Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Security Center Malware


  • This topic is locked This topic is locked
25 replies to this topic

#1 stmedlin

stmedlin

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 26 April 2011 - 01:25 PM

A few days ago, I got the XP Security Center Malware on my desktop. I have run Malware AntiBytes, SuperAntiSpyware, ESetScan Online to clean up as much as possible. When I run the SuperAntiSpyware program, it is detecting System.BrokenFileAssociation, HKCR\.exe. It detects this immediately at the start of the scan. This is not cleaned up at the end of the scan. Not sure if my machine has been completely cleaned.

Below is the DDS log and I have attached the gmer log and the attach.txt log from the DDS program.

------------------------------------------

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Stuart at 21:35:11.89 on Mon 04/25/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2236 [GMT -4:00]
.
AV: Defender Pro Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Defender Pro Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\Defender Pro\Defender Pro Update Service\livesrv.exe
C:\Program Files\Defender Pro\Defender Pro\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
d:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Defender Pro\Defender Pro\bdagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Defender Pro\Defender Pro\seccenter.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SuperAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Memeo\AutoSync\MemeoAutoSync.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Companion\att\ToolbarSvr.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\Stuart\Desktop\dds.scr
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
uURLSearchHooks: H - No File
uURLSearchHooks: FCToolbarURLSearchHook Class: {96b985b7-3cf9-456a-9db6-791710e60f5f} - c:\program files\mypoints toolbar 2.0\Helper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: FCToolbarURLSearchHook Class: {4219427b-0228-4356-a78b-eb7668d37d07} - c:\program files\inboxdollars\Helper.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Freecause Toolbar BHO: {614bda1f-9bef-4cd1-bde4-fa4804929b4a} - c:\program files\mypoints toolbar 2.0\Toolbar.dll
BHO: InboxDollars BHO: {6ffb615d-e8ce-4add-8d9f-31c4be9c26e4} - c:\program files\inboxdollars\Toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\common files\freecause\dca\dca-bho.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: MyPoints Toolbar 2.0: {89a2510a-b4b6-4683-bec9-1b96700bc7f1} - c:\program files\mypoints toolbar 2.0\Toolbar.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Defender Pro Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\defender pro\defender pro\IEToolbar.dll
TB: InboxDollars: {47980628-3844-42aa-a0dd-e2d86bba9600} - c:\program files\inboxdollars\Toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [NetZero_uoltray] d:\program files\netzero\exec.exe regrun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [TomTomHOME.exe] "d:\program files\tomtom home 2\TomTomHOMERunner.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DPAgent] "c:\program files\defender pro\defender pro\bdagent.exe"
mRun: [Defender Pro Antiphishing Helper] "c:\program files\defender pro\defender pro\IEShow.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\stuart\startm~1\programs\startup\memeoa~1.lnk - c:\docume~1\stuart\applic~1\microsoft\installer\{6bceb97b-f315-455d-bc2d-565a1a6781e8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe
StartupFolder: c:\docume~1\stuart\startm~1\programs\startup\memeoa~2.lnk - c:\program files\memeo\autosync\MemeoLauncher.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Gish It! - http://www.gishpuppy.com/menugpext.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: turbotax.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/61.07/uploader2.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211000085984
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\stuart\applic~1\mozilla\firefox\profiles\6mwz4xhf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.att.net/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJfox000&ptb=ZQyW0nJCK62vVR.jRn6GgQ&psa=&ind=2010072217&ptnrS=ZJfox000&si=&st=kwd&n=77cf4499&searchfor=
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: d:\picasa2\npPicasa3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 BDVEDISK;BDVEDISK;c:\program files\defender pro\defender pro\bdvedisk.sys [2009-4-1 82696]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-9-2 67584]
R2 TomTomHOMEService;TomTomHOMEService;d:\program files\tomtom home 2\TomTomHOMEService.exe [2010-12-10 92008]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-6-29 152328]
R3 bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-7-9 110728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-12 135664]
S2 mrtRate;mrtRate; [x]
S3 Arrakis3;Defender Pro Arrakis Server;c:\program files\common files\defender pro\defender pro arrakis server\bin\arrakis3.exe [2009-6-25 183880]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-15 30192]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2008-11-17 1128944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\memeo\autosync\MemeoService.exe [2007-7-6 31768]
.
=============== Created Last 30 ================
.
2011-04-26 01:22:36 -------- d-----w- c:\docume~1\stuart\applic~1\BitDefender
2011-04-24 00:04:12 1409 ----a-w- c:\windows\QTFont.for
2011-04-13 03:29:08 398760 ----a-r- c:\windows\system32\cpnprt2.cid
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ------w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ------w- c:\windows\system32\win32k.sys
2011-02-17 19:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00:28 78336 ------w- c:\windows\system32\ieencode.dll
2011-02-17 19:00:28 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00:27 17408 ------w- c:\windows\system32\corpol.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44:16 389120 ------w- c:\windows\system32\html.iec
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ------w- c:\windows\system32\fxscover.exe
2011-02-09 13:53:52 270848 ------w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ------w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ------w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ------w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ------w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ------w- c:\windows\system32\mstsc.exe
.
============= FINISH: 21:35:31.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 03 May 2011 - 07:48 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 stmedlin

stmedlin
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 03 May 2011 - 10:13 PM

Attached File  attach.zip   5.25KB   4 downloadsAttached File  attach.zip   5.25KB   4 downloads.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Stuart at 22:56:39.06 on Tue 05/03/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2278 [GMT -4:00]
.
AV: Defender Pro Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Defender Pro Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Defender Pro\Defender Pro Update Service\livesrv.exe
C:\Program Files\Defender Pro\Defender Pro\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
d:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Defender Pro\Defender Pro\bdagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SuperAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\Memeo\AutoSync\MemeoAutoSync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Companion\att\ToolbarSvr.exe
C:\Program Files\Defender Pro\Defender Pro\seccenter.exe
C:\Documents and Settings\Stuart\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
uURLSearchHooks: H - No File
uURLSearchHooks: FCToolbarURLSearchHook Class: {96b985b7-3cf9-456a-9db6-791710e60f5f} - c:\program files\mypoints toolbar 2.0\Helper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: FCToolbarURLSearchHook Class: {4219427b-0228-4356-a78b-eb7668d37d07} - c:\program files\inboxdollars\Helper.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Freecause Toolbar BHO: {614bda1f-9bef-4cd1-bde4-fa4804929b4a} - c:\program files\mypoints toolbar 2.0\Toolbar.dll
BHO: InboxDollars BHO: {6ffb615d-e8ce-4add-8d9f-31c4be9c26e4} - c:\program files\inboxdollars\Toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\common files\freecause\dca\dca-bho.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: MyPoints Toolbar 2.0: {89a2510a-b4b6-4683-bec9-1b96700bc7f1} - c:\program files\mypoints toolbar 2.0\Toolbar.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Defender Pro Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\defender pro\defender pro\IEToolbar.dll
TB: InboxDollars: {47980628-3844-42aa-a0dd-e2d86bba9600} - c:\program files\inboxdollars\Toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [NetZero_uoltray] d:\program files\netzero\exec.exe regrun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [TomTomHOME.exe] "d:\program files\tomtom home 2\TomTomHOMERunner.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DPAgent] "c:\program files\defender pro\defender pro\bdagent.exe"
mRun: [Defender Pro Antiphishing Helper] "c:\program files\defender pro\defender pro\IEShow.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\stuart\startm~1\programs\startup\memeoa~1.lnk - c:\docume~1\stuart\applic~1\microsoft\installer\{6bceb97b-f315-455d-bc2d-565a1a6781e8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe
StartupFolder: c:\docume~1\stuart\startm~1\programs\startup\memeoa~2.lnk - c:\program files\memeo\autosync\MemeoLauncher.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Gish It! - http://www.gishpuppy.com/menugpext.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: turbotax.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/61.07/uploader2.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211000085984
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\stuart\applic~1\mozilla\firefox\profiles\6mwz4xhf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.att.net/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJfox000&ptb=ZQyW0nJCK62vVR.jRn6GgQ&psa=&ind=2010072217&ptnrS=ZJfox000&si=&st=kwd&n=77cf4499&searchfor=
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: d:\picasa2\npPicasa3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 BDVEDISK;BDVEDISK;c:\program files\defender pro\defender pro\bdvedisk.sys [2009-4-1 82696]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-9-2 67584]
R2 TomTomHOMEService;TomTomHOMEService;d:\program files\tomtom home 2\TomTomHOMEService.exe [2010-12-10 92008]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-6-29 152328]
R3 bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-7-9 110728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-12 135664]
S2 mrtRate;mrtRate; [x]
S3 Arrakis3;Defender Pro Arrakis Server;c:\program files\common files\defender pro\defender pro arrakis server\bin\arrakis3.exe [2009-6-25 183880]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-15 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-12 135664]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2008-11-17 1128944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\memeo\autosync\MemeoService.exe [2007-7-6 31768]
.
=============== Created Last 30 ================
.
2011-04-26 01:22:36 -------- d-----w- c:\docume~1\stuart\applic~1\BitDefender
2011-04-24 00:04:12 1409 ----a-w- c:\windows\QTFont.for
2011-04-13 03:29:08 398760 ----a-r- c:\windows\system32\cpnprt2.cid
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ------w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ------w- c:\windows\system32\win32k.sys
2011-02-17 19:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00:28 78336 ------w- c:\windows\system32\ieencode.dll
2011-02-17 19:00:28 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00:27 17408 ------w- c:\windows\system32\corpol.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44:16 389120 ------w- c:\windows\system32\html.iec
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ------w- c:\windows\system32\fxscover.exe
2011-02-09 13:53:52 270848 ------w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ------w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ------w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ------w- c:\windows\system32\mfc42u.dll
.
============= FINISH: 22:56:53.37 ===============

