Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spams from Address Book


  • This topic is locked This topic is locked
11 replies to this topic

#1 dland

dland

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 24 April 2010 - 12:10 PM

A bunch of spam emails were just sent out from my wife's gmail account to people in her address book. This sounds like a pretty common worm that you hear about but I'm not sure if it's on our home computer or her work computer. Just to be sure I would like to post a HiJackThis log to see if anyone can find anything. I did not run the GMER tool because for some reason is locks up my computer.

The HiJackThis log is attached.

Here is the DDS log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Dave at 11:57:45.31 on Sat 04/24/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.216 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\David K. Land\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David K. Land\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David K. Land\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David K. Land\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Documents and Settings\David K. Land\My Documents\downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://ws1.appswebservice.com/index.php?tpid=10292&ttid=104
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
mPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: akamai.net
Trusted Zone: netlibrary.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - hxxps://ampfemail.ampadvisor.aexp.com/whalecom3edc1568260bc92ea750e2095caf45db1022c480/whalecom0/iNotes.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152030466531
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152030460656
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D3CCEFAF-8EE1-40FE-BE25-366E2B016DAB} - hxxp://spicewood.eureka.local:1024/VirtualServer/activex/VMRCActiveXClient.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://zone.msn.com/bingame/feed/default/SproutLauncher.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://webmail.advisorcompass.com/whalecom3edc1568260bc9221b9eda9391f6f19e3e/whalecom0/dwa7W.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://contractors.2wire.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxps://livewc03.custhelp.com/7520-b289h-turbotax/rnl/java/RntX.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
TCP: {C32581FD-4889-4662-8FC7-9C9814552AA3} = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs: c:\docume~1\davidk~1.lan\locals~1\temp\54265kou.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\davidk~1.lan\applic~1\mozilla\firefox\profiles\z7ce7b3d.default\
FF - prefs.js: browser.search.selectedEngine - Dictionary.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://ws1.appswebservice.com/index.php?tpid=10292&ttid=105&st=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\david k. land\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\david k. land\application data\mozilla\firefox\profiles\z7ce7b3d.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07051001.dll
FF - plugin: c:\documents and settings\david k. land\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");

============= SERVICES / DRIVERS ===============

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-22 93320]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\23c.tmp --> c:\windows\system32\23C.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2004-10-29 32000]
S3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S3 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800]
S3 PacketNTx;Packet helper driver;c:\windows\system32\drivers\PacketNTx.sys [2004-8-22 24544]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [2002-9-9 17018]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?]

=============== Created Last 30 ================

2010-04-15 03:26:43 456704 -c----w- c:\windows\system32\dllcache\smtpsvc.dll
2010-03-30 01:32:28 0 d-----w- C:\oraclexe
2010-03-28 06:18:31 0 d-----w- c:\docume~1\davidk~1.lan\applic~1\TightVNC
2010-03-28 06:18:23 0 d-----w- c:\program files\TightVNC

==================== Find3M ====================

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 14:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-01-30 23:19:58 58996 ---ha-w- c:\windows\system32\mlfcache.dat
2009-02-13 05:07:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009021220090213\index.dat

============= FINISH: 11:59:25.46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:06:30 PM

Posted 29 April 2010 - 12:12 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 dland

dland
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 30 April 2010 - 08:23 PM


DDS (Ver_10-03-17.01) - NTFSx86
Run by Dave at 20:20:37.07 on Fri 04/30/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.349 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Cisco Systems\VPN Client\ipseclog.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\David K. Land\My Documents\downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://ws1.appswebservice.com/index.php?tpid=10292&ttid=104
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRunOnce: [MPlayer2_FixUp] c:\windows\inf\unregmp2.exe /Fixups
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
mPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: akamai.net
Trusted Zone: netlibrary.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - hxxps://ampfemail.ampadvisor.aexp.com/whalecom3edc1568260bc92ea750e2095caf45db1022c480/whalecom0/iNotes.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152030466531
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152030460656
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D3CCEFAF-8EE1-40FE-BE25-366E2B016DAB} - hxxp://spicewood.eureka.local:1024/VirtualServer/activex/VMRCActiveXClient.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://zone.msn.com/bingame/feed/default/SproutLauncher.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://webmail.advisorcompass.com/whalecom3edc1568260bc9221b9eda9391f6f19e3e/whalecom0/dwa7W.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://contractors.2wire.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxps://livewc03.custhelp.com/7520-b289h-turbotax/rnl/java/RntX.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
TCP: {C32581FD-4889-4662-8FC7-9C9814552AA3} = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs: c:\docume~1\davidk~1.lan\locals~1\temp\54265kou.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\davidk~1.lan\applic~1\mozilla\firefox\profiles\z7ce7b3d.default\
FF - prefs.js: browser.search.selectedEngine - Dictionary.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://ws1.appswebservice.com/index.php?tpid=10292&ttid=105&st=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\david k. land\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\david k. land\application

