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 22 February 2010 - 02:16 AM

Thank you very much, Tom.

I ran Combofix. It installed the Recovery Console and ran the scan. During the process, a number of dialog boxes displayed on the screen, each one indicating that a program needed to be terminated unexpectedly, wanting to know if I wanted to send Microsoft an error report or not. DVD Sentry, Intellitype Pro, WD BTN MGR, and some strange program like Modem Connect or something that wasn't familiar but suggested communication with other computers were all among the dozen-plus programs that popped up during the second half of the scan. It almost seemed like something was attmpting to utilize each of the various programs in some way and, failing to make them work, caused them to terminate. Most of the programs that displayed dialog boxes are listed in the Combofix log in the section <Reg Loading Points>.

I noticed the scan completely terminated McAfee Security Center from the taskbar. Thought that was odd. The scan also made Internet Explorer no longer set as my default browser. I've also noticed that downloaded Windows updates that appeared ready to be installed (indicated by the shield) are no longer present. Some odd changes from this scan.


ComboFix 10-02-21.02 - Los 02/22/2010 0:04.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1478 [GMT -6:00]
Running from: c:\documents and settings\Los\Desktop\schrauber.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com
c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com\SpywareRemover\BPS Popup-Watch.lnk
c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com\SpywareRemover\BPS Spy-Watch.lnk
c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com\SpywareRemover\BPS Spyware-Adware Remover.lnk
c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com\SpywareRemover\BPS Winsock 2 Connection Fix.lnk
c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com\SpywareRemover\System Hijack Scanner.lnk
c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com\SpywareRemover\Uninstall.lnk
c:\program files\Shared
c:\windows\patch.exe
c:\windows\system32\tmp.reg

.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Created from 2010-01-22 to 2010-02-22 )))))))))))))))))))))))))))))))
.

2010-02-21 16:23 . 2010-01-11 13:29 985288 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\MSC\Updates\Installs\Download_Files\vso\mcappcfg.exe
2010-02-21 16:23 . 2010-01-11 13:29 985288 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\MSC\Updates\Installs\Download_Files\msc\mcappcfg.exe
2010-02-21 16:23 . 2010-01-11 13:29 265824 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\MSC\Updates\Installs\Download_Files\vso\mcutil.dll
2010-02-21 16:23 . 2010-01-11 13:29 265824 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\MSC\Updates\Installs\Download_Files\msc\mcutil.dll
2010-02-21 16:23 . 2010-01-11 13:14 822048 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\MSC\Updates\Installs\Download_Files\vso\McInst.exe
2010-02-21 16:23 . 2010-01-11 13:14 822048 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\MSC\Updates\Installs\Download_Files\msc\McInst.exe
2010-02-16 18:46 . 2010-02-16 18:46 -------- d-----w- c:\documents and settings\Los\Application Data\DivX
2010-02-12 01:43 . 2010-02-12 01:43 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-11 23:55 . 2010-02-11 23:55 -------- d-sh--w- c:\documents and settings\Los\IECompatCache
2010-02-11 23:50 . 2010-02-11 23:50 -------- d-sh--w- c:\documents and settings\Los\PrivacIE
2010-02-11 23:04 . 2010-02-11 23:04 -------- d-sh--w- c:\documents and settings\Los\IETldCache
2010-02-11 22:55 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-02-11 22:55 . 2010-02-11 22:56 -------- d-----w- c:\windows\ie8updates
2010-02-11 22:55 . 2009-12-21 19:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-02-11 22:55 . 2009-12-21 19:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-11 22:52 . 2010-02-11 22:55 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 19:32 . 2006-05-11 21:44 -------- d-----w- c:\documents and settings\Los\Application Data\Apple Computer
2010-02-21 10:54 . 2009-03-20 04:53 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-16 17:31 . 2006-05-11 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Retrospect
2010-02-08 15:16 . 2007-05-15 13:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-08 02:31 . 2008-07-19 04:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 11:45 . 2010-01-14 02:29 -------- d-----w- c:\documents and settings\Spooky\Application Data\DivX
2010-01-18 08:00 . 2008-08-24 21:05 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-14 02:21 . 2004-03-12 15:57 -------- d-----w- c:\program files\DivX
2010-01-14 02:19 . 2010-01-14 02:17 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-14 00:38 . 2006-08-05 16:12 -------- d-----w- c:\documents and settings\Spooky\Application Data\Apple Computer
2010-01-12 20:41 . 2010-01-12 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-12 20:41 . 2010-01-12 20:40 -------- d-----w- c:\program files\iTunes
2010-01-12 20:40 . 2006-05-11 21:36 -------- d-----w- c:\program files\iPod
2010-01-12 20:40 . 2008-11-25 16:27 -------- d-----w- c:\program files\Common Files\Apple
2010-01-12 20:38 . 2010-01-12 20:38 -------- d-----w- c:\program files\Bonjour
2010-01-12 20:37 . 2007-04-02 19:29 -------- d-----w- c:\program files\QuickTime
2010-01-12 20:27 . 2010-01-12 20:27 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2010-01-07 22:07 . 2008-07-19 04:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2008-07-19 04:55 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2002-08-29 11:00 353792 ------w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2006-02-24 19:26 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 18:02 . 2006-11-30 01:35 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-16 18:43 . 2002-08-29 11:00 343040 ------w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2002-08-29 11:00 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 1980-01-01 06:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 1980-01-01 06:00 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2002-08-29 11:00 455424 ------w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2006-01-15 20:35 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2003-05-30 15:00 1291776 ------w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2002-08-29 11:00 8704 ------w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2002-08-29 11:00 28672 ------w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2002-08-29 11:00 84992 ------w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2002-08-29 11:00 48128 ------w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2002-08-29 11:00 11264 ------w- c:\windows\system32\msrle32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-06 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-12-03 151597]
"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102]
"FineReader7NewsReaderPro"="c:\program files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe" [2004-03-11 290816]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11776]
"WD Button Manager"="WDBtnMgr.exe" [2006-05-11 335872]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-01-20 28160]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"BCMSMMSG"="BCMSMMSG.exe" [2003-06-02 122880]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"nwiz"="nwiz.exe" [2009-05-01 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force Standalone.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"64229:TCP"= 64229:TCP:Services
"6615:TCP"= 6615:TCP:Services