#4 stmedlin

stmedlin
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 04 May 2011 - 06:38 AM

attached is the gmer log

Attached Files



#5 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:22 AM

Posted 06 May 2011 - 09:33 AM

Hi,

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now, let's look more thoroughly at the infected computer -

We need to see some information about what is happening in your machine. Please perform the following scan:
  • We need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Once you have the above logs, click on the Add Reply button below, copy in the contents of the two OTL logs. Also include any comments that you might have concerning the infection(s) and the infected computer.
Shannon

#6 stmedlin

stmedlin
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 07 May 2011 - 11:14 AM

OTL logfile created on: 5/7/2011 12:01:51 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Stuart\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 122.36 Gb Total Space | 82.49 Gb Free Space | 67.42% Space Free | Partition Type: NTFS
Drive D: | 170.03 Gb Total Space | 164.29 Gb Free Space | 96.63% Space Free | Partition Type: NTFS
Drive E: | 170.01 Gb Total Space | 159.68 Gb Free Space | 93.92% Space Free | Partition Type: NTFS
Drive J: | 1.90 Gb Total Space | 1.89 Gb Free Space | 99.30% Space Free | Partition Type: FAT

Computer Name: MEDLIN | User Name: Stuart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/07 12:00:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stuart\Desktop\OTL.exe
PRC - [2011/05/06 00:24:34 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- D:\Program Files\SuperAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/04/15 15:50:00 | 000,610,120 | R--- | M] (WinZip Computing, S.L.) -- D:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2011/03/14 15:55:16 | 000,325,120 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\Defender Pro\Defender Pro Update Service\livesrv.exe
PRC - [2010/12/10 08:29:00 | 000,092,008 | ---- | M] (TomTom) -- d:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/12/10 08:28:56 | 000,247,144 | ---- | M] (TomTom) -- D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/10/11 11:32:34 | 001,595,016 | ---- | M] (Defender Pro) -- C:\Program Files\Defender Pro\Defender Pro\vsserv.exe
PRC - [2010/10/11 11:32:21 | 001,086,232 | ---- | M] (Defender Pro) -- C:\Program Files\Defender Pro\Defender Pro\seccenter.exe
PRC - [2010/10/11 11:31:11 | 001,114,536 | ---- | M] (Defender Pro) -- C:\Program Files\Defender Pro\Defender Pro\bdagent.exe
PRC - [2010/07/13 10:45:40 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/03/23 03:51:16 | 000,193,848 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe
PRC - [2010/03/12 02:15:38 | 000,525,616 | ---- | M] (AT&T Inc.) -- C:\Program Files\Yahoo!\Companion\att\ToolbarSvr.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/13 14:36:12 | 001,117,208 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
PRC - [2007/07/06 17:28:14 | 000,786,432 | ---- | M] () -- C:\Program Files\Memeo\AutoSync\MemeoAutoSync.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (SafeList) ==========

MOD - [2011/05/07 12:00:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stuart\Desktop\OTL.exe
MOD - [2011/04/01 16:53:18 | 000,232,968 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\Defender Pro\Defender Pro\Active Virus Control\midas32-v2_88\midas32.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/07/26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/14 15:55:16 | 000,325,120 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\Defender Pro\Defender Pro Update Service\livesrv.exe -- (LIVESRV)
SRV - [2010/12/10 08:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- d:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/10/11 11:33:19 | 000,323,584 | ---- | M] (S.C. Defender Pro S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\Defender Pro\Defender Pro Threat Scanner\scan.dll -- (scan)
SRV - [2010/10/11 11:33:18 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\Defender Pro\Defender Pro Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2010/10/11 11:32:34 | 001,595,016 | ---- | M] (Defender Pro) [Auto | Running] -- C:\Program Files\Defender Pro\Defender Pro\vsserv.exe -- (VSSERV)
SRV - [2010/07/13 10:45:40 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2009/09/01 17:36:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/17 12:51:58 | 001,128,944 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/07/06 17:28:44 | 000,031,768 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Memeo\AutoSync\MemeoService.exe -- (AutoSyncService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/10/11 11:33:34 | 000,152,328 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2010/10/11 11:33:34 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Defender Pro\Defender Pro Threat Scanner\profos.sys -- (Profos)
DRV - [2010/10/11 11:33:17 | 000,118,536 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Defender Pro\Defender Pro Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/10/11 11:31:05 | 000,110,728 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (bdfndisf)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SuperAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SuperAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/24 12:26:08 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/05/07 04:22:06 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Defender Pro\Defender Pro Threat Scanner\trufos.sys -- (Trufos)
DRV - [2009/04/01 11:25:42 | 000,082,696 | ---- | M] (BitDefender S.R.L.) [Kernel | Auto | Running] -- C:\Program Files\Defender Pro\Defender Pro\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/01/12 12:27:58 | 000,008,832 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Defender Pro\Defender Pro\bdselfpr.sys -- (BDSelfPr)
DRV - [2008/09/12 15:22:54 | 000,540,288 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2008/09/12 15:22:24 | 000,443,520 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2008/07/26 11:26:56 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/07/26 11:26:44 | 004,658,584 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S7500(UVC)
DRV - [2008/07/26 11:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 11:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/15 11:04:01 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2008/04/13 15:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007/07/16 19:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/05/05 21:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080415
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080415


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1550744349-157636350-1699425034-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1550744349-157636350-1699425034-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1550744349-157636350-1699425034-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKU\S-1-5-21-1550744349-157636350-1699425034-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1550744349-157636350-1699425034-1005\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1550744349-157636350-1699425034-1005\..\URLSearchHook: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1550744349-157636350-1699425034-1005\..\URLSearchHook: {4219427b-0228-4356-a78b-eb7668d37d07} - C:\Program Files\InboxDollars\Helper.dll ()
IE - HKU\S-1-5-21-1550744349-157636350-1699425034-1005\..\URLSearchHook: {96B985B7-3CF9-456A-9DB6-791710E60F5F} - C:\Program Files\MyPoints Toolbar 2.0\Helper.dll ()
IE - HKU\S-1-5-21-1550744349-157636350-1699425034-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.att.net/"
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {9CE11043-9A15-4207-A565-0C94C42D590D}:2.0
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJfox000&ptb=ZQyW0nJCK62vVR.jRn6GgQ&psa=&ind=2010072217&ptnrS=ZJfox000&si=&st=kwd&n=77cf4499&searchfor="

