Big Black Box Saying I'm Infected

[Mackenziek]

I do not see the McAfee icon anymore in the start tray. Which is fine. What should I use for virus and malware software? Any recommendations?

BTW the big black box is gone... THANK YOU.


Should I do a reboot of the system?

[Mackenziek]

Seems to be working fine! Rebooted and McAfee came back. Still would like a better option - however, I am happy!

Thanks so much again.

[Blade81]

Hi again,

Are you familiar with c:\program files\kathyspy folder?


Open notepad and copy/paste the text in the quotebox below into it:

Code:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall your current shockwave player and get the fresh one here if needed.

Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 17.
• Click the
  Download
  button to the right.
• Select Windows on platform combobox and check the box that says:
  Accept License Agreement. Click continue.
  
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

[Mackenziek]

ComboFix 09-12-10.01 - MARTIN TIERNAN 12/10/2009 19:57:48.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1348 [GMT -5:00]
Running from: c:\documents and settings\MARTIN TIERNAN\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MARTIN TIERNAN\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2009-11-11 to 2009-12-11 )))))))))))))))))))))))))))))))
.

2009-12-05 13:44 . 2009-12-09 20:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 1
2009-12-05 12:40 . 2009-12-05 12:40 -------- d-----w- c:\program files\kathyspy
2009-12-05 12:31 . 2009-12-05 12:31 -------- d-----w- c:\documents and settings\MARTIN TIERNAN\Application Data\Malwarebytes
2009-12-05 12:30 . 2009-12-05 13:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-05 12:27 . 2009-12-05 12:27 -------- d-----w- c:\documents and settings\MARTIN TIERNAN\Local Settings\Application Data\Threat Expert
2009-12-05 12:12 . 2009-12-05 13:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 18:24 . 2008-04-27 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-12-05 13:58 . 2008-03-09 23:51 -------- d-----w- c:\program files\McAfee
2009-12-05 13:47 . 2007-01-03 01:48 -------- d-----w- c:\program files\Trend Micro
2009-12-01 17:14 . 2007-05-15 14:06 2984 -c--a-w- c:\windows\system32\KGyGaAvL.sys
2009-12-01 17:14 . 2007-01-31 09:10 -------- d-----w- c:\documents and settings\MARTIN TIERNAN\Application Data\Corel
2009-12-01 17:14 . 2007-05-15 14:06 88 -csh--r- c:\windows\system32\20EDD23AFF.sys
2009-10-29 07:45 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2005-08-16 10:18 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2005-08-16 10:18 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 05:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2005-08-16 10:18 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2005-08-16 10:18 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2005-08-16 10:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-06 19:43 . 2007-10-06 15:20 7114 -c--a-w- c:\documents and settings\MARTIN TIERNAN\Application Data\wklnhst.dat
2009-10-01 14:48 . 2009-10-01 14:48 34 ------w- c:\windows\system32\BD2070N.DAT
2009-09-16 14:22 . 2008-03-09 23:53 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2008-03-09 23:53 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2008-03-09 23:52 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2008-03-09 23:52 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2008-03-09 23:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-09 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-23 1392640]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1168874850\ee\AOLSoftware.exe" [2008-06-24 41824]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-03 98304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

c:\documents and settings\MARTIN TIERNAN\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-2 24576]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1168874850\\ee\\aolsoftware.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\1168874850\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\McAfee\\MSC\\mcsvrcnt.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=
"c:\\WINDOWS\\system32\\HPZinw12.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: turbotax.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-10 20:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2036)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-10 20:06:15
ComboFix-quarantined-files.txt 2009-12-11 01:06
ComboFix2.txt 2009-12-09 19:49

Pre-Run: 45,302,525,952 bytes free
Post-Run: 45,273,038,848 bytes free

- - End Of File - - 059DDC230800B8336F41F6D6A410AFD8

[Mackenziek]

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, December 11, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, December 11, 2009 01:51:15
Records in database: 3355018
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 99737
Threats found: 5
Infected objects found: 25
Suspicious objects found: 0
Scan duration: 01:59:41