data\mozilla\firefox\profiles\z7ce7b3d.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07051001.dll
FF - plugin: c:\documents and settings\david k. land\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js -

pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");

============= SERVICES / DRIVERS ===============

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-22 93320]
R3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\23c.tmp --> c:\windows\system32\23C.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2004-10-29 32000]
S3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe -->

c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S3 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800]
S3 PacketNTx;Packet helper driver;c:\windows\system32\drivers\PacketNTx.sys [2004-8-22 24544]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [2002-9-9 17018]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe xe -->

c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?]

=============== Created Last 30 ================

2010-04-28 01:36:55 0 d-----w- C:\lce computer
2010-04-27 13:25:54 0 d-----w- c:\program files\Windows Media Connect 2
2010-04-27 13:24:56 3462 ----a-w- c:\windows\system32\spupdsvc.inf
2010-04-15 03:26:43 456704 -c----w- c:\windows\system32\dllcache\smtpsvc.dll

==================== Find3M ====================

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-17 14:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-02-13 05:07:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012009021220090213\index.dat

============= FINISH: 20:22:10.26 ===============

Attached Files



#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:30 PM

Posted 02 May 2010 - 12:35 AM

Hi dland,



Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. welcome.gif
My name is sundavis, I will be helping you to deal with your Malware problems today.


Step1

Please download GMER Rootkit Scanner from Here or Here.
  1. Extract the contents of the zipped file to desktop.
  2. Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  3. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  4. In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  5. Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  6. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Step2
  1. Please download OTL and save it to your desktop.
  2. Double click on the icon on your desktop.
  3. Click the "Scan All Users" checkbox.
  4. Click the "Quick Scan" button.
  5. Two reports will open, OTListIt.txt <-- Will be opened and Extra.txt <-- Will be minimized
  6. Copy and paste both logs back here in your next reply.

In your next reply, please post back:

1.Gmer log
2.OTListIt.txt and Extra.txt Thanks.

#5 dland

dland
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 02 May 2010 - 10:06 AM

Hi, thanks for taking the time to help me out. Unfortunately, I can't run GMER because it locks up my computer. If you have another root kit detection tool you know of, I would be fine trying that out.

Here are the OTL logs:

OTL logfile created on: 5/2/2010 10:00:09 AM - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Documents and Settings\David K. Land\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 361.00 Mb Available Physical Memory | 47.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): c:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.71 Gb Total Space | 9.65 Gb Free Space | 8.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DLAND
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/02 09:59:39 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David K. Land\Desktop\OTL.exe
PRC - [2010/04/18 23:30:02 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/23 16:57:18 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/12/19 00:56:14 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 00:53:40 | 000,423,280 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2007/10/26 15:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2002/04/03 03:01:00 | 000,135,264 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe


========== Modules (SafeList) ==========

MOD - [2010/05/02 09:59:39 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David K. Land\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/12/23 16:57:18 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/02/28 00:53:40 | 000,423,280 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/10/26 15:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/02/02 00:51:06 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)
SRV - [2006/02/02 00:49:14 | 000,204,800 | ---- | M] () [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener)
SRV - [2006/02/02 00:47:28 | 000,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2006/02/02 00:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)
SRV - [2006/02/02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)
SRV - [2004/10/29 18:29:16 | 000,086,016 | ---- | M] (NetGroup - Politecnico di Torino) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2002/01/05 07:45:27 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio .NET\Common7\Tools\Analyzer\varpc.exe -- (Visual Studio Analyzer RPC bridge)
SRV - [2000/08/06 03:50:20 | 007,442,493 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV - [2000/08/06 03:50:18 | 000,303,170 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.exe -- (SQLSERVERAGENT)