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\Defender Pro\Defender Pro\bdaphffext\ [2010/10/11 11:22:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/08 00:27:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/18 08:31:13 | 000,000,000 | ---D | M]

[2011/01/02 23:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stuart\Application Data\Mozilla\Extensions
[2011/01/02 23:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stuart\Application Data\Mozilla\Extensions\home2@tomtom.com
[2011/03/24 23:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\6mwz4xhf.default\extensions
[2010/05/03 21:30:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\6mwz4xhf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/10 23:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\6mwz4xhf.default\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}
[2010/08/10 23:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\6mwz4xhf.default\extensions\staged-xpis
[2010/07/22 18:35:20 | 000,010,017 | ---- | M] () -- C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\6mwz4xhf.default\searchplugins\mywebsearch.xml
[2011/04/29 12:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/18 00:09:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/11 11:31:15 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
[2010/05/06 21:40:28 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/09/18 00:09:26 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/09/14 22:12:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Freecause Toolbar BHO) - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O2 - BHO: (InboxDollars BHO) - {6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4} - C:\Program Files\InboxDollars\Toolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Defender Pro Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\Defender Pro\Defender Pro\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files\InboxDollars\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (MyPoints Toolbar 2.0) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1550744349-157636350-1699425034-1005\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKU\S-1-5-21-1550744349-157636350-1699425034-1005\..\Toolbar\WebBrowser: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files\InboxDollars\Toolbar.dll ()
O3 - HKU\S-1-5-21-1550744349-157636350-1699425034-1005\..\Toolbar\WebBrowser: (MyPoints Toolbar 2.0) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Defender Pro Antiphishing Helper] C:\Program Files\Defender Pro\Defender Pro\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [dellsupportcenter] File not found
O4 - HKLM..\Run: [DPAgent] C:\Program Files\Defender Pro\Defender Pro\bdagent.exe (Defender Pro)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1550744349-157636350-1699425034-1005..\Run: [NetZero_uoltray] File not found
O4 - HKU\S-1-5-21-1550744349-157636350-1699425034-1005..\Run: [SUPERAntiSpyware] D:\Program Files\SuperAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1550744349-157636350-1699425034-1005..\Run: [TomTomHOME.exe] d:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-1550744349-157636350-1699425034-1005..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Diana\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Jen\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = D:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Stuart\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk = C:\Documents and Settings\Stuart\Application Data\Microsoft\Installer\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\Stuart\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk = C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe (Memeo)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1550744349-157636350-1699425034-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1550744349-157636350-1699425034-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1550744349-157636350-1699425034-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1550744349-157636350-1699425034-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKU\S-1-5-21-1550744349-157636350-1699425034-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1550744349-157636350-1699425034-1005\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1550744349-157636350-1699425034-1005\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1550744349-157636350-1699425034-1005\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/61.07/uploader2.cab (UploadListView Class)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211000085984 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Stuart\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Stuart\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SuperAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1550744349-157636350-1699425034-1005..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1550744349-157636350-1699425034-1005\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 12:00:09 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stuart\Desktop\OTL.exe
[2011/05/03 23:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/05/03 23:09:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/05/03 22:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/04/25 21:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart\Desktop\gmer
[2011/04/25 21:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart\Application Data\BitDefender
[2011/04/25 20:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011/04/23 22:04:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart\Desktop\xp_exe_fix
[2011/04/16 13:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart\My Documents\TaxACT 2010
[2011/04/15 18:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/04/12 23:29:08 | 000,398,760 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2007/07/13 14:36:22 | 000,220,184 | ---- | C] ( ) -- C:\Documents and Settings\Stuart\Local Settings\Application Data\Interop.Microsoft.Office.Core.dll
[2005/12/13 17:12:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Stuart\Local Settings\Application Data\stdole.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/07 12:00:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stuart\Desktop\OTL.exe
[2011/05/07 11:46:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1550744349-157636350-1699425034-1006UA.job
[2011/05/07 11:10:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/07 11:03:12 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/07 11:02:10 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Stuart\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
[2011/05/07 11:01:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/07 11:01:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/07 10:43:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/07 10:43:07 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/07 10:43:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/05/07 10:43:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/05/05 13:46:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1550744349-157636350-1699425034-1006Core.job
[2011/05/05 12:53:00 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/03 23:12:34 | 000,005,378 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\attach.zip
[2011/05/03 23:11:13 | 000,001,642 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/05/03 23:11:13 | 000,001,558 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/05/03 23:08:24 | 016,876,872 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\winzip155.exe
[2011/05/03 22:46:55 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\dds.scr
[2011/05/02 23:24:51 | 000,000,132 | ---- | M] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2011/05/01 00:53:41 | 000,000,817 | ---- | M] () -- C:\WINDOWS\MBA.INI
[2011/04/30 12:18:30 | 020,289,010 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\20110430.MBU
[2011/04/30 00:19:16 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/25 21:29:45 | 000,001,111 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MBA.lnk
[2011/04/25 21:03:45 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\gmer.zip
[2011/04/25 21:01:18 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\Defogger.exe
[2011/04/24 02:16:18 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/04/24 02:14:47 | 000,000,075 | ---- | M] () -- C:\WINDOWS\TaxACT08.ini
[2011/04/23 20:04:12 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/04/23 20:04:12 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/04/23 18:20:19 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Stuart\Application Dataprivacy.xml
[2011/04/23 17:58:51 | 000,012,368 | -HS- | M] () -- C:\Documents and Settings\Stuart\Local Settings\Application Data\h0o212e533618t63uj46y
[2011/04/23 17:58:51 | 000,012,368 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\h0o212e533618t63uj46y
[2011/04/19 00:08:08 | 020,288,859 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\20110419(nozero.MBU
[2011/04/19 00:04:19 | 020,290,588 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\20110419(zeroin.MBU
[2011/04/18 20:55:07 | 000,000,061 | ---- | M] () -- C:\WINDOWS\TaxACT10.ini
[2011/04/17 19:48:33 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/04/16 18:36:36 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\TaxACT 2010.lnk
[2011/04/16 13:56:35 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TaxACT 2010.lnk
[2011/04/15 17:16:59 | 000,002,375 | ---- | M] () -- C:\Documents and Settings\Stuart\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/04/14 16:53:38 | 000,278,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/13 23:59:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/13 23:54:49 | 000,486,232 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/13 23:54:49 | 000,081,450 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/12 23:29:08 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/04/07 22:39:58 | 000,004,303 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\Factmonster_Sheet.odt
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/03 23:12:34 | 000,005,378 | ---- | C] () -- C:\Documents and Settings\Stuart\Desktop\attach.zip
[2011/05/03 23:11:13 | 000,001,642 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/05/03 23:11:13 | 000,001,558 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/05/03 23:07:14 | 016,876,872 | ---- | C] () -- C:\Documents and Settings\Stuart\Desktop\winzip155.exe
[2011/04/30 12:18:29 | 020,289,010 | ---- | C] () -- C:\Documents and Settings\Stuart\Desktop\20110430.MBU
[2011/04/25 21:03:45 | 000,293,019 | ---- | C] () -- C:\Documents and Settings\Stuart\Desktop\gmer.zip
[2011/04/25 21:01:56 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Stuart\Desktop\dds.scr
[2011/04/25 21:01:17 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Stuart\Desktop\Defogger.exe
[2011/04/25 20:53:08 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/25 20:50:04 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2011/04/23 22:04:10 | 000,002,600 | ---- | C] () -- C:\Documents and Settings\Stuart\Desktop\xp_exe_fix.reg
[2011/04/23 20:04:12 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/04/23 20:04:12 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/04/23 11:49:22 | 000,012,368 | -HS- | C] () -- C:\Documents and Settings\Stuart\Local Settings\Application Data\h0o212e533618t63uj46y
[2011/04/23 11:49:22 | 000,012,368 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h0o212e533618t63uj46y
[2011/04/19 00:08:08 | 020,288,859 | ---- | C] () -- C:\Documents and Settings\Stuart\Desktop\20110419(nozero.MBU
[2011/04/19 00:04:18 | 020,290,588 | ---- | C] () -- C:\Documents and Settings\Stuart\Desktop\20110419(zeroin.MBU
[2011/04/17 19:48:33 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/17 19:48:33 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/04/16 18:36:36 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Stuart\Desktop\TaxACT 2010.lnk
[2011/04/16 13:56:34 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TaxACT 2010.lnk
[2011/04/16 13:56:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT10.ini
[2011/04/07 22:39:58 | 000,004,303 | ---- | C] () -- C:\Documents and Settings\Stuart\Desktop\Factmonster_Sheet.odt
[2011/01/15 20:13:23 | 000,303,104 | ---- | C] () -- C:\WINDOWS\emunist.exe
[2011/01/15 20:13:23 | 000,001,588 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini
[2011/01/15 20:12:48 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011/01/15 20:02:48 | 000,000,214 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/01/15 19:16:43 | 000,822,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/24 16:13:33 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Stuart\Application Data\bdfvconp.ini
[2010/11/18 16:10:26 | 000,012,496 | ---- | C] () -- C:\WINDOWS\MSPuzzle.dat
[2010/09/07 22:23:32 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent .INI
[2010/07/15 16:57:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2010/07/15 16:57:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2010/07/15 16:57:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2010/07/15 16:57:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2010/07/15 16:57:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/07/15 16:57:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2010/07/10 08:41:19 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2010/07/10 08:09:24 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2010/07/10 08:09:24 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2010/07/10 08:08:52 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2009/10/31 18:17:57 | 000,069,464 | ---- | C] () -- C:\WINDOWS\System32\unPPC6000.exe
[2009/10/31 18:17:57 | 000,034,136 | ---- | C] () -- C:\WINDOWS\System32\RegHero.exe
[2009/10/31 18:17:57 | 000,029,016 | ---- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2009/10/31 18:17:56 | 000,255,320 | ---- | C] () -- C:\WINDOWS\System32\PPCInfo.exe
[2009/09/23 17:02:01 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/28 20:38:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/25 11:28:46 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/04/13 13:44:00 | 000,000,075 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini
[2009/04/12 15:57:39 | 000,000,614 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/12/02 21:24:54 | 000,000,817 | ---- | C] () -- C:\WINDOWS\MBA.INI
[2008/11/29 14:52:11 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\iimds.dll
[2008/11/29 14:52:11 | 000,056,696 | ---- | C] () -- C:\WINDOWS\System32\imsys.dll
[2008/10/23 12:19:00 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2008/09/10 19:44:18 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2008/09/09 23:29:27 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/09/01 00:15:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/07/02 07:48:10 | 000,045,964 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/06/14 11:15:24 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/05/22 21:10:54 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/05/20 23:34:48 | 000,000,064 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2008/05/18 21:56:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2008/05/16 16:23:57 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/05/15 23:26:51 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Stuart\Local Settings\Application Data\fusioncache.dat
[2008/05/15 21:42:07 | 000,128,966 | ---- | C] () -- C:\WINDOWS\hpwins10.dat
[2008/05/15 21:42:07 | 000,000,771 | ---- | C] () -- C:\WINDOWS\hpwmdl10.dat
[2008/05/15 19:58:54 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/05/14 20:26:26 | 000,000,057 | ---- | C] () -- C:\WINDOWS\Taxact04.ini
[2008/04/30 17:15:56 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Stuart\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/15 11:07:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/15 11:03:21 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/15 10:36:23 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2008/04/15 10:36:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/04/15 10:34:47 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/12/11 02:29:33 | 000,008,558 | ---- | C] () -- C:\WINDOWS\hpwscr10.dat
[2006/07/31 01:59:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\scrub2k.ini
[2006/07/31 01:59:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\scrub2k.exe
[2005/10/11 22:20:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,278,944 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,486,232 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,081,450 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,047,564 | ---- | C] () -- C:\WINDOWS\NTDETECT.COM
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >


----------------------------------------------------------
OTL Extras logfile created on: 5/7/2011 12:01:51 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Stuart\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 122.36 Gb Total Space | 82.49 Gb Free Space | 67.42% Space Free | Partition Type: NTFS
Drive D: | 170.03 Gb Total Space | 164.29 Gb Free Space | 96.63% Space Free | Partition Type: NTFS
Drive E: | 170.01 Gb Total Space | 159.68 Gb Free Space | 93.92% Space Free | Partition Type: NTFS
Drive J: | 1.90 Gb Total Space | 1.89 Gb Free Space | 99.30% Space Free | Partition Type: FAT

Computer Name: MEDLIN | User Name: Stuart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1550744349-157636350-1699425034-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL
"D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"D:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = D:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"D:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = D:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\MyPoints Toolbar 2.0\TroubleShooter.exe" = C:\Program Files\MyPoints Toolbar 2.0\TroubleShooter.exe:*:Enabled:MyPoints Toolbar 2.0 (Helper) -- (FreeCause Inc.)
"C:\Program Files\MyPoints Toolbar 2.0\ToolbarUpdate.exe" = C:\Program Files\MyPoints Toolbar 2.0\ToolbarUpdate.exe:*:Enabled:MyPoints Toolbar 2.0 (Update) -- (FreeCause Inc.)
"D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Defender Pro\Defender Pro\DpReg.exe" = C:\Program Files\Defender Pro\Defender Pro\DpReg.exe:*:Enabled:Defender Pro 15 in 1 -- (BitDefender S.R.L.)
"C:\Program Files\InboxDollars\TroubleShooter.exe" = C:\Program Files\InboxDollars\TroubleShooter.exe:*:Enabled:InboxDollars (Helper) -- (FreeCause Inc.)
"C:\Program Files\InboxDollars\ToolbarUpdate.exe" = C:\Program Files\InboxDollars\ToolbarUpdate.exe:*:Enabled:InboxDollars (Update) -- (FreeCause Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{00CB213D-CA43-4CB7-A9ED-808E1D0E4739}" = Video Capture USB
"{03638EA1-2920-4947-B800-BA1C5466E10D}" = Math Success
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F956834-2785-4E63-A2AB-C1CB6359191B}" = MyLearnExpress
"{11655C91-EF58-4aab-BF09-E8F205324FBF}" = BPDSoftware
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{16B18999-56D7-4E8F-A40C-385E68A6D0CD}" = Barbie Girls
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}" = Roxio Activation Module
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{21ABEA96-CCAB-4C40-8699-6BDFEC5FD63C}" = Roxio Easy VHS to DVD Content
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{28DE1E36-090A-408B-AA7D-7E5316526011}" = Defender Pro 15-in-1
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3383136B-4F86-4F05-8612-DD4BB16A1EAE}" = Roxio Easy VHS to DVD
"{3389DC79-8D4C-4447-B1D3-3D8FE43D65C2}" = The Chronicles of Narnia
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client
"{38043D70-D13A-4E0B-AFD2-48494551B463}" = MyLearnExpress
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CD1D44A-FA04-4D58-00BA-F09130D348FA}" = Mahjong Garden Deluxe
"{3D30BAC1-C250-4F10-9C78-C379D05A445E}" = BPDSoftware_Ini
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = Skopalino Client Terminal 4.00
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{413DF0D0-C17D-11DF-6784-A1DD7E2B18BE}" = MbaAvon
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6BCEB97B-F315-455D-BC2D-565A1A6781E8}" = Memeo AutoBackup
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7919D8D9-69FB-4E94-B330-04C4AF251867}" = Roxio Easy VHS to DVD
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FA7E81D-6D99-4788-8BE4-D898B346AB2E}" = Industry Giant 2
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95165DDE-C240-422E-9593-167DD31A8DF9}" = AV4 Customer Management System For Avon Representatives 5.11.11
"{97F4D62E-5AEB-4649-BABF-4712C6EF6845}" = DeductionPro 2009
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A34D0A4C-4E3E-46F2-9495-D1AEAF7397CE}" = H&R Block North Carolina 2009
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B929776E-7527-4F98-AE4D-BEBCF0BEA669}" = BPD_HPSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FE37FA-0886-4B66-B01B-76CF70FB77AB}" = Roxio CinePlayer Decoder Pack
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = BPDfax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E40D6E16-6D7D-4AF3-9E13-B3A308571E81}" = Roxio Easy VHS to DVD
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E8972F40-874D-4FA6-A6F4-52A8C99D8DDA}" = Serif PhotoPlus X3
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2CA5A0D-5F2F-4d99-89F0-2D1358218A7A}" = ProductContext
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"{F9256848-A8FB-46F7-822C-573E9ACD7383}" = Math Success
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FECA6067-869C-4F32-9F6E-574E1496CE44}" = Memeo AutoSync
"Ad-aware 6 Personal" = Ad-aware 6 Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AT&T Yahoo! Browser Configuration" = AT&T Yahoo! Browser Configuration
"AVOBASE" = AVOBASE
"Carmen Sandiego Word Detective v1.0.1 1.0.0" = Carmen Sandiego Word Detective v1.0.1
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CobBackup10" = Cobian Backup 10
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Disney Toontown Online" = Disney Toontown Online
"Encarta98" = Microsoft Encarta 98 Encyclopedia
"ESET Online Scanner" = ESET Online Scanner v3
"GameSpy Arcade" = GameSpy Arcade
"Google Desktop" = Google Desktop
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Officejet All-In-One Series" = HP Officejet All-In-One Series
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IIM5_is1" = iMacros V6.00
"InboxDollars" = InboxDollars
"InstallShield_{16B18999-56D7-4E8F-A40C-385E68A6D0CD}" = Barbie Girls
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{3389DC79-8D4C-4447-B1D3-3D8FE43D65C2}" = The Chronicles of Narnia
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MBA" = MBA
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.5.18)" = Mozilla Firefox (3.5.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MyPoints Toolbar 2.0" = MyPoints Toolbar 2.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PROSet" = Intel® PRO Network Connections Drivers
"Puzzle Collection" = Microsoft Entertainment Pack: The Puzzle Collection
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SearchAssist" = SearchAssist
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"SpywareBlaster_is1" = SpywareBlaster 4.4
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TaxACT 2008" = TaxACT 2008
"TaxACT 2010" = TaxACT 2010
"Tom Peters' Career Uninstall" = Tom Peters' Career Survival Guide
"TomTom HOME" = TomTom HOME 2.8.0.2146
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TVEpaDrv" = Roxio Video Capture USB Driver
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"ViewpointMediaPlayer" = Viewpoint Media Player
"Where in Time is Carmen Sandiego? v3.0 Demo 1.0" = Where in Time is Carmen Sandiego? v3.0 Demo
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = att.net Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1550744349-157636350-1699425034-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{6BCEB97B-F315-455D-BC2D-565A1A6781E8}" = Memeo AutoBackup
"InstallShield_{FECA6067-869C-4F32-9F6E-574E1496CE44}" = Memeo AutoSync