.
Contents of the 'Scheduled Tasks' folder

2010-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-02-17 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Los.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-07-19 22:07]

2010-02-20 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Spooky.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-07-19 22:07]

2010-02-20 c:\windows\Tasks\Malwarebytes' Scheduled Update for Los.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-07-19 22:07]

2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-19 17:22]

2010-02-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-19 17:22]

2010-02-22 c:\windows\Tasks\User_Feed_Synchronization-{8006E3AF-B8C6-49B5-829E-BF80067F9FEE}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]

2010-02-21 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Los\Start Menu\Programs\>IMVU\Run IMVU.lnk
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
FF - ProfilePath - c:\documents and settings\Los\Application Data\Mozilla\Firefox\Profiles\vhppbqkd.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Sonic RecordNow! - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Scooby-Doo™, Showdown in Ghost Town™ - c:\program files\The Learning Company\Scooby-Doo™
AddRemove-Stop_the_Morbuzakh - c:\program files\LEGO Software\Stop the Morbuzakh\Uninst.exe
AddRemove-ThinkTanks - c:\progra~1\SHOCKW~1.COM\THINKT~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-22 00:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A4B82A0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> 0x8a4b82a0
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Intel® PRO/100 VE Network Connection -> SendCompleteHandler -> 0x89f70330
PacketIndicateHandler -> NDIS.sys @ 0xf740ea0d
SendHandler -> NDIS.sys @ 0xf7422b40
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x094FE9BD
malicious code @ sector 0x094FE9C0 !
PE file found in sector at 0x094FE9D6 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
Completion time: 2010-02-22 00:18:37
ComboFix-quarantined-files.txt 2010-02-22 06:18

Pre-Run: 20,166,881,280 bytes free
Post-Run: 20,691,697,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - CB60B06CEAC8BD8B9A77E5C879BDA728

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:49 PM

Posted 23 February 2010 - 02:12 PM

Hi,

Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 melanieb

melanieb
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 24 February 2010 - 09:40 AM

I updated Malwarebytes and ran the scan. No other programs were running, including McAfee, that should have interfered with the scan.