========== Driver Services (SafeList) ==========

DRV - [2009/05/05 22:31:08 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/05/16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/05/06 01:01:28 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/28 00:38:12 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2007/10/26 15:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/01/31 14:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/08/11 16:56:32 | 000,515,456 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys -- (SndTDriverV32)
DRV - [2006/06/21 11:47:36 | 000,015,488 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/01/26 11:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/10/29 18:14:04 | 000,032,000 | ---- | M] (NetGroup - Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2004/08/22 17:57:40 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2004/08/22 17:57:40 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2004/08/22 17:57:40 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2004/08/22 17:57:40 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/12/17 14:32:58 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2002/12/17 14:32:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/12/17 14:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/09/09 13:53:50 | 000,017,018 | ---- | M] (Intellon, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PLCNDIS5.SYS -- (PLCNDIS5)
DRV - [2002/08/30 11:29:02 | 001,293,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2002/01/23 03:13:26 | 000,024,544 | ---- | M] (Sumix Co.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PacketNTx.sys -- (PacketNTx)
DRV - [2001/08/22 10:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [1999/12/17 03:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-823518204-1482476501-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-823518204-1482476501-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Data = C3 17 11 E0 B2 A4 AC 29 3E F1 D7 B3 41 49 E5 36 F6 FE DE 71 3C 18 BA 0A F9 AA 17 17 FE 78 [binary data]
IE - HKU\S-1-5-21-823518204-1482476501-839522115-1004\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-823518204-1482476501-839522115-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-823518204-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-823518204-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Dictionary.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: max@subfighter.com:1.0.3
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07051001
FF - prefs.js..keyword.URL: "http://ws1.appswebservice.com/index.php?tpid=10292&ttid=105&st="


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/24 16:41:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/18 23:30:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/18 23:30:18 | 000,000,000 | ---D | M]