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/6/2011 10:31:06 PM | Computer Name = MEDLIN | Source = MSSOAP | ID = 16
Description = Soap error: Loading of the WSDL file failed.

Error - 3/6/2011 10:31:06 PM | Computer Name = MEDLIN | Source = MSSOAP | ID = 16
Description = Soap error: One of the parameters supplied is invalid..

Error - 3/7/2011 5:31:41 PM | Computer Name = MEDLIN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17095, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/7/2011 5:31:42 PM | Computer Name = MEDLIN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17095, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/7/2011 5:32:27 PM | Computer Name = MEDLIN | Source = Application Hang | ID = 1002
Description = Hanging application POWERPNT.EXE, version 11.0.8324.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/9/2011 6:31:45 PM | Computer Name = MEDLIN | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 4.2.0.169, faulting module
msftedit.dll, version 5.41.15.1515, fault address 0x00037daf.

Error - 3/9/2011 6:32:07 PM | Computer Name = MEDLIN | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 4.2.0.169, faulting module
msftedit.dll, version 5.41.15.1515, fault address 0x00037daf.

Error - 3/9/2011 9:07:15 PM | Computer Name = MEDLIN | Source = Application Error | ID = 1000
Description = Faulting application jaucheck.exe, version 2.0.2.4, faulting module
jaucheck.exe, version 2.0.2.4, fault address 0x0000c940.

Error - 3/12/2011 3:19:13 PM | Computer Name = MEDLIN | Source = Application Error | ID = 1000
Description = Faulting application jaucheck.exe, version 2.0.2.4, faulting module
jaucheck.exe, version 2.0.2.4, fault address 0x0000c940.

Error - 3/16/2011 8:07:36 PM | Computer Name = MEDLIN | Source = Application Error | ID = 1000
Description = Faulting application jaucheck.exe, version 2.0.2.4, faulting module
jaucheck.exe, version 2.0.2.4, fault address 0x0000c940.

[ System Events ]
Error - 5/4/2011 5:52:55 AM | Computer Name = MEDLIN | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 5/4/2011 6:48:07 PM | Computer Name = MEDLIN | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 5/4/2011 6:48:07 PM | Computer Name = MEDLIN | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 5/5/2011 12:43:44 PM | Computer Name = MEDLIN | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 5/5/2011 12:43:44 PM | Computer Name = MEDLIN | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 5/5/2011 8:09:16 PM | Computer Name = MEDLIN | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 5/5/2011 8:09:16 PM | Computer Name = MEDLIN | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 5/6/2011 12:24:53 AM | Computer Name = MEDLIN | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 5/7/2011 10:43:24 AM | Computer Name = MEDLIN | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 5/7/2011 10:43:24 AM | Computer Name = MEDLIN | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2


< End of report >

#7 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:22 AM

Posted 09 May 2011 - 08:38 AM

Hi-

Sorry for the delay in responding, but my home computer is having network problems.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Microsoft: ‘Unprecedented Wave of Java Exploitation’
Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

Please run Malwarebytes' Anti-Malware (MBAM)
  • Click on the Update tab and click the Check for Updates button.
  • When the update is finished, click on the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

Next, I'd like for you to scan your machine with ESET OnlineScan
  • Hold down Control key and click on the following link to open ESET OnlineScan in a new window.
  • ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip the next two steps)
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

In your reply, please copy in the contents of the MBAM and ESET OnlineScan reports. How is your computer running?
Shannon

#8 stmedlin

stmedlin
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 11 May 2011 - 09:13 AM

The following is the Malware Bytes log. Nothing turned up when I scanned using ESet. The two things I noticed is that with the Windows Security center, the icon in the system tray says Windows Automatic updates is turned off. I cannot turn it back on. If I check under the control panel, it appears it is set to 'on'.

-------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6550

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/10/2011 10:45:13 PM
mbam-log-2011-05-10 (22-45-13).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|H:\|I:\|J:\|K:\|)
Objects scanned: 386944
Time elapsed: 1 hour(s), 27 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d} (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

#9 stmedlin

stmedlin
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 11 May 2011 - 09:15 AM

In addition, SuperAntiSpyware is returning System.BrokenFileAssociation, HKCR\.exe.

#10 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:22 AM

Posted 11 May 2011 - 10:55 AM

Hi-

Since MBAM has uncovered another problem, let's see if ComboFix can clean things up.

Download Combofix from either of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable your Anti-virusl


Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please copy the "C:\ComboFix.txt" into your reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Next, please download MBRCheck by clicking here and save it to your desktop.
  • Be sure to disable your security programs.
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
  • A window will open on your desktop.
  • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter.
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
  • Please post the contents of that file in your next reply.