Malwarebytes' Anti-Malware 1.44
Database version: 3784
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/24/2010 8:32:07 AM
mbam-log-2010-02-24 (08-32-07).txt

Scan type: Quick Scan
Objects scanned: 173591
Time elapsed: 8 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:49 PM

Posted 24 February 2010 - 03:35 PM

How is it running now? smile.gif


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt




  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 melanieb

melanieb
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 25 February 2010 - 09:32 AM

The scans are attached. The machine hasn't been running any smoother prior to the scans and still I'm finding that keystrokes are not registering. Not sure what that is about. It sure is a pain to have to scan through everything I type and look for missing letters and insert spaces. My keyboard worked fine until this recent infection.

ESETScan.txt
C:\Documents and Settings\Spooky\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-5ad20d46-4b886f44.class Java/TrojanDownloader.OpenStream.NAC trojan cleaned by deleting - quarantined


OTL logfile created on: 2/25/2010 4:01:37 AM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\Los\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 19.27 Gb Free Space | 25.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EDGAR
Current User Name: Los
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/25 03:57:58 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Los\Desktop\OTL.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/17 13:29:04 | 000,806,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2009/09/16 09:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/04 12:16:54 | 000,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/09/04 12:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\ZuneBusEnum.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/25 04:23:12 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/09 23:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/30 23:30:18 | 000,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/01/06 07:58:33 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/06/10 13:56:29 | 001,442,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2008/04/13 18:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wscntfy.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/11 14:33:13 | 000,335,872 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\WDBtnMgr.exe
PRC - [2006/01/19 10:06:18 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
PRC - [2006/01/19 10:06:16 | 000,416,768 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
PRC - [2003/12/10 21:09:34 | 000,046,592 | R--- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe
PRC - [2003/12/03 02:07:00 | 000,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/11/12 12:46:34 | 000,049,152 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\retrorun.exe
PRC - [2003/08/26 19:47:34 | 000,204,800 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2003/08/13 10:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2003/08/06 01:04:00 | 000,114,741 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
PRC - [2003/06/02 05:00:30 | 000,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
PRC - [2003/05/31 18:02:32 | 007,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
PRC - [2003/02/17 17:00:44 | 000,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE
PRC - [2003/02/17 17:00:44 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXPPS.EXE
PRC - [2003/02/17 17:00:36 | 000,086,102 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
PRC - [2003/02/17 17:00:36 | 000,073,806 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
PRC - [2002/10/08 12:00:24 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2000/06/26 07:44:20 | 000,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
PRC - [1999/12/13 01:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/25 03:57:58 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Los\Desktop\OTL.exe
MOD - [2009/04/30 23:31:06 | 001,507,328 | ---- | M] () -- C:\WINDOWS\SYSTEM32\nview.dll
MOD - [2009/04/30 23:30:48 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 10:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/09/04 12:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 12:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/04 12:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/09 23:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/30 23:30:18 | 000,168,004 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
SRV - [2009/04/10 08:12:07 | 000,137,200 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/12/10 21:09:34 | 000,046,592 | R--- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect\wdsvc.exe -- (RetroWDSvc)
SRV - [2003/11/12 12:46:34 | 000,049,152 | ---- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/05/31 18:02:32 | 007,544,916 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -- (MSSQL$MICROSOFTBCM)
SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/02/17 17:00:44 | 000,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS)
SRV - [2002/12/17 19:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)
SRV - [2002/10/08 12:00:24 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2000/06/26 07:44:20 | 000,053,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [1999/12/13 01:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE -- (Creative Service for CDROM Access)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1589242380-1789912630-2401800993-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1589242380-1789912630-2401800993-1008\S-1-5-21-1589242380-1789912630-2401800993-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1589242380-1789912630-2401800993-1008\S-1-5-21-1589242380-1789912630-2401800993-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/12 14:37:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/13 20:21:25 | 000,000,000 | ---D | M]