[2008/06/20 22:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\Mozilla\Extensions
[2010/05/01 12:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\extensions
[2009/09/02 20:01:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/19 09:49:26 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/03/19 09:49:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/19 09:49:25 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/01/08 18:32:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/08 18:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\extensions\max@subfighter.com
[2007/05/25 05:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\extensions\moveplayer@movenetworks.com
[2006/12/30 01:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\extensions\temp
[2008/07/20 19:40:47 | 000,000,891 | ---- | M] () -- C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\searchplugins\dictionarycom.xml
[2007/08/13 23:09:29 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\David K. Land\Application Data\Mozilla\Firefox\Profiles\z7ce7b3d.default\searchplugins\siteadvisor.xml
[2010/05/01 09:57:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/01/05 19:23:00 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2008/09/15 12:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-823518204-1482476501-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-1482476501-839522115-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\.DEFAULT..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-18..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-823518204-1482476501-839522115-1004\..Trusted Domains: akamai.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-823518204-1482476501-839522115-1004\..Trusted Domains: netlibrary.com ([]http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} https://ampfemail.ampadvisor.aexp.com/whale...com0/iNotes.cab (iNotes Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1152030466531 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1152030460656 (MUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D3CCEFAF-8EE1-40FE-BE25-366E2B016DAB} http://spicewood.eureka.local:1024/Virtual...tiveXClient.cab (Microsoft Virtual Server VMRC Control)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://zone.msn.com/bingame/feed/default/SproutLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://webmail.advisorcompass.com/whalecom...ecom0/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://contractors.2wire.com/dana-cached/s...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} https://livewc03.custhelp.com/7520-b289h-tu...l/java/RntX.cab (Live Collaboration)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\DOCUME~1\DAVIDK~1.LAN\LOCALS~1\Temp\54265kou.dll) - C:\DOCUME~1\DAVIDK~1.LAN\LOCALS~1\Temp\54265kou.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\David K. Land\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David K. Land\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/22 16:25:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (ntdel.exe mad.dll) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/02 09:59:36 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David K. Land\Desktop\OTL.exe
[2010/04/27 20:36:55 | 000,000,000 | ---D | C] -- C:\lce computer
[2010/04/27 08:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/04/27 08:23:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/03/29 20:32:28 | 000,000,000 | ---D | C] -- C:\oraclexe
[2010/03/28 01:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David K. Land\Application Data\TightVNC
[2010/03/28 01:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\TightVNC
[2010/03/23 23:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David K. Land\Desktop\Phone Usage
[2010/03/16 22:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David K. Land\Application Data\Dev-Cpp
[2010/03/16 22:36:07 | 000,000,000 | ---D | C] -- C:\cygnus
[2010/03/16 22:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\GnuWin32
[2010/03/16 22:35:24 | 000,000,000 | ---D | C] -- C:\Dev-Cpp
[2010/02/27 01:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David K. Land\.idlerc
[2010/02/27 01:09:36 | 000,000,000 | ---D | C] -- C:\Python26
[2010/02/24 20:50:28 | 000,077,824 | ---- | C] (Jone/Stone Productions) -- C:\Documents and Settings\David K. Land\Desktop\Weird Metronome.exe
[2010/02/14 13:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David K. Land\My Documents\Taxes - 2009
[2010/02/14 11:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David K. Land\Application Data\Facebook
[2004/08/22 16:45:21 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/02 09:59:39 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David K. Land\Desktop\OTL.exe
[2010/05/02 01:19:00 | 000,000,992 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1482476501-839522115-1004UA.job
[2010/05/01 23:53:55 | 000,663,148 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/01 23:53:55 | 000,159,660 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/01 23:53:55 | 000,006,028 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/01 21:33:17 | 000,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/01 21:31:41 | 000,183,443 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/01 21:31:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/01 21:31:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/01 20:19:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1482476501-839522115-1004Core.job
[2010/04/29 18:58:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/27 08:26:12 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/27 08:26:12 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/27 08:26:03 | 000,000,898 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/27 08:24:52 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/27 08:23:34 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/04/26 18:44:41 | 000,011,846 | ---- | M] () -- C:\Documents and Settings\David K. Land\Desktop\Menu.docx
[2010/04/26 18:43:39 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\David K. Land\Local Settings\Application Data\housecall.guid.cache
[2010/04/23 23:55:03 | 014,155,776 | ---- | M] () -- C:\Documents and Settings\David K. Land\ntuser.dat
[2010/04/23 23:55:03 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\David K. Land\ntuser.ini
[2010/04/21 20:27:13 | 000,097,280 | ---- | M] () -- C:\Documents and Settings\David K. Land\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/10 00:23:22 | 000,025,568 | ---- | M] () -- C:\Documents and Settings\David K. Land\My Documents\David K. Land - Resume.docx
[2010/04/02 23:19:04 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\David K. Land\Desktop\newmansown.rdp
[2010/03/31 23:33:47 | 000,001,946 | -H-- | M] () -- C:\Documents and Settings\David K. Land\My Documents\Default.rdp
[2010/03/28 18:17:57 | 000,000,381 | ---- | M] () -- C:\Documents and Settings\David K. Land\Desktop\anubis.vnc
[2010/03/28 01:37:35 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\David K. Land\Local Settings\Application Data\PUTTY.RND
[2010/03/27 15:23:54 | 000,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2010/03/09 01:00:36 | 000,011,626 | ---- | M] () -- C:\Documents and Settings\David K. Land\My Documents\Automobile Bill of Sale.docx