In your reply, please copy in the ComboFix and MBRCheck reports.
Shannon

#11 stmedlin

stmedlin
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 12 May 2011 - 06:31 PM

ComboFix 11-05-11.04 - Stuart 05/12/2011 19:11:02.4.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2489 [GMT -4:00]
Running from: c:\documents and settings\Stuart\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Stuart\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: Defender Pro Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Defender Pro Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2011-04-12 to 2011-05-12 )))))))))))))))))))))))))))))))
.
.
2011-05-12 22:47 . 2007-03-09 15:25 2321288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-05-12 22:47 . 2011-04-18 13:15 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{B0414379-07ED-4E15-8B40-140F97469220}\mpengine.dll
2011-05-11 00:56 . 2011-05-11 00:56 -------- d-----w- c:\program files\Common Files\Java
2011-05-11 00:55 . 2011-05-11 00:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-11 00:55 . 2011-05-11 00:55 -------- d-----w- c:\program files\Java
2011-05-04 03:09 . 2011-05-04 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2011-05-04 02:58 . 2011-05-04 02:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-04-26 01:22 . 2011-04-26 01:22 -------- d-----w- c:\documents and settings\Stuart\Application Data\BitDefender
2011-04-26 00:50 . 2011-04-26 00:50 -------- d-----w- c:\program files\Windows Defender
2011-04-24 00:04 . 2011-04-24 00:04 1409 ----a-w- c:\windows\QTFont.for
2011-04-23 22:15 . 2011-04-23 22:15 -------- d-----w- c:\documents and settings\Diana\Application Data\SUPERAntiSpyware.com
2011-04-15 22:41 . 2011-04-15 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-04-13 22:44 . 2011-04-13 22:44 -------- d-----w- c:\documents and settings\Jen\Application Data\Roxio
2011-04-13 22:43 . 2011-04-13 22:43 -------- d-----w- c:\documents and settings\Jen\Local Settings\Application Data\RoxioCentralFx
2011-04-13 03:29 . 2011-04-13 03:29 398760 ----a-r- c:\windows\system32\cpnprt2.cid
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-11 00:55 . 2010-09-18 04:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-10 01:07 . 2010-12-29 18:07 1324 ----a-w- c:\documents and settings\Jen\Local Settings\Application Data\d3d9caps.tmp
2011-03-07 05:33 . 2004-08-11 21:12 692736 ------w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2004-08-11 21:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-11 21:00 1857920 ------w- c:\windows\system32\win32k.sys
2011-02-17 19:00 . 2004-08-11 21:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00 . 2004-08-11 21:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00 . 2004-08-11 21:00 78336 ------w- c:\windows\system32\ieencode.dll
2011-02-17 19:00 . 2004-08-11 21:00 17408 ------w- c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2004-08-11 21:00 455936 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-11 21:00 357888 ------w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 21:13 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2004-08-11 21:00 389120 ------w- c:\windows\system32\html.iec
2011-02-15 12:56 . 2004-08-11 21:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2010-10-11 15:31 . 2010-07-10 04:57 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2010-07-26 23:53 . 2009-11-17 05:12 119808 ------w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
<pre>
c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper .exe
c:\program files\Dell Support Center\bin\sprtcmd .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{96B985B7-3CF9-456A-9DB6-791710E60F5F}"= "c:\program files\MyPoints Toolbar 2.0\Helper.dll" [2009-11-18 242688]
"{4219427b-0228-4356-a78b-eb7668d37d07}"= "c:\program files\InboxDollars\Helper.dll" [2010-11-24 356864]
.
[HKEY_CLASSES_ROOT\clsid\{96b985b7-3cf9-456a-9db6-791710e60f5f}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{9FEBEA6D-4801-4D23-97E7-A771B698E442}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{4219427b-0228-4356-a78b-eb7668d37d07}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{8EF4D7EF-810E-4629-A9C9-F92FD201FE1A}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
2009-11-18 01:26 1440768 ------w- c:\program files\MyPoints Toolbar 2.0\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}]
2010-11-24 05:02 1532416 ------w- c:\program files\InboxDollars\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Toolbar 2.0\Toolbar.dll" [2009-11-18 1440768]
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files\InboxDollars\Toolbar.dll" [2010-11-24 1532416]
.
[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Toolbar 2.0\Toolbar.dll" [2009-11-18 1440768]
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files\InboxDollars\Toolbar.dll" [2010-11-24 1532416]
.
[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-03 39408]
"NetZero_uoltray"="d:\program files\NetZero\exec.exe" [N/A]
"SUPERAntiSpyware"="d:\program files\SuperAntiSpyware\SUPERAntiSpyware.exe" [2011-05-06 2424192]
"TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-12-10 247144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-23 8429568]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-15 98304]
"DPAgent"="c:\program files\Defender Pro\Defender Pro\bdagent.exe" [2010-10-11 1114536]
"Defender Pro Antiphishing Helper"="c:\program files\Defender Pro\Defender Pro\IEShow.exe" [2010-10-11 71152]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [N/A]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Diana\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\Jen\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - d:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
.
c:\documents and settings\Stuart\Start Menu\Programs\Startup\
Memeo AutoBackup Launcher.lnk - c:\documents and settings\Stuart\Application Data\Microsoft\Installer\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2009-6-25 73728]
Memeo AutoSync Launcher.lnk - c:\program files\Memeo\AutoSync\MemeoLauncher.exe [2007-7-6 125976]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - d:\program files\WinZip\WZQKPICK.EXE [2011-4-15 610120]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SuperAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2007-07-16 23:48 69632 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BarbieGirlsTray]
2007-03-15 02:59 24576 ----a-w- D:\Mattel.BarbieGirls.Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
c:\program files\Dell Support Center\bin\sprtcmd.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-02-13 23:21 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-26 23:53 30192 ------w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- d:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-03-20 21:34 213936 ------w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-05-23 19:33 8429568 ------w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oasnwrmxce.tmp]
c:\docume~1\Stuart\LOCALS~1\Temp\oasnwrmxce.tmp [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM]
c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 15:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-04-15 15:04 98304 ------w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-07-16 23:48 16132608 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Java\jre1.6.0_04\bin\jusched.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\MyPoints Toolbar 2.0\\TroubleShooter.exe"=
"c:\\Program Files\\MyPoints Toolbar 2.0\\ToolbarUpdate.exe"=
"d:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"d:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\Program Files\\Defender Pro\\Defender Pro\\DpReg.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\InboxDollars\\TroubleShooter.exe"=
"c:\\Program Files\\InboxDollars\\ToolbarUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 SASDIFSV;SASDIFSV;d:\program files\SuperAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\SuperAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 BDVEDISK;BDVEDISK;c:\program files\Defender Pro\Defender Pro\bdvedisk.sys [4/1/2009 11:25 AM 82696]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [9/2/2010 11:42 PM 67584]
R2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [12/10/2010 8:29 AM 92008]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [6/29/2009 2:12 PM 152328]
R3 bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [7/9/2009 9:49 AM 110728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/12/2010 9:55 AM 135664]
S2 mrtRate;mrtRate; [x]
S3 Arrakis3;Defender Pro Arrakis Server;c:\program files\Common Files\Defender Pro\Defender Pro Arrakis Server\bin\arrakis3.exe [6/25/2009 4:04 PM 183880]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/15/2008 11:01 AM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/12/2010 9:55 AM 135664]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [11/17/2008 12:51 PM 1128944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [7/6/2007 5:28 PM 31768]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-12 13:55]
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-12 13:55]
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1550744349-157636350-1699425034-1006Core.job
- c:\documents and settings\Diana\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-30 17:08]
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1550744349-157636350-1699425034-1006UA.job
- c:\documents and settings\Diana\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-30 17:08]
.
2011-05-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Gish It! - http://www.gishpuppy.com/menugpext.html
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Stuart\Application Data\Mozilla\Firefox\Profiles\6mwz4xhf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.att.net/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJfox000&ptb=ZQyW0nJCK62vVR.jRn6GgQ&psa=&ind=2010072217&ptnrS=ZJfox000&si=&st=kwd&n=77cf4499&searchfor=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-12 19:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(8204)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-12 19:19:29
ComboFix-quarantined-files.txt 2011-05-12 23:19
ComboFix2.txt 2011-05-12 22:54
.
Pre-Run: 90,187,952,128 bytes free
Post-Run: 90,164,850,688 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.
- - End Of File - - C437F87DB7CE91F5509A81A3A1E7345D



MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000007bc

Kernel Drivers (total 136):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xB9E44000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E24000 fltmgr.sys
0xB9E12000 sr.sys
0xB9DCD000 bdfsfltr.sys
0xBA0F8000 PxHelp20.sys
0xB9DB6000 KSecDD.sys
0xB9D29000 Ntfs.sys
0xB9CFC000 NDIS.sys
0xB9CE2000 Mup.sys
0xBA268000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB95DC000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB95C8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9587000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9563000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3D8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB953B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9507000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB94E4000 \SystemRoot\system32\DRIVERS\ks.sys
0xB93E5000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB933E000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA3E0000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA3E8000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA278000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA288000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA298000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA7AD000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9CAA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9327000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA308000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA318000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9316000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA128000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA400000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB92E6000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA138000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA408000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA410000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB92CC000 \SystemRoot\system32\DRIVERS\bdfndisf.sys
0xBA5D4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9246000 \SystemRoot\system32\DRIVERS\update.sys
0xB9C86000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA158000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA168000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5D8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB9C62000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xB5C07000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB5BE3000 \SystemRoot\system32\drivers\portcls.sys
0xBA1B8000 \SystemRoot\system32\drivers\drmk.sys
0xB92C4000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA5DC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA72D000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5DE000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA420000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA428000 \SystemRoot\System32\drivers\vga.sys
0xBA5E0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5E2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA430000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA438000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB92BC000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB5B60000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB5B07000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB5AEB000 \??\C:\Program Files\Common Files\Defender Pro\Defender Pro Firewall\bdftdif.sys
0xB5AC5000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB5A9D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB92A4000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB5A7B000 \SystemRoot\System32\drivers\afd.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB5A59000 \??\D:\Program Files\SuperAntiSpyware\SASKUTIL.SYS
0xB6122000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA208000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA448000 \??\D:\Program Files\SuperAntiSpyware\SASDIFSV.SYS
0xB5A06000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA763000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
0xB5996000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA218000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA238000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA460000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA468000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB5BDB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB5BD3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA248000 \SystemRoot\system32\drivers\LVUSBSta.sys
0xB5526000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0xBA258000 \SystemRoot\system32\drivers\usbaudio.sys
0xB548E000 \SystemRoot\system32\DRIVERS\lvrs.sys
0xB5476000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5F0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB5BB7000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA470000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6C8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF53E000 \SystemRoot\System32\ATMFD.DLL
0xB5082000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB4DA2000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB4D75000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA5C6000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xB4D3A000 \??\C:\Program Files\Defender Pro\Defender Pro\bdvedisk.sys
0xBA228000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xB4BF2000 \SystemRoot\system32\DRIVERS\srv.sys
0xB4D51000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xBA450000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xB48FA000 \??\C:\Program Files\Defender Pro\Defender Pro\bdselfpr.sys
0xB467E000 \SystemRoot\system32\drivers\bdfm.sys
0xB4665000 \SystemRoot\system32\drivers\BDHV.SYS
0xB4538000 \SystemRoot\system32\drivers\wdmaud.sys
0xB47D2000 \SystemRoot\system32\drivers\sysaudio.sys
0xB4137000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA398000 \??\C:\DOCUME~1\Stuart\LOCALS~1\Temp\catchme.sys
0xBA666000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xB2DAF000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 42):
0 System Idle Process
4 System
988 C:\WINDOWS\system32\smss.exe
1048 csrss.exe
1072 C:\WINDOWS\system32\winlogon.exe
1116 C:\WINDOWS\system32\services.exe
1128 C:\WINDOWS\system32\lsass.exe
1308 C:\WINDOWS\system32\svchost.exe
1376 svchost.exe
1500 C:\Program Files\Windows Defender\MsMpEng.exe
1540 C:\Program Files\Common Files\Defender Pro\Defender Pro Update Service\livesrv.exe
1572 C:\Program Files\Defender Pro\Defender Pro\vsserv.exe
1688 C:\WINDOWS\system32\svchost.exe
1888 svchost.exe
1932 svchost.exe
312 C:\WINDOWS\system32\spoolsv.exe
480 svchost.exe
516 C:\Program Files\Cobian Backup 10\cbVSCService.exe
824 C:\Program Files\Java\jre6\bin\jqs.exe
852 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
1440 C:\WINDOWS\system32\svchost.exe
1792 C:\WINDOWS\system32\nvsvc32.exe
2000 C:\WINDOWS\system32\svchost.exe
964 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
1360 C:\WINDOWS\system32\svchost.exe
1484 D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
1812 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2668 alg.exe
1916 C:\Program Files\Defender Pro\Defender Pro\bdagent.exe
2680 C:\Program Files\Defender Pro\Defender Pro\seccenter.exe
3940 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2412 D:\Program Files\SuperAntiSpyware\SUPERANTISPYWARE.EXE
2640 D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
3436 D:\Program Files\WinZip\WZQKPICK.EXE
224 C:\Program Files\Memeo\AutoSync\MemeoAutoSync.exe
252 C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
1264 C:\WINDOWS\system32\ctfmon.exe
8892 C:\WINDOWS\system32\wuauclt.exe
8204 C:\WINDOWS\explorer.exe
1868 C:\WINDOWS\system32\notepad.exe
6036 C:\WINDOWS\system32\wuauclt.exe
6848 C:\Documents and Settings\Stuart\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`9a6f5600 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000049`1c5abe00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-75YGA0, Rev: 12.01C02

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E


Done!

#12 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:22 AM

Posted 13 May 2011 - 03:09 PM

Hi-

Thanks for the two logs. Now it is time to do a little clean up.

1. Close any open browsers.

2. Open notepad and copy/paste the text in the codebox below into it:

Driver::
mrtRate
RenV::
c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper .exe
c:\program files\Dell Support Center\bin\sprtcmd .exe

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Next, please run Malwarebytes' Anti-Malware (MBAM)
  • Click on the Update tab and click the Check for Updates button.
  • When the update is finished, click on the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

Please copy into your reply the ComboFix and the MBAM reports. How is your computer doing?
Shannon

#13 stmedlin

stmedlin
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 14 May 2011 - 02:55 PM

When I try running the combofix program, it tried to download the Windows Console. I had previously installed the console several months ago when I had a previous infection. It still shows up as an option when I boot up. I do get an error message "Extraciting file failed. It most likely caused by low memory (low disk space for swapping file) or corrupted cabinet file." Then, Extract.cfxxe encountered a problem. Contents of C:\cmdcons are not in order.


Combofix log:

ComboFix 11-05-11.04 - Stuart 05/14/2011 10:03:41.5.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2435 [GMT -4:00]
Running from: c:\documents and settings\Stuart\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Stuart\Desktop\cfscript.txt
AV: Defender Pro Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Defender Pro Firewall *Enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MRTRATE
-------\Service_mrtRate
.
.
((((((((((((((((((((((((( Files Created from 2011-04-14 to 2011-05-14 )))))))))))))))))))))))))))))))
.
.
2011-05-14 03:19 . 2011-04-18 13:15 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{E8CFAF97-89DC-419F-AB26-E91BF18030B2}\mpengine.dll
2011-05-12 22:47 . 2011-04-18 13:15 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-05-11 00:56 . 2011-05-11 00:56 -------- d-----w- c:\program files\Common Files\Java
2011-05-11 00:55 . 2011-05-11 00:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-11 00:55 . 2011-05-11 00:55 -------- d-----w- c:\program files\Java
2011-05-04 03:09 . 2011-05-04 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2011-05-04 02:58 . 2011-05-04 02:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-04-26 01:22 . 2011-04-26 01:22 -------- d-----w- c:\documents and settings\Stuart\Application Data\BitDefender
2011-04-26 00:50 . 2011-04-26 00:50 -------- d-----w- c:\program files\Windows Defender
2011-04-24 00:04 . 2011-04-24 00:04 1409 ----a-w- c:\windows\QTFont.for
2011-04-23 22:15 . 2011-04-23 22:15 -------- d-----w- c:\documents and settings\Diana\Application Data\SUPERAntiSpyware.com
2011-04-15 22:41 . 2011-04-15 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-11 00:55 . 2010-09-18 04:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-13 03:29 . 2011-04-13 03:29 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-03-10 01:07 . 2010-12-29 18:07 1324 ----a-w- c:\documents and settings\Jen\Local Settings\Application Data\d3d9caps.tmp
2011-03-07 05:33 . 2004-08-11 21:12 692736 ------w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2004-08-11 21:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-11 21:00 1857920 ------w- c:\windows\system32\win32k.sys
2011-02-17 19:00 . 2004-08-11 21:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00 . 2004-08-11 21:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00 . 2004-08-11 21:00 78336 ------w- c:\windows\system32\ieencode.dll
2011-02-17 19:00 . 2004-08-11 21:00 17408 ------w- c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2004-08-11 21:00 455936 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-11 21:00 357888 ------w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-15 21:13 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2004-08-11 21:00 389120 ------w- c:\windows\system32\html.iec
2011-02-15 12:56 . 2004-08-11 21:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2010-10-11 15:31 . 2010-07-10 04:57 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2010-07-26 23:53 . 2009-11-17 05:12 119808 ------w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{96B985B7-3CF9-456A-9DB6-791710E60F5F}"= "c:\program files\MyPoints Toolbar 2.0\Helper.dll" [2009-11-18 242688]
"{4219427b-0228-4356-a78b-eb7668d37d07}"= "c:\program files\InboxDollars\Helper.dll" [2010-11-24 356864]
.
[HKEY_CLASSES_ROOT\clsid\{96b985b7-3cf9-456a-9db6-791710e60f5f}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{9FEBEA6D-4801-4D23-97E7-A771B698E442}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{4219427b-0228-4356-a78b-eb7668d37d07}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{8EF4D7EF-810E-4629-A9C9-F92FD201FE1A}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
2009-11-18 01:26 1440768 ------w- c:\program files\MyPoints Toolbar 2.0\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}]
2010-11-24 05:02 1532416 ------w- c:\program files\InboxDollars\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Toolbar 2.0\Toolbar.dll" [2009-11-18 1440768]
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files\InboxDollars\Toolbar.dll" [2010-11-24 1532416]
.
[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Toolbar 2.0\Toolbar.dll" [2009-11-18 1440768]
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files\InboxDollars\Toolbar.dll" [2010-11-24 1532416]
.
[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-03 39408]
"SUPERAntiSpyware"="d:\program files\SuperAntiSpyware\SUPERAntiSpyware.exe" [2011-05-06 2424192]
"TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-12-10 247144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-23 8429568]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-15 98304]
"DPAgent"="c:\program files\Defender Pro\Defender Pro\bdagent.exe" [2010-10-11 1114536]
"Defender Pro Antiphishing Helper"="c:\program files\Defender Pro\Defender Pro\IEShow.exe" [2010-10-11 71152]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Diana\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\Jen\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - d:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
.
c:\documents and settings\Stuart\Start Menu\Programs\Startup\
Memeo AutoBackup Launcher.lnk - c:\documents and settings\Stuart\Application Data\Microsoft\Installer\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2009-6-25 73728]
Memeo AutoSync Launcher.lnk - c:\program files\Memeo\AutoSync\MemeoLauncher.exe [2007-7-6 125976]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - d:\program files\WinZip\WZQKPICK.EXE [2011-4-15 610120]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SuperAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2007-07-16 23:48 69632 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BarbieGirlsTray]
2007-03-15 02:59 24576 ----a-w- D:\Mattel.BarbieGirls.Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 15:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-02-13 23:21 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-26 23:53 30192 ------w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- d:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-03-20 21:34 213936 ------w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-05-23 19:33 8429568 ------w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 15:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-04-15 15:04 98304 ------w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-07-16 23:48 16132608 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\MyPoints Toolbar 2.0\\TroubleShooter.exe"=
"c:\\Program Files\\MyPoints Toolbar 2.0\\ToolbarUpdate.exe"=
"d:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"d:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\Program Files\\Defender Pro\\Defender Pro\\DpReg.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\InboxDollars\\TroubleShooter.exe"=
"c:\\Program Files\\InboxDollars\\ToolbarUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 SASDIFSV;SASDIFSV;d:\program files\SuperAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\SuperAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 BDVEDISK;BDVEDISK;c:\program files\Defender Pro\Defender Pro\bdvedisk.sys [4/1/2009 11:25 AM 82696]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [9/2/2010 11:42 PM 67584]
R2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [12/10/2010 8:29 AM 92008]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [6/29/2009 2:12 PM 152328]
R3 bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [7/9/2009 9:49 AM 110728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/12/2010 9:55 AM 135664]
S3 Arrakis3;Defender Pro Arrakis Server;c:\program files\Common Files\Defender Pro\Defender Pro Arrakis Server\bin\arrakis3.exe [6/25/2009 4:04 PM 183880]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/15/2008 11:01 AM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/12/2010 9:55 AM 135664]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [11/17/2008 12:51 PM 1128944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [7/6/2007 5:28 PM 31768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-12 13:55]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-12 13:55]
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1550744349-157636350-1699425034-1006Core.job
- c:\documents and settings\Diana\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-30 17:08]
.
2011-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1550744349-157636350-1699425034-1006UA.job
- c:\documents and settings\Diana\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-30 17:08]
.
2011-05-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Gish It! - http://www.gishpuppy.com/menugpext.html
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Stuart\Application Data\Mozilla\Firefox\Profiles\6mwz4xhf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.att.net/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJfox000&ptb=ZQyW0nJCK62vVR.jRn6GgQ&psa=&ind=2010072217&ptnrS=ZJfox000&si=&st=kwd&n=77cf4499&searchfor=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-NetZero_uoltray - d:\program files\NetZero\exec.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-oasnwrmxce - c:\docume~1\Stuart\LOCALS~1\Temp\oasnwrmxce.tmp
MSConfigStartUp-OE_OEM - c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_04\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-14 10:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(10052)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Memeo\AutoBackup\MemeoBackup.exe
c:\program files\Memeo\AutoSync\MemeoAutoSync.exe
c:\windows\system32\wscript.exe
.
**************************************************************************
.
Completion time: 2011-05-14 10:22:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-14 14:22
ComboFix2.txt 2011-05-12 23:19
ComboFix3.txt 2011-05-12 22:54
.
Pre-Run: 89,652,830,208 bytes free
Post-Run: 89,957,744,640 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.
- - End Of File - - 356F8B8729F1A708E6F0EF526287116C


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6578

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/14/2011 2:22:18 PM
mbam-log-2011-05-14 (14-22-18).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|H:\|I:\|J:\|K:\|)
Objects scanned: 378044
Time elapsed: 1 hour(s), 9 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:22 AM

Posted 15 May 2011 - 04:58 AM

Hi-

Thank you for the reports. It sounds like you need to uninstall the Recovery Console -

  • Click Start, click My Computer, and then double-click the hard disk(C:\) on which you installed the Recovery Console.
  • On the Tools menu, click Folder Options, and then click the View tab.
  • Click Show hidden files and folders, click to clear the Hide protected operating system files check box, and then click OK.
  • At the root folder, delete the Cmdcons folder and the Cmldr file.
  • At the root folder, right-click the Boot.ini file, and then click Properties.
  • Click to clear the Read-only check box, and then click OK.
  • WARNING: Modifying the Boot.ini file incorrectly may prevent your computer from restarting. Be sure to delete only the entry for the Recovery Console. Also, it is recommended that you change the attribute for the Boot.ini file back to a read-only state after you complete this procedure. Open the Boot.ini file in Microsoft Windows Notepad, and remove the entry for the Recovery Console. It looks similar to this:

    C:\cmdcons\bootsect.dat="Microsoft Windows Recovery Console" /cmdcons

  • Save the file and close it.

How is your computer doing now?
Shannon

#15 stmedlin

stmedlin
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 16 May 2011 - 04:11 PM

The CmdCons folder doesn't seem to exist on my machine. I do see the cmldr file however. Should I go ahead and follow the remaining steps?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users