[2009/11/14 10:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Los\Application Data\Mozilla\Extensions
[2010/02/12 15:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Los\Application Data\Mozilla\Firefox\Profiles\vhppbqkd.default\extensions
[2009/11/14 11:58:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Los\Application Data\Mozilla\Firefox\Profiles\vhppbqkd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/14 11:54:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Los\Application Data\Mozilla\Firefox\Profiles\vhppbqkd.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/11/14 10:09:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/07/18 02:12:46 | 000,000,000 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1589242380-1789912630-2401800993-1008\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-1589242380-1789912630-2401800993-1008\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [Dell AIO Printer A940] C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe (Dell Computer Corporation)
O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dla] C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1589242380-1789912630-2401800993-1008..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1589242380-1789912630-2401800993-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1589242380-1789912630-2401800993-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1589242380-1789912630-2401800993-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1589242380-1789912630-2401800993-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1589242380-1789912630-2401800993-1008_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Los\Start Menu\Programs\>IMVU\Run IMVU.lnk File not found
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1589242380-1789912630-2401800993-1008\..Trusted Domains: 29 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1209335544265 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://download.shockwave.com/pub/otoy/OTOYAX.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.93.41.127 24.93.41.128
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Los\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Los\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (ntoskrnl.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 13:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2003/12/03 01:35:38 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173310768939008)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/25 03:57:57 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Los\Desktop\OTL.exe
[2010/02/24 22:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/21 23:56:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/21 23:53:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/21 23:53:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/21 23:53:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/21 23:53:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/21 23:52:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/21 23:51:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/20 20:35:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Los\My Documents\Bleeping
[2010/02/16 12:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Los\Application Data\DivX
[2010/02/11 17:55:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Los\IECompatCache
[2010/02/11 17:50:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Los\PrivacIE
[2010/02/11 17:04:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Los\IETldCache
[2010/02/11 16:55:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/02/11 16:52:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/11/29 22:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/29 22:50:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/11/27 07:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2004/05/02 00:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2003/12/03 02:05:53 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2003/12/03 01:38:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2003/12/03 01:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/25 04:00:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8006E3AF-B8C6-49B5-829E-BF80067F9FEE}.job
[2010/02/25 03:57:58 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Los\Desktop\OTL.exe
[2010/02/25 03:08:34 | 000,000,506 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Los.job
[2010/02/25 02:00:19 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Los.job
[2010/02/25 01:00:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Spooky.job
[2010/02/24 22:22:30 | 000,031,019 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/02/24 22:16:53 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/02/24 22:16:47 | 000,063,839 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/24 22:16:20 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/24 22:15:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/24 22:14:58 | 000,002,048 | ---- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/02/24 22:14:55 | 2146,488,320 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/24 09:52:47 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\Los\ntuser.dat
[2010/02/24 09:52:09 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Los\NTUSER.INI
[2010/02/22 00:14:04 | 000,000,319 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/21 23:56:51 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/02/21 23:47:14 | 003,868,001 | R--- | M] () -- C:\Documents and Settings\Los\Desktop\schrauber.exe
[2010/02/21 14:50:13 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/21 04:54:48 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/20 21:09:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Los\Desktop\v3t48xcv.exe
[2010/02/20 20:45:21 | 000,004,733 | ---- | M] () -- C:\Documents and Settings\Los\Desktop\Attach-Melanieb.zip
[2010/02/16 18:24:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Los\defogger_reenable
[2010/02/16 18:23:04 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Los\Desktop\Defogger.exe
[2010/02/16 12:46:46 | 000,071,680 | ---- | M] () -- C:\Documents and Settings\Los\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/15 01:34:47 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/02/11 17:07:38 | 000,463,200 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/02/11 17:07:37 | 000,554,440 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/11 17:07:37 | 000,080,226 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/02/11 17:00:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/11 07:03:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/21 23:56:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/21 23:56:48 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/21 23:53:03 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/21 23:53:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/21 23:53:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/21 23:53:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/21 23:53:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/21 23:47:09 | 003,868,001 | R--- | C] () -- C:\Documents and Settings\Los\Desktop\schrauber.exe
[2010/02/21 10:11:52 | 2146,488,320 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/20 21:09:44 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Los\Desktop\v3t48xcv.exe
[2010/02/20 20:45:21 | 000,004,733 | ---- | C] () -- C:\Documents and Settings\Los\Desktop\Attach-Melanieb.zip
[2010/02/16 18:24:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Los\defogger_reenable
[2010/02/16 18:23:04 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Los\Desktop\Defogger.exe