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\critical_warning.html.vir Infected: Trojan.JS.Hoax.b 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\nivedusa.dll.vir Infected: Packed.Win32.TDSS.aa 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\sonewibu.dll.vir Infected: Packed.Win32.TDSS.aa 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon86.exe.vir Infected: Trojan-Downloader.Win32.Agent.cwyd 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\winupdate86.exe.vir Infected: Trojan-Downloader.Win32.Agent.cwyd 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP744\A0210915.exe Infected: Trojan-Downloader.Win32.Agent.cwyd 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP744\A0211916.exe Infected: Trojan-Downloader.Win32.Agent.cwyd 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP744\A0212915.exe Infected: Trojan-Downloader.Win32.Agent.cwyd 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP745\A0212946.dll Infected: Packed.Win32.TDSS.aa 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP745\A0212947.dll Infected: Packed.Win32.TDSS.aa 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP745\A0213033.exe Infected: Trojan.Win32.FraudPack.acev 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP745\A0213037.exe Infected: Trojan.Win32.Vilsel.ofq 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP745\A0213041.dll Infected: Packed.Win32.TDSS.aa 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP745\A0213045.exe Infected: Trojan-Downloader.Win32.Agent.cwyd 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP745\A0214044.exe Infected: Trojan-Downloader.Win32.Agent.cwyd 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP745\A0214061.exe Infected: Trojan-Downloader.Win32.Agent.cwyd 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP745\A0215061.exe Infected: Trojan-Downloader.Win32.Agent.cwyd 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP745\A0216069.exe Infected: Trojan-Downloader.Win32.Agent.cwyd 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP745\A0217070.exe Infected: Trojan-Downloader.Win32.Agent.cwyd 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP745\A0218061.exe Infected: Trojan-Downloader.Win32.Agent.cwyd 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP745\A0220068.dll Infected: Packed.Win32.TDSS.aa 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP745\A0220110.dll Infected: Packed.Win32.TDSS.aa 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP745\A0220112.dll Infected: Packed.Win32.TDSS.aa 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP745\A0220117.exe Infected: Trojan-Downloader.Win32.Agent.cwyd 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\19UM0CYD\exe[1].exe Infected: Trojan-Downloader.Win32.Agent.cwyd 1

Selected area has been scanned.

[Mackenziek]

attach file:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/15/2007 9:27:53 AM
System Uptime: 12/10/2009 8:59:29 PM (12 hours ago)

Motherboard: Dell Inc. | | 0FF049
Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz | Microprocessor | 1728/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 68 GiB total, 41.825 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP700: 9/12/2009 5:59:20 PM - System Checkpoint
RP701: 9/15/2009 8:11:16 AM - System Checkpoint
RP702: 9/16/2009 5:51:33 PM - System Checkpoint
RP703: 9/18/2009 9:19:29 AM - System Checkpoint
RP704: 9/19/2009 3:01:47 PM - System Checkpoint
RP705: 9/21/2009 4:00:13 PM - System Checkpoint
RP706: 9/23/2009 2:49:36 PM - System Checkpoint
RP707: 9/27/2009 9:12:53 AM - System Checkpoint
RP708: 10/1/2009 10:07:46 AM - System Checkpoint
RP709: 10/5/2009 2:08:47 PM - System Checkpoint
RP710: 10/6/2009 3:53:47 PM - Restore Operation
RP711: 10/8/2009 9:30:42 AM - System Checkpoint
RP712: 10/9/2009 6:03:21 PM - System Checkpoint
RP713: 10/12/2009 5:43:19 PM - System Checkpoint
RP714: 10/13/2009 7:27:35 PM - System Checkpoint
RP715: 10/14/2009 8:21:40 AM - Software Distribution Service 3.0
RP716: 10/15/2009 4:37:19 PM - System Checkpoint
RP717: 10/16/2009 5:41:09 PM - System Checkpoint
RP718: 10/18/2009 3:19:54 PM - System Checkpoint
RP719: 10/19/2009 4:42:51 PM - System Checkpoint
RP720: 10/21/2009 9:08:55 AM - System Checkpoint
RP721: 10/22/2009 1:48:47 PM - System Checkpoint
RP722: 10/25/2009 2:11:45 PM - System Checkpoint
RP723: 10/26/2009 9:40:42 PM - System Checkpoint
RP724: 11/1/2009 9:04:21 AM - System Checkpoint
RP725: 11/4/2009 8:31:53 AM - Software Distribution Service 3.0
RP726: 11/5/2009 9:38:31 AM - System Checkpoint
RP727: 11/6/2009 7:26:58 PM - System Checkpoint
RP728: 11/10/2009 9:57:35 AM - System Checkpoint
RP729: 11/11/2009 9:49:07 AM - Software Distribution Service 3.0
RP730: 11/14/2009 10:09:03 AM - System Checkpoint
RP731: 11/17/2009 10:41:26 AM - System Checkpoint
RP732: 11/18/2009 11:21:13 AM - System Checkpoint
RP733: 11/19/2009 12:19:57 PM - System Checkpoint
RP734: 11/21/2009 9:52:36 AM - System Checkpoint
RP735: 11/23/2009 10:00:24 AM - System Checkpoint
RP736: 11/24/2009 10:39:31 AM - System Checkpoint
RP737: 11/24/2009 9:21:47 PM - Software Distribution Service 3.0
RP738: 11/26/2009 10:13:29 AM - System Checkpoint
RP739: 11/27/2009 3:00:18 AM - Software Distribution Service 3.0
RP740: 11/28/2009 8:33:40 AM - System Checkpoint
RP741: 11/29/2009 10:53:24 AM - System Checkpoint
RP742: 11/30/2009 11:26:33 AM - System Checkpoint
RP743: 12/1/2009 6:15:29 PM - System Checkpoint
RP744: 12/3/2009 11:27:58 AM - System Checkpoint
RP745: 12/4/2009 12:10:52 PM - System Checkpoint
RP746: 12/9/2009 3:22:36 PM - Removed Banctec Service Agreement
RP747: 12/9/2009 3:24:41 PM - Removed NetZeroInstallers
RP748: 12/9/2009 4:23:51 PM - Software Distribution Service 3.0
RP749: 12/10/2009 6:49:24 PM - System Checkpoint
RP750: 12/10/2009 8:11:03 PM - Removed Adobe Reader 8.1.2
RP751: 12/10/2009 8:35:29 PM - Installed Adobe Reader 9.2.
RP752: 12/10/2009 8:54:27 PM - Removed Java(TM) 6 Update 7
RP753: 12/10/2009 8:55:19 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP754: 12/10/2009 8:56:21 PM - Removed Java(TM) 6 Update 11
RP755: 12/10/2009 9:11:04 PM - Installed Java(TM) 6 Update 17