[2010/02/24 20:42:15 | 000,000,150 | ---- | M] () -- C:\WINDOWS\MetroTimer.ini
[2010/02/14 14:32:19 | 011,836,615 | R--- | M] () -- C:\Documents and Settings\David K. Land\My Documents\My Money Backup_2010-02-14_133215.mbf
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/27 08:23:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/04/26 18:43:39 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\David K. Land\Local Settings\Application Data\housecall.guid.cache
[2010/03/28 18:17:53 | 000,000,381 | ---- | C] () -- C:\Documents and Settings\David K. Land\Desktop\anubis.vnc
[2010/03/09 00:54:16 | 000,011,626 | ---- | C] () -- C:\Documents and Settings\David K. Land\My Documents\Automobile Bill of Sale.docx
[2010/02/24 20:34:36 | 000,000,150 | ---- | C] () -- C:\WINDOWS\MetroTimer.ini
[2010/02/14 14:32:17 | 011,836,615 | R--- | C] () -- C:\Documents and Settings\David K. Land\My Documents\My Money Backup_2010-02-14_133215.mbf
[2009/09/25 20:08:10 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2009/05/05 22:31:05 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/11/14 22:20:09 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\nvwrsda.dll
[2007/10/26 15:28:18 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/10/26 15:28:04 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/08/02 14:18:26 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/08/02 14:16:31 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/08/02 14:16:30 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/04/05 23:34:17 | 000,000,220 | ---- | C] () -- C:\WINDOWS\bucket.ini
[2007/04/02 21:38:56 | 000,000,915 | ---- | C] () -- C:\WINDOWS\MD_MicroDiffs.INI
[2007/04/02 21:38:56 | 000,000,915 | ---- | C] () -- C:\WINDOWS\MD_MacroDiffs.INI
[2007/04/02 21:36:39 | 000,000,026 | ---- | C] () -- C:\WINDOWS\SW_Win2000X16.DLL
[2007/04/02 21:36:14 | 000,000,078 | ---- | C] () -- C:\WINDOWS\SW_Win2000X9.DLL
[2007/02/17 21:43:32 | 000,000,219 | ---- | C] () -- C:\WINDOWS\VgsPlayer.INI
[2006/10/22 12:22:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/09 22:19:08 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/06/30 13:35:34 | 000,013,199 | ---- | C] () -- C:\WINDOWS\HYS.INI
[2006/06/24 15:32:57 | 000,000,115 | ---- | C] () -- C:\WINDOWS\ANTSWLIB.INI
[2005/03/05 01:39:56 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2004/12/15 11:20:28 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\Cktm.dll
[2004/11/03 01:07:52 | 000,000,032 | ---- | C] () -- C:\WINDOWS\FMX.INI
[2004/10/20 23:32:39 | 000,004,241 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/10/16 02:05:59 | 000,000,425 | ---- | C] () -- C:\WINDOWS\dmwd.ini
[2004/09/12 14:23:14 | 000,000,039 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/09/12 14:03:05 | 000,000,060 | ---- | C] () -- C:\WINDOWS\Wuhxedkv.ini
[2004/09/12 14:02:18 | 000,000,045 | ---- | C] () -- C:\WINDOWS\BECIKHII.ini
[2004/08/26 17:24:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2004/08/26 17:23:25 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2004/08/26 17:23:24 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2004/08/26 17:22:52 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2004/08/26 17:22:46 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2004/08/26 17:22:46 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2004/08/26 17:22:37 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2004/08/22 17:12:12 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/22 17:03:31 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/22 16:45:57 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/08/22 16:45:22 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2004/08/22 16:45:22 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2004/08/22 16:45:22 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/08/22 16:45:19 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2004/08/22 16:45:19 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2004/08/22 16:45:18 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2004/08/22 16:44:29 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/01/15 09:01:26 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/05/11 17:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.DLAND\Application Data\Juniper Networks
[2004/10/16 12:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2007/08/11 00:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/07/18 23:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2010/03/27 15:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2005/01/01 13:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/09/12 21:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softomotive
[2009/12/05 07:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2007/11/24 09:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\Amazon
[2004/12/22 23:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\aodt
[2007/02/17 13:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\BitTorrent
[2009/07/03 00:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\CCS64
[2008/05/18 17:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\CoreFTP
[2009/05/05 22:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\DAEMON Tools
[2010/03/16 22:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\Dev-Cpp
[2010/02/14 11:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\Facebook
[2009/08/23 19:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\id Software
[2008/11/11 21:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\Juniper Networks
[2008/04/12 01:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\Launchy
[2009/12/20 15:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\Orbit
[2007/08/02 14:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\pdf995
[2006/07/29 13:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\Smith Micro
[2006/12/17 15:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\Snapfish
[2005/03/26 23:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\SourceGear
[2010/03/30 00:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\SQL Developer
[2008/07/19 13:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\Subversion
[2010/03/28 01:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\TightVNC
[2006/09/28 18:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\tunebite
[2009/01/10 13:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\W Photo Studio
[2009/01/10 13:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David K. Land\Application Data\W Photo Studio Viewer
[2009/05/11 17:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Juniper Networks
[2008/11/06 18:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Juniper Networks
[2009/08/12 20:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2008/11/02 12:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Juniper Networks
[2007/10/10 12:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara Faraone\Application Data\Grisoft
[2008/10/11 11:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara Faraone\Application Data\Launchy
[2004/08/22 22:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara Faraone\Application Data\Smith Micro
[2005/05/07 00:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test guy\Application Data\Smith Micro