[2009/04/30 23:31:06 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/04/30 23:31:06 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/04/30 23:31:06 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/04/30 23:31:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/17 02:04:19 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/12/25 18:55:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2006/11/29 19:35:10 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/06/29 13:12:24 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/06/29 13:12:22 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/19 09:52:08 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/15 14:35:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/11/22 10:11:54 | 000,002,317 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini
[2005/06/11 11:40:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/05/28 18:48:02 | 000,000,030 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2004/08/09 23:12:59 | 000,000,073 | ---- | C] () -- C:\WINDOWS\webica.ini
[2004/05/26 18:05:25 | 000,000,089 | ---- | C] () -- C:\WINDOWS\DWPICKY.INI
[2004/05/20 16:16:36 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\TTSServer.dll
[2004/01/31 18:22:16 | 000,000,103 | ---- | C] () -- C:\WINDOWS\CTRec.INI
[2004/01/04 16:59:29 | 000,022,391 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/01/03 17:45:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LiveBilliardsDemo.INI
[2003/12/31 19:11:50 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Los\Local Settings\Application Data\fusioncache.dat
[2003/12/27 20:56:59 | 000,000,567 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2003/12/20 12:25:56 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2003/12/20 12:25:55 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2003/12/20 12:25:37 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2003/12/14 21:55:04 | 000,071,680 | ---- | C] () -- C:\Documents and Settings\Los\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/12/14 18:48:59 | 000,000,032 | ---- | C] () -- C:\WINDOWS\basefx.INI
[2003/12/10 18:17:43 | 000,002,200 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2003/12/10 18:14:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2003/12/10 18:00:40 | 000,001,055 | ---- | C] () -- C:\WINDOWS\disney.ini
[2003/12/10 18:00:01 | 000,000,206 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2003/12/03 02:23:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/12/03 02:14:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/12/03 02:06:08 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/12/03 02:05:53 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/12/03 02:05:53 | 000,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2003/12/03 02:05:53 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2003/12/03 02:05:53 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2003/12/03 02:05:53 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/12/03 02:05:19 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/12/03 01:51:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/12/03 01:39:02 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/10/16 15:50:50 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/08/13 23:13:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/02/17 17:00:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbavs.dll
[2003/02/17 17:00:36 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\dlbacoin.ini
[2003/02/05 11:11:12 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\DLBAPLC.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/07/27 01:13:02 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1980/01/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2007/05/15 07:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2007/05/22 18:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2004/04/24 08:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/01/07 12:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/02/16 11:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2010/02/08 09:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/03/28 17:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/02 14:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens
[2007/09/16 10:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/01/12 14:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2007/07/11 00:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Los\Application Data\IMVU
[2003/12/14 18:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Los\Application Data\Jasc
[2008/10/12 11:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Los\Application Data\Juniper Networks
[2005/04/24 09:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Los\Application Data\Musicmatch
[2006/02/19 17:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Los\Application Data\My Battle for Middle-earth™ II Demo Files
[2006/01/07 12:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Los\Application Data\NCH Swift Sound
[2007/11/22 15:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Los\Application Data\Pogo Games
[2006/01/07 12:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Los\Application Data\RecordPad
[2005/06/12 11:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Los\Application Data\School Zone Preferences
[2008/06/29 10:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Los\Application Data\SoundSpectrum
[2009/09/23 17:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Los\Application Data\W Photo Studio Viewer
[2006/05/17 20:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Los\Application Data\Walgreens
[2006/02/23 13:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omma\Application Data\My Battle for Middle-earth™ II Demo Files
[2006/01/09 10:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Omma\Application Data\NCH Swift Sound
[2007/05/15 07:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spooky\Application Data\FloodLightGames
[2004/08/09 23:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spooky\Application Data\ICAClient
[2003/12/09 22:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spooky\Application Data\Jasc
[2009/03/11 13:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spooky\Application Data\Juniper Networks
[2004/04/20 18:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spooky\Application Data\Leadertech
[2007/10/23 16:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spooky\Application Data\NCH Swift Sound
[2008/07/09 15:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spooky\Application Data\Paltalk
[2008/07/12 08:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spooky\Application Data\SBTT
[2005/05/10 17:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spooky\Application Data\School Zone Preferences
[2008/05/05 17:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spooky\Application Data\Snapfish
[2008/10/02 23:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spooky\Application Data\SoundSpectrum
[2008/03/28 17:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spooky\Application Data\Viewpoint
[2008/09/02 14:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spooky\Application Data\W Photo Studio
[2008/09/02 14:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spooky\Application Data\W Photo Studio Viewer
[2008/09/02 14:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spooky\Application Data\Walgreens
[2008/03/30 09:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\MusicNet
[2004/12/04 11:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\School Zone Preferences
[2008/09/02 17:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\W Photo Studio
[2010/02/15 01:34:47 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/02/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/02/25 04:00:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8006E3AF-B8C6-49B5-829E-BF80067F9FEE}.job
[2010/02/24 22:16:53 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2003/10/02 17:36:24 | 000,507,904 | ---- | M] (Jasc Software) -- C:\Player.exe