==== Installed Programs ======================


6300
6300_Help
6300Trb
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
Adobe Shockwave Player 11.5
AiO_Scan_CDA
AiOSoftwareNPI
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Broadcom Management Programs
Brother HL-2070N
BufferChm
Conexant HDA D110 MDC V.92 Modem
Corel Snapfire Plus
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
CueTour
CustomerResearchQFolder
Dell Support 3.2.1
Dell System Restore
Dell Wireless WLAN Card
Destinations
DeviceManagementQFolder
Digital Content Portal
Digital Line Detect
DING!
DocProc
DocProcQFolder
Documentation & Support Launcher
DocumentViewer
DocumentViewerQFolder
eSupportQFolder
Fax_CDA
FullDPAppQFolder
Games, Music, & Photos Launcher
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Driver Diagnostics
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevices
InstantShareDevicesMFC
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 17
MarketResearch
McAfee SecurityCenter
MediaDirect
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
NewCopy_CDA
OCR Software by I.R.I.S 7.0
OutlookAddinSetup
overland
PanoStandAlone
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
ProductContextNPI
PS7900
PSShortcutsP
PSUsage
QFolder
QuickSet
QuickTime
RandMap
Readme
RealPlayer Basic
Rhapsody
Rhapsody Player Engine
Scan
ScannerCopy
SearchAssist
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SkinsHP1
SlideShow
SolutionCenter
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
TurboTax 2008
TurboTax 2008 wctiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax Home & Business 2006
TurboTax Home & Business 2007
TurboTax ItsDeductible 2006
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Media Player
WebFldrs XP
WebReg
WexTech AnswerWorks
WIDCOMM Bluetooth Software
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Works Upgrade

==== Event Viewer Messages From Past Week ========

12/4/2009 9:14:58 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/4/2009 10:19:52 AM, error: PlugPlayManager [12] - The device 'Microsoft Kernel Acoustic Echo Canceller' (Root\LEGACY_AEC\0000) disappeared from the system without first being prepared for removal.
12/10/2009 7:57:28 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
12/10/2009 7:53:33 AM, error: Dhcp [1002] - The IP address lease 192.168.1.12 for the Network Card with network address 001A921ABDAA has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/10/2009 10:18:47 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001A921ABDAA has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

dds file:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/15/2007 9:27:53 AM
System Uptime: 12/10/2009 8:59:29 PM (12 hours ago)