========== Purity Check ==========


< End of report >


OTL Extras logfile created on: 5/2/2010 10:00:09 AM - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Documents and Settings\David K. Land\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 361.00 Mb Available Physical Memory | 47.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): c:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.71 Gb Total Space | 9.65 Gb Free Space | 8.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DLAND
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-823518204-1482476501-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Daphne\DaphneLoader.exe" = C:\Daphne\DaphneLoader.exe:*:Enabled:DaphneLoader -- ()
"C:\Program Files\Taldren\Starfleet Command II - Demo\StarFleet2.exe" = C:\Program Files\Taldren\Starfleet Command II - Demo\StarFleet2.exe:*:Enabled:StarFleet2 -- File not found
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Steam\SteamApps\dland\half-life\hl.exe" = C:\Program Files\Steam\SteamApps\dland\half-life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Steam\SteamApps\dland\opposing force\hl.exe" = C:\Program Files\Steam\SteamApps\dland\opposing force\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Steam\SteamApps\dland\half-life blue shift\hl.exe" = C:\Program Files\Steam\SteamApps\dland\half-life blue shift\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
"C:\Program Files\eclipse\eclipse.exe" = C:\Program Files\eclipse\eclipse.exe:*:Enabled:eclipse -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\STCQA66\wwwroot\cbt.exe" = C:\Program Files\STCQA66\wwwroot\cbt.exe:*:Enabled:Local Web Server -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005F0409-6759-11D5-A54F-0090278A1BB8}" = Visual Studio .NET Enterprise Architect - English
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0DF4DA42-605B-4E19-AE18-D066BD4700C3}" = NHibernate 1.2
"{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}" = Java DB 10.2.2.0
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{1AA69CCD-1078-473A-BD6E-11CE30A81C57}" = NUnit 2.2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3249FD43-B24B-413F-B786-F8FEA32FA747}" = V CAST Music
"{32A3A4F4-B792-11D6-A78A-00B0D0160020}" = Java™ SE Development Kit 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{36BD0774-6CD6-4FF9-A148-83CA09AC123E}" = Intel® PROSafe for Wired Connections
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{403EF592-953B-4794-BCEF-ECAB835C2095}" = Intel® PROSafe for Wired Connections
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E5DD68-5F86-4164-A175-505A29684382}" = MSDE Query
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{771D1A4D-322B-4683-A95C-B505EF09619C}" = NHibernate 1.2 API Documentation
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8398B542-3CC4-44D9-83DF-696CCE70124B}" = Windows Support Tools
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AF79DFD1-04C2-4CE5-9C8F-F60CA3CF01A7}" = NETGEAR XE102 Powerline Ethernet Adapter
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}" = CCS64 V3.7
"{B9158839-EF38-4903-B5F5-68AC3034FE14}" = SourceGear Vault Admin Tool
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BDF820F3-79A6-4ACF-B910-43B26BB894CC}" = Microsoft Network Monitor 3.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DA82F00E-7294-40E7-B7A6-60B4C16C605E}" = Visual Studio.NET Baseline - English
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75}" = Oracle Database 10g Express Edition
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F90DAA33-CADD-4B0B-ADAF-DD2DE21D0710}" = Microsoft Data Access Application Block v2.0 for .NET
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)
"Advanced WMA Workshop_is1" = Advanced WMA Workshop version 2.1
"Agent Ransack_is1" = Agent Ransack Version 1.7.3
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.0+6
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Core FTP LE 2.0" = Core FTP LE 2.0
"CSCLIB" = Canon Camera Support Core Library
"Cygnus Cygwin B20" = Cygwin B20
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"FLVPlayer" = FLV Player 1.3.3
"GameSpy Arcade" = GameSpy Arcade
"HijackThis" = HijackThis 2.0.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImTOO DVD to iPod Converter 5" = ImTOO DVD to iPod Converter 5
"Inside COM" = Inside COM
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"InstallShield_{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75}" = Oracle Database 10g Express Edition
"Juniper Network Connect 6.1.0" = Juniper Networks Network Connect 6.1.0
"KDiff3" = KDiff3 (remove only)
"Launchy_21344213_is1" = Launchy 2.0
"LG USB Drivers" = LG USB Drivers
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Make-3.81_is1" = GnuWin32: Make-3.81
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Microsoft DirectX SDK (March 2009)" = Microsoft DirectX SDK (March 2009)
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2000" = Microsoft SQL Server 2000
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Money2006b" = Microsoft Money 2006
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"neXBC 5.0 Alpha" = neXBC 5.0 Alpha
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NoteWorthy Composer" = NoteWorthy Composer
"NVIDIA Drivers" = NVIDIA Drivers
"OOBOX-XTunerDemo" = Instrument Tuner Demo
"Pdf995" = Pdf995
"PhotoStitch" = Canon Utilities PhotoStitch
"Project Line Counter Addin_is1" = Project Line Counter Addin v2.21
"PROSetDX" = Intel® PRO Network Connections Software v10.0.27.0
"PunkBusterSvc" = PunkBuster Services
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.2
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Riva Producer Lite_is1" = Riva Producer Lite
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SoundTaxi_is1" = SoundTaxi 1.2.0
"Subversion_is1" = Subversion 1.4.6-r28521
"TightVNC 2.0beta1" = TightVNC 2.0beta1
"Visual Studio .NET Enterprise Architect - English" = Microsoft Visual Studio .NET Enterprise Architect - English
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.1 beta4
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XBC 4.1" = XBC 4.1
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-823518204-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Steam App 130" = Half-Life: Blue Shift
"Steam App 20" = Team Fortress Classic
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 50" = Opposing Force
"Steam App 70" = Half-Life