< MD5 for: AGP440.SYS >
[2006/05/10 22:36:22 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2009/03/11 15:07:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2006/05/10 22:36:22 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/03/11 15:07:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 13:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2006/05/10 22:36:22 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2009/03/11 15:07:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2006/05/10 22:36:22 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/03/11 15:07:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2003/04/23 09:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 01:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2002/08/29 05:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002/08/29 05:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2004/08/04 01:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2002/08/29 05:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54997B77
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48F85300
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8342E7B
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DBABC836
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3F95A98
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
< End of report >



OTL Extras logfile created on: 2/25/2010 4:01:37 AM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\Los\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 19.27 Gb Free Space | 25.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EDGAR
Current User Name: Los
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE File not found
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE File not found
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 File not found
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 File not found
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 File not found
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 File not found
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" File not found
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"64229:TCP" = 64229:TCP:*:Enabled:Services
"6615:TCP" = 6615:TCP:*:Enabled:Services
"80:TCP" = 80:TCP:*:Enabled:Services
"9663:TCP" = 9663:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9999:TCP" = 9999:TCP:LocalSubNet:Enabled:DNA
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"64229:TCP" = 64229:TCP:*:Enabled:Services
"6615:TCP" = 6615:TCP:*:Enabled:Services
"9663:TCP" = 9663:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\WINDOWS\SYSTEM32\LEXPPS.EXE" = C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.)
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)
"C:\Program Files\SoundSpectrum\G-Force\G-Force Standalone.exe" = C:\Program Files\SoundSpectrum\G-Force\G-Force Standalone.exe:*:Enabled:G-Force Standalone -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{0319B53F-FAE5-4811-B0B3-19CC1F8E674E}" = The Go Ronald Games
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0867A478-1095-4CF5-9B8D-4F7E5F05D5BB}" = CANON USB Video Driver
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = The Sims Deluxe Edition
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A5488D7-314D-4CBC-89BF-C5B59510BDBA}" = Finding Nemo
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{287A4E96-AC57-4A19-9B51-C5EED2EAB382}" = Star Trek Legacy
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4468EF97-A253-4699-9E1C-88CAE2C6832D}" = ABBYY FineReader 5.0 Sprint
"{44E24545-F317-4498-B7CD-240DE7BA8DE2}" = RAW Image Task
"{48F3C40A-024C-40B4-AEA3-44EB70BA4EFF}" = Evil Dead Regeneration
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{5C74694C-A687-E3EB-FF18-B018D4A76ECD}" = Adobe Media Player
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{625BD732-ACDF-4552-BF22-98EBB413B6F3}" = McAfee Shredder
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{6774F0CF-C7DD-4CB4-BCB2-11C3E08BBA03}" = McAfee Shredder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{73B69C5C-87D6-471E-B695-0BD736C4B644}" = Retrospect 6.5
"{7774A6A9-CE0D-4544-9A29-84351BAE184A}" = Shrek 2
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D1CE80E-3EAE-441E-BE97-625F9ABD07D9}" = Myst Masterpiece Edition
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112614887}" = Big City Adventure San Francisco
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112930333}" = Lottso! Deluxe
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}" = EarthLink Setup Files
"{9B79DCB0-AAD7-456B-8D07-433C936FA24B}" = DS21Patch
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 7.0 Professional Edition
"{abe7844e-4d49-4c7e-9d03-7329a6b9feac}.sdb" = Dorling Kindersley Application Database v1.4
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B89E1677-3C92-4C03-8901-2CD3EC34D664}" = TetrisZone
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
"{CAEAD13D-5A84-4cee-8364-F185C65B37A7}" = The Battle for Middle-earth ™ II Demo