Motherboard: Dell Inc. | | 0FF049
Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz | Microprocessor | 1728/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 68 GiB total, 41.825 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP700: 9/12/2009 5:59:20 PM - System Checkpoint
RP701: 9/15/2009 8:11:16 AM - System Checkpoint
RP702: 9/16/2009 5:51:33 PM - System Checkpoint
RP703: 9/18/2009 9:19:29 AM - System Checkpoint
RP704: 9/19/2009 3:01:47 PM - System Checkpoint
RP705: 9/21/2009 4:00:13 PM - System Checkpoint
RP706: 9/23/2009 2:49:36 PM - System Checkpoint
RP707: 9/27/2009 9:12:53 AM - System Checkpoint
RP708: 10/1/2009 10:07:46 AM - System Checkpoint
RP709: 10/5/2009 2:08:47 PM - System Checkpoint
RP710: 10/6/2009 3:53:47 PM - Restore Operation
RP711: 10/8/2009 9:30:42 AM - System Checkpoint
RP712: 10/9/2009 6:03:21 PM - System Checkpoint
RP713: 10/12/2009 5:43:19 PM - System Checkpoint
RP714: 10/13/2009 7:27:35 PM - System Checkpoint
RP715: 10/14/2009 8:21:40 AM - Software Distribution Service 3.0
RP716: 10/15/2009 4:37:19 PM - System Checkpoint
RP717: 10/16/2009 5:41:09 PM - System Checkpoint
RP718: 10/18/2009 3:19:54 PM - System Checkpoint
RP719: 10/19/2009 4:42:51 PM - System Checkpoint
RP720: 10/21/2009 9:08:55 AM - System Checkpoint
RP721: 10/22/2009 1:48:47 PM - System Checkpoint
RP722: 10/25/2009 2:11:45 PM - System Checkpoint
RP723: 10/26/2009 9:40:42 PM - System Checkpoint
RP724: 11/1/2009 9:04:21 AM - System Checkpoint
RP725: 11/4/2009 8:31:53 AM - Software Distribution Service 3.0
RP726: 11/5/2009 9:38:31 AM - System Checkpoint
RP727: 11/6/2009 7:26:58 PM - System Checkpoint
RP728: 11/10/2009 9:57:35 AM - System Checkpoint
RP729: 11/11/2009 9:49:07 AM - Software Distribution Service 3.0
RP730: 11/14/2009 10:09:03 AM - System Checkpoint
RP731: 11/17/2009 10:41:26 AM - System Checkpoint
RP732: 11/18/2009 11:21:13 AM - System Checkpoint
RP733: 11/19/2009 12:19:57 PM - System Checkpoint
RP734: 11/21/2009 9:52:36 AM - System Checkpoint
RP735: 11/23/2009 10:00:24 AM - System Checkpoint
RP736: 11/24/2009 10:39:31 AM - System Checkpoint
RP737: 11/24/2009 9:21:47 PM - Software Distribution Service 3.0
RP738: 11/26/2009 10:13:29 AM - System Checkpoint
RP739: 11/27/2009 3:00:18 AM - Software Distribution Service 3.0
RP740: 11/28/2009 8:33:40 AM - System Checkpoint
RP741: 11/29/2009 10:53:24 AM - System Checkpoint
RP742: 11/30/2009 11:26:33 AM - System Checkpoint
RP743: 12/1/2009 6:15:29 PM - System Checkpoint
RP744: 12/3/2009 11:27:58 AM - System Checkpoint
RP745: 12/4/2009 12:10:52 PM - System Checkpoint
RP746: 12/9/2009 3:22:36 PM - Removed Banctec Service Agreement
RP747: 12/9/2009 3:24:41 PM - Removed NetZeroInstallers
RP748: 12/9/2009 4:23:51 PM - Software Distribution Service 3.0
RP749: 12/10/2009 6:49:24 PM - System Checkpoint
RP750: 12/10/2009 8:11:03 PM - Removed Adobe Reader 8.1.2
RP751: 12/10/2009 8:35:29 PM - Installed Adobe Reader 9.2.
RP752: 12/10/2009 8:54:27 PM - Removed Java(TM) 6 Update 7
RP753: 12/10/2009 8:55:19 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP754: 12/10/2009 8:56:21 PM - Removed Java(TM) 6 Update 11
RP755: 12/10/2009 9:11:04 PM - Installed Java(TM) 6 Update 17