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/21/2009 9:14:09 AM | Computer Name = DLAND | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET (ASP.NET)
failed. The Error code is the first DWORD in Data section.

Error - 8/21/2009 9:29:36 AM | Computer Name = DLAND | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 8/21/2009 9:29:36 AM | Computer Name = DLAND | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET_2.0.50727
(ASP.NET_2.0.50727) failed. The Error code is the first DWORD in Data section.

Error - 8/21/2009 9:29:48 AM | Computer Name = DLAND | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 8/21/2009 9:29:48 AM | Computer Name = DLAND | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service aspnet_state
(ASP.NET State Service) failed. The Error code is the first DWORD in Data section.

Error - 8/21/2009 9:29:49 AM | Computer Name = DLAND | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 8/21/2009 9:29:49 AM | Computer Name = DLAND | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET (ASP.NET)
failed. The Error code is the first DWORD in Data section.

Error - 8/23/2009 6:39:08 PM | Computer Name = DLAND | Source = MsiInstaller | ID = 11704
Description = Product: WinAutomation -- Error 1704. An installation for Microsoft
Visual Studio 2008 Professional Edition - ENU is currently suspended. You must
undo the changes made by that installation to continue. Do you want to undo those
changes?

Error - 8/24/2009 11:36:02 PM | Computer Name = DLAND | Source = MsiInstaller | ID = 11704
Description = Product: V CAST Music -- Error 1704.An installation for Microsoft
Visual Studio 2008 Professional Edition - ENU is currently suspended. You must
undo the changes made by that installation to continue. Do you want to undo those
changes?

Error - 8/26/2009 12:50:53 AM | Computer Name = DLAND | Source = MsiInstaller | ID = 11705
Description = Product: Microsoft Visual Studio 2008 Professional Edition - ENU --
Error 1705.A previous installation for this product is in progress. You must undo
the changes made by that installation to continue. Do you want to undo those changes?

[ System Events ]
Error - 4/24/2010 2:53:19 AM | Computer Name = DLAND | Source = Service Control Manager | ID = 7022
Description = The SQL Server VSS Writer service hung on starting.

Error - 4/24/2010 2:53:19 AM | Computer Name = DLAND | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).

Error - 4/27/2010 8:49:15 AM | Computer Name = DLAND | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 4/27/2010 3:32:19 PM | Computer Name = DLAND | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0007E9EE5C8D has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/27/2010 9:18:15 PM | Computer Name = DLAND | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
D1LAND that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C32581FD-4889-4662-8F.
The
master browser is stopping or an election is being forced.

Error - 4/27/2010 10:51:38 PM | Computer Name = DLAND | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
D1LAND that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C32581FD-4889-4662-8F.
The
master browser is stopping or an election is being forced.

Error - 4/28/2010 8:46:26 PM | Computer Name = DLAND | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
the Network Card with network address 0007E9EE5C8D.

Error - 5/1/2010 10:32:10 PM | Computer Name = DLAND | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 e1db2000, parameter2 00000000, parameter3
82cf9782, parameter4 00000001.