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBF3C503-946E-45EA-B347-EACC41781989}" = W Photo Studio
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
"{E6380875-C349-4CAD-B331-FF22632D44D4}" = Big Green Help
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"3D Dinoworld" = 3D Dinoworld
"3DGroove" = OTOY
"Ad-aware 6 Personal" = Ad-aware 6 Personal
"Adobe Acrobat Reader 3.01" = Adobe Acrobat Reader 3.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)
"America Online us" = America Online
"AolCoach" = AOL Coach Version 1.0(Build:20020823.1)
"Arthur's Computer Adventure 1.0" = Arthur's Computer Adventure
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"BroadJump Client Foundation" = BroadJump Client Foundation
"Citrix ICA Web Client" = Citrix ICA Web Client
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crazy Minesweeper 2.01" = Crazy Minesweeper 2.01
"Crime Puzzle" = Crime Puzzle 1.0
"D.W. the Picky Eater 1.0" = D.W. the Picky Eater
"Dell AIO Printer A940" = Dell AIO Printer A940
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dinosaur Hunter 2.0" = Dinosaur Hunter 2.0
"DivX Player" = DivX Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Dragons_is1" = Dragons 7.0
"Ease Audio Converter_is1" = Ease Audio Converter 2.70
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressRip" = Express Rip Uninstall
"FA Phonics Made Easy" = FA Phonics Made Easy
"Fantasy Tetrix" = Fantasy Tetrix
"Feeding Frenzy 2: Shipwreck Showdown" = Feeding Frenzy 2: Shipwreck Showdown
"G-Force" = G-Force
"Gorilla 2" = Gorilla 2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0319B53F-FAE5-4811-B0B3-19CC1F8E674E}" = The Go Ronald Games
"InstallShield_{0867A478-1095-4CF5-9B8D-4F7E5F05D5BB}" = CANON USB Video Driver
"InstallShield_{1A5488D7-314D-4CBC-89BF-C5B59510BDBA}" = Finding Nemo
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{44E24545-F317-4498-B7CD-240DE7BA8DE2}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"InstallShield_{7774A6A9-CE0D-4544-9A29-84351BAE184A}" = Shrek 2
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
"Just Grandma and Me" = Just Grandma and Me
"Kid Pix Deluxe 3" = Kid Pix Deluxe 3
"Lost Fractal Screen Saver" = Lost Fractal Screen Saver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NingPo MahJong Deluxe 1.04" = NingPo MahJong Deluxe 1.04
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PacBomber" = PacBomber
"Personalized Learning Center" = Personalized Learning Center
"PROSet" = Intel® PRO Network Adapters and Drivers
"Q903235" = Internet Explorer Q903235
"Reader Rabbit Thinking Adventures Ages 4-6" = Reader Rabbit Thinking Adventures Ages 4-6
"RealPlayer 6.0" = RealOne Player
"RecordPad" = RecordPad Sound Recorder Uninstall
"Shockwave" = Shockwave
"SpongeBob Atlantis SquareOff" = SpongeBob Atlantis SquareOff
"SpongeBob SquarePants Obstacle Odyssey 2" = SpongeBob SquarePants Obstacle Odyssey 2
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SpywareBlaster_is1" = SpywareBlaster v3.5.1
"Starships in Flight" = Starships in Flight Screen Saver
"Super Collapse II_is1" = Super Collapse II
"Switch" = Switch Uninstall
"The Cat in the Hat" = The Cat in the Hat
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Uru - Ages Beyond Myst" = Uru - Ages Beyond Myst
"VCast Music Essentials Manager" = V CAST Music Manager
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"WavePad" = WavePad Uninstall
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wintris" = Wintris
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail AutoComplete" = Yahoo! Address AutoComplete
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1589242380-1789912630-2401800993-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/24/2010 9:53:33 AM | Computer Name = EDGAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/24/2010 9:53:33 AM | Computer Name = EDGAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/24/2010 9:53:33 AM | Computer Name = EDGAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/24/2010 9:53:34 AM | Computer Name = EDGAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/24/2010 9:53:34 AM | Computer Name = EDGAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/24/2010 9:53:34 AM | Computer Name = EDGAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/24/2010 9:53:34 AM | Computer Name = EDGAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/24/2010 9:53:41 AM | Computer Name = EDGAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/24/2010 9:53:42 AM | Computer Name = EDGAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/24/2010 9:53:43 AM | Computer Name = EDGAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 2/21/2010 8:53:29 AM | Computer Name = EDGAR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/21/2010 12:14:05 PM | Computer Name = EDGAR | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 2/24/2010 9:56:34 AM | Computer Name = EDGAR | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service
to connect.