==== Installed Programs ======================


6300
6300_Help
6300Trb
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
Adobe Shockwave Player 11.5
AiO_Scan_CDA
AiOSoftwareNPI
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Broadcom Management Programs
Brother HL-2070N
BufferChm
Conexant HDA D110 MDC V.92 Modem
Corel Snapfire Plus
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
CueTour
CustomerResearchQFolder
Dell Support 3.2.1
Dell System Restore
Dell Wireless WLAN Card
Destinations
DeviceManagementQFolder
Digital Content Portal
Digital Line Detect
DING!
DocProc
DocProcQFolder
Documentation & Support Launcher
DocumentViewer
DocumentViewerQFolder
eSupportQFolder
Fax_CDA
FullDPAppQFolder
Games, Music, & Photos Launcher
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Driver Diagnostics
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevices
InstantShareDevicesMFC
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 17
MarketResearch
McAfee SecurityCenter
MediaDirect
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
NewCopy_CDA
OCR Software by I.R.I.S 7.0
OutlookAddinSetup
overland
PanoStandAlone
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
ProductContextNPI
PS7900
PSShortcutsP
PSUsage
QFolder
QuickSet
QuickTime
RandMap
Readme
RealPlayer Basic
Rhapsody
Rhapsody Player Engine
Scan
ScannerCopy
SearchAssist
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SkinsHP1
SlideShow
SolutionCenter
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
TurboTax 2008
TurboTax 2008 wctiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax Home & Business 2006
TurboTax Home & Business 2007
TurboTax ItsDeductible 2006
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Media Player
WebFldrs XP
WebReg
WexTech AnswerWorks
WIDCOMM Bluetooth Software
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Works Upgrade

==== Event Viewer Messages From Past Week ========

12/4/2009 9:14:58 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/4/2009 10:19:52 AM, error: PlugPlayManager [12] - The device 'Microsoft Kernel Acoustic Echo Canceller' (Root\LEGACY_AEC\0000) disappeared from the system without first being prepared for removal.
12/10/2009 7:57:28 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
12/10/2009 7:53:33 AM, error: Dhcp [1002] - The IP address lease 192.168.1.12 for the Network Card with network address 001A921ABDAA has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/10/2009 10:18:47 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001A921ABDAA has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

[Blade81]

Hi,

Looks like you missed this question:

Are you familiar with c:\program files\kathyspy folder?

[Mackenziek]

Sorry, there was a lot in that last post. Tried to be thorough.

No not familiar with it. All I can think of is that when I first tried to load a anti-malware program (I think malware bytes), the current issue was not allowing me to download. One suggestion I had read on a post was to change the name before saving to the computer. I don't recall naming it that, but since my name is Kathy, I must have. Huh?

This was pre- coming to your forum.

[Blade81]

Hi,

Let's take one more run with ComboFix:


Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\19UM0CYD\exe[1].exe
DirLook::
c:\program files\kathyspy

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

[Mackenziek]

ComboFix 09-12-10.01 - MARTIN TIERNAN 12/11/2009 13:25:49.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1341 [GMT -5:00]
Running from: c:\documents and settings\MARTIN TIERNAN\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MARTIN TIERNAN\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\19UM0CYD\exe[1].exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\19UM0CYD\exe[1].exe

.
((((((((((((((((((((((((( Files Created from 2009-11-11 to 2009-12-11 )))))))))))))))))))))))))))))))
.