Error - 5/1/2010 10:33:14 PM | Computer Name = DLAND | Source = Service Control Manager | ID = 7022
Description = The SQL Server VSS Writer service hung on starting.

Error - 5/1/2010 10:33:14 PM | Computer Name = DLAND | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).


< End of report >



Dave

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:30 PM

Posted 02 May 2010 - 11:24 AM

Hi dland,




Please uninstall outdated java (Java™ SE Development Kit 6 Update 2) via Add/Remove Programs and Go into the Control Panel (Classic View) and double-click the Java Icon. (looks like a coffee cup)

On the Update tab, click on Update Now buttons. When done, press Apply and OK the button. Then clear your java cache as instructed in this thread .

Step1
  1. Please start OTL on your desktop.
  2. Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.
    CODE
    :OTL
    IE - HKU\S-1-5-21-823518204-1482476501-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Data = C3 17 11 E0 B2 A4 AC 29 3E F1 D7 B3 41 49 E5 36 F6 FE DE 71 3C 18 BA 0A F9 AA 17 17 FE 78 [binary data]
    IE - HKU\S-1-5-21-823518204-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\S-1-5-21-823518204-1482476501-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-823518204-1482476501-839522115-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
    O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O20 - AppInit_DLLs: (C:\DOCUME~1\DAVIDK~1.LAN\LOCALS~1\Temp\54265kou.dll) - C:\DOCUME~1\DAVIDK~1.LAN\LOCALS~1\Temp\54265kou.dll File not found

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]
  3. Click Run Fix button on the top.
  4. Click OK and let it run unhindered.
  5. OTL will ask to reboot the machine. Please OK the prompt.
  6. A report will open. Copy and Paste that report in your next reply.


Step2
  1. If you already have Combofix, please delete that copy and download it again as it's being updated regularly.
  2. Please visit this webpage for download links, and instructions for running the tool:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  3. Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  4. Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.
  5. Click Yes to allow Combofix to continue scanning for malware.
  6. When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.
  7. Do not mouse click on Combofix while it is running. That may cause it to stall.


In your next reply, please post back:

1.OTL log
2.ComboFix log

Tell me if you have any remaining issues on your pc.

#7 dland

dland
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 02 May 2010 - 01:13 PM

Here are the logs.

Attached Files



#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:30 PM

Posted 02 May 2010 - 09:38 PM

Hi dland,



Step1
  1. Go to this thread and Download TDSSKiller.zip to your Desktop.
  2. Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  3. Start > Run and copy/paste the following bolded command into run box and hit Enter.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  4. If TDSSKiller alerts you that the system needs to reboot, please consent.
  5. When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Step2
  1. Close any open browsers
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  3. Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
CODE
File::
c:\windows\system32\mad.dll
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00
RegNull::
HKEY_USERS\S-1-5-21-823518204-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{949FDAE1-E530-6EEE-E1B1-8004354D2EBF}*]

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop



Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



In your next reply, please post back:

1.TDSSKiller.txt
2.ComboFix log

Tell me how your pc is running now.

#9 dland

dland
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 02 May 2010 - 11:43 PM

Here you are.

Attached Files



#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:30 PM

Posted 03 May 2010 - 01:00 AM

Hi dland,



Looks good. Your system appears to be clean now. thumbup.gif If you have no remaining issues on your pc, let's do some tidy up and you should be good to go.

Step1

Click START then RUN
Now copy/paste ComboFix /Uninstall in the runbox and click OK.
Note the space between the X and the /Uninstall, it needs to be there.



This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step2

Start OTL from your desktop.
  1. Double click OTL and let it run
  2. Then Click the Cleanup button.
  3. You will get a prompt saying "Being Cleanup Process". Please select Yes.
  4. Restart your computer when prompted.


Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  1. Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  2. Update all programs regularly - Make sure you update all the programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

  3. Backup your valid registry -ERUNT (Emergency Recovery Utility NT) allows you to store a complete backup of your registry and restore if needed. Due to malware affects, a corrupt registry can prevent a system from booting. You're well advised to backup your valid registry while the system is clean now. For more info: Here and Here .


Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!



#11 dland

dland
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 03 May 2010 - 10:06 PM

Very good. Thank you so much for all the help!

#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:30 PM

Posted 11 May 2010 - 12:47 AM

Since this issue appears resolved ... this Topic is closed.

Glad to have helped.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users