Error - 2/24/2010 9:56:34 AM | Computer Name = EDGAR | Source = Service Control Manager | ID = 7000
Description = The McAfee SystemGuards service failed to start due to the following
error: %%1053

Error - 2/24/2010 10:19:07 AM | Computer Name = EDGAR | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 2/24/2010 10:19:07 AM | Computer Name = EDGAR | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the iPod Service service
to connect.

Error - 2/24/2010 10:19:07 AM | Computer Name = EDGAR | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%1053

Error - 2/25/2010 12:18:43 AM | Computer Name = EDGAR | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 2/25/2010 12:18:43 AM | Computer Name = EDGAR | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the iPod Service service
to connect.

Error - 2/25/2010 12:18:43 AM | Computer Name = EDGAR | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%1053


< End of report >


#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:49 PM

Posted 25 February 2010 - 02:34 PM

Hi,

can you please explain the problem with the keystrokes?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 melanieb

melanieb
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 26 February 2010 - 12:47 AM

When I type a message or document such as this forum response, frequently keys will not register as being struck even though I press them with normal pressure, and there is no foreign debris in my keyboard. The problem began about the same time as the other computer issues showed up - page redirects, slower performance, etc.

It has been inconvenient over the last week typing messages here, having to proofread messages before hitting the Add Reply button. I have to check each message for words with missing letters or places where the space bar did not register being pressed and two words are placed together.

If it was the same characters each time I would put it down to a keyboard fault or a need to clean, but there seems to be no pattern to which keys are affected and when the affliction strikes.

So far in this message character mistakes have not been a problem, part of the reason why I've written such a long message, attempting to make sure that the problem is not occurring right now. To date, it has been an issue with every message I have posted on these forums. Currently the interface just seems slower than it should but no mistakes have become apparent. mellow.gif I'm even able to post smileys and view all of the available smileys, an action which crashed my computer when I attempted it several days ago. dry.gif

How is our progress now?

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:49 PM

Posted 27 February 2010 - 07:10 AM

Let's try this:

We need to repair some of windows' internal registration settings
  1. Please download Dial-A-Fix from one of the following mirrors:
  2. Extract the zip file to your desktop.
  3. Double click Dial-a-Fix.exe to start the program.
  4. Press the green double checkmark box (Looks like this: )
  5. UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
  6. When the window looks like this, press the GO button in the bottom of the window.
  7. Exit/Close Dial-A-Fix

Edited by schrauber, 27 February 2010 - 07:10 AM.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 melanieb

melanieb
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 28 February 2010 - 05:25 PM

I ran Dial-A-Fix as requested. Your post did not mention whether I should restart afterwards so I have not yet done so.

During the Explorer/IE//OE/shell/WMP portion I received numerous Error 127 codes related to my version of Internet Explorer. I noticed in DJLizard's blog an older post stating that a fix related to these errors would be coming in a future release of Dial-A-Fix but clearly that hasn't happened yet.

I made notes of each of the errors and which .dll files were listed. If you would like me to list the files individually just let me know.


Now what? huh.gif

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:49 PM

Posted 01 March 2010 - 02:37 PM

Hi,

How is it running now?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 melanieb

melanieb
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 02 March 2010 - 05:08 PM

It seems to be running a lot better, certainly faster at start-up. I was forced to shut down and start back up after I plugged my internet connection back in to check posts here but Internet Explorer would not start and Task Manager would not open and gave an error of Windows Application Error (App. Failed to Initialize properly 0xc0000017, click on OK blah-blah-blah).

I shut down and started back up and it's running smooth so far (a whopping 8 minutes now) and I had no problems connecting to my bank, but I haven't done anything else.


If all is well, and assuming you don't request additional actions (not ruling them out, of course), I would really like any advice on protecting myself from this problem happening again. This is the first time I've ever been truly crippled with my machine to the point I needed outside help and I'd like to keep it operating a while longer, before I upgrade to the latest and greatest and pass this one on to my son (who will likely spend half his time on questionable internet sites).






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users