2009-12-11 01:44 . 2009-12-11 01:44 1956528 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-12-11 01:42 . 2009-12-11 01:42 -------- d-----w- c:\windows\system32\Adobe
2009-12-11 01:29 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\MARTIN TIERNAN\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-12-11 01:29 . 2009-12-11 01:29 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-11 01:28 . 2009-12-11 01:28 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-12-11 01:28 . 2009-12-11 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-11 01:12 . 2009-12-11 01:12 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-12-05 13:44 . 2009-12-09 20:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 1
2009-12-05 12:40 . 2009-12-05 12:40 -------- d-----w- c:\program files\kathyspy
2009-12-05 12:31 . 2009-12-05 12:31 -------- d-----w- c:\documents and settings\MARTIN TIERNAN\Application Data\Malwarebytes
2009-12-05 12:30 . 2009-12-05 13:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-05 12:27 . 2009-12-05 12:27 -------- d-----w- c:\documents and settings\MARTIN TIERNAN\Local Settings\Application Data\Threat Expert
2009-12-05 12:12 . 2009-12-05 13:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-11 02:11 . 2009-02-27 15:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-11 02:11 . 2007-01-03 01:37 -------- d-----w- c:\program files\Java
2009-12-11 01:36 . 2008-02-08 19:15 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-05 18:24 . 2008-04-27 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-12-05 13:58 . 2008-03-09 23:51 -------- d-----w- c:\program files\McAfee
2009-12-05 13:47 . 2007-01-03 01:48 -------- d-----w- c:\program files\Trend Micro
2009-12-01 17:14 . 2007-05-15 14:06 2984 -c--a-w- c:\windows\system32\KGyGaAvL.sys
2009-12-01 17:14 . 2007-01-31 09:10 -------- d-----w- c:\documents and settings\MARTIN TIERNAN\Application Data\Corel
2009-12-01 17:14 . 2007-05-15 14:06 88 -csh--r- c:\windows\system32\20EDD23AFF.sys
2009-10-29 07:45 . 2005-08-16 10:18 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2005-08-16 10:18 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2005-08-16 10:18 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 05:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2005-08-16 10:18 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2005-08-16 10:18 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2005-08-16 10:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-06 19:43 . 2007-10-06 15:20 7114 -c--a-w- c:\documents and settings\MARTIN TIERNAN\Application Data\wklnhst.dat
2009-10-01 14:48 . 2009-10-01 14:48 34 ------w- c:\windows\system32\BD2070N.DAT
2009-09-16 14:22 . 2008-03-09 23:53 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2008-03-09 23:53 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2008-03-09 23:52 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2008-03-09 23:52 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2008-03-09 23:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\kathyspy ----

2009-12-05 12:40 . 2009-12-03 21:14 429392 ----a-w- c:\program files\kathyspy\mbamgui.exe
2009-12-05 12:40 . 2009-12-03 21:14 496976 ----a-w- c:\program files\kathyspy\vbalsgrid6.ocx
2009-12-05 12:40 . 2009-12-03 21:14 46416 ----a-w- c:\program files\kathyspy\ssubtmr6.dll
2009-12-05 12:40 . 2009-12-03 21:14 79696 ----a-w- c:\program files\kathyspy\zlib.dll
2009-12-05 12:40 . 2009-12-03 21:14 1394000 ----a-w- c:\program files\kathyspy\mbam.exe
2009-12-05 12:40 . 2009-04-15 09:00 13808 ----a-w- c:\program files\kathyspy\Languages\turkish.lng
2009-12-05 12:40 . 2008-10-31 21:54 13097 ----a-w- c:\program files\kathyspy\Languages\ukrainian.lng
2009-12-05 12:40 . 2009-09-09 03:46 12962 ----a-w- c:\program files\kathyspy\Languages\spanish.lng
2009-12-05 12:40 . 2009-09-07 05:51 12265 ----a-w- c:\program files\kathyspy\Languages\swedish.lng
2009-12-05 12:40 . 2009-09-06 13:23 12198 ----a-w- c:\program files\kathyspy\Languages\serbian.lng
2009-12-05 12:40 . 2008-07-26 13:58 11599 ----a-w- c:\program files\kathyspy\Languages\slovak.lng
2009-12-05 12:40 . 2008-03-04 03:28 11205 ----a-w- c:\program files\kathyspy\Languages\slovenian.lng
2009-12-05 12:40 . 2008-07-04 04:58 11779 ----a-w- c:\program files\kathyspy\Languages\russian.lng
2009-12-05 12:40 . 2008-03-04 23:56 12245 ----a-w- c:\program files\kathyspy\Languages\portugueseBR.lng
2009-12-05 12:40 . 2008-06-15 17:04 12345 ----a-w- c:\program files\kathyspy\Languages\portuguesePT.lng
2009-12-05 12:40 . 2008-03-13 23:09 12672 ----a-w- c:\program files\kathyspy\Languages\romanian.lng
2009-12-05 12:40 . 2008-09-11 02:29 13314 ----a-w- c:\program files\kathyspy\Languages\macedonian.lng
2009-12-05 12:40 . 2009-11-25 19:29 11602 ----a-w- c:\program files\kathyspy\Languages\norwegian.lng
2009-12-05 12:40 . 2009-01-11 04:56 11623 ----a-w- c:\program files\kathyspy\Languages\polish.lng
2009-12-05 12:40 . 2009-07-23 23:46 9269 ----a-w- c:\program files\kathyspy\Languages\korean.lng
2009-12-05 12:40 . 2008-12-19 20:30 11457 ----a-w- c:\program files\kathyspy\Languages\latvian.lng
2009-12-05 12:40 . 2008-03-03 21:39 12048 ----a-w- c:\program files\kathyspy\Languages\hungarian.lng
2009-12-05 12:40 . 2008-03-05 00:03 13019 ----a-w- c:\program files\kathyspy\Languages\italian.lng
2009-12-05 12:40 . 2008-10-07 19:15 13234 ----a-w- c:\program files\kathyspy\Languages\greek.lng
2009-12-05 12:40 . 2009-09-14 21:43 8766 ----a-w- c:\program files\kathyspy\Languages\hebrew.lng
2009-12-05 12:40 . 2009-09-09 03:45 13442 ----a-w- c:\program files\kathyspy\Languages\french.lng
2009-12-05 12:40 . 2009-09-10 18:12 13642 ----a-w- c:\program files\kathyspy\Languages\german.lng
2009-12-05 12:40 . 2008-05-17 14:09 11624 ----a-w- c:\program files\kathyspy\Languages\finnish.lng
2009-12-05 12:40 . 2008-03-04 23:56 12255 ----a-w- c:\program files\kathyspy\Languages\dutch.lng
2009-12-05 12:40 . 2009-09-03 14:22 11314 ----a-w- c:\program files\kathyspy\Languages\english.lng
2009-12-05 12:40 . 2009-11-09 00:41 11213 ----a-w- c:\program files\kathyspy\Languages\estonian.lng
2009-12-05 12:40 . 2009-09-07 23:42 12199 ----a-w- c:\program files\kathyspy\Languages\czech.lng
2009-12-05 12:40 . 2009-02-18 00:27 11893 ----a-w- c:\program files\kathyspy\Languages\danish.lng
2009-12-05 12:40 . 2008-08-01 13:03 8045 ----a-w- c:\program files\kathyspy\Languages\chineseSI.lng
2009-12-05 12:40 . 2008-08-04 16:58 8141 ----a-w- c:\program files\kathyspy\Languages\chineseTR.lng
2009-12-05 12:40 . 2008-12-27 20:41 11977 ----a-w- c:\program files\kathyspy\Languages\croatian.lng
2009-12-05 12:40 . 2009-08-01 20:14 12636 ----a-w- c:\program files\kathyspy\Languages\bosnian.lng
2009-12-05 12:40 . 2009-09-09 03:46 12610 ----a-w- c:\program files\kathyspy\Languages\bulgarian.lng
2009-12-05 12:40 . 2008-03-05 00:05 12595 ----a-w- c:\program files\kathyspy\Languages\catalan.lng
2009-12-05 12:40 . 2009-04-10 04:53 10331 ----a-w- c:\program files\kathyspy\Languages\arabic.lng
2009-12-05 12:40 . 2008-07-03 14:10 13924 ----a-w- c:\program files\kathyspy\Languages\albanian.lng
2009-12-05 12:40 . 2009-12-03 21:14 167760 ----a-w- c:\program files\kathyspy\mbam.dll
2009-12-05 12:40 . 2009-11-30 21:34 16921 ----a-w- c:\program files\kathyspy\changes.rtf
2009-12-05 12:40 . 2009-01-04 23:31 4124 ----a-w- c:\program files\kathyspy\license.txt
2009-12-05 12:40 . 2009-12-01 23:53 59113 ----a-w- c:\program files\kathyspy\mbam.chm
2009-12-05 12:40 . 2009-12-03 21:13 84816 ----a-w- c:\program files\kathyspy\mbamext.dll
2009-12-05 12:40 . 2009-12-05 12:36 702288 ----a-w- c:\program files\kathyspy\unins000.exe
2009-12-05 12:40 . 2009-12-05 12:40 0 ----a-w- c:\program files\kathyspy\unins000.dat


((((((((((((((((((((((((((((( SnapShot@2009-12-11_01.04.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-11 02:11 . 2009-12-11 02:11 16384 c:\windows\Temp\Perflib_Perfdata_490.dat
+ 2009-12-11 01:44 . 2009-12-11 01:44 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2007-01-15 14:05 . 2009-12-11 17:07 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-01-15 14:05 . 2009-12-10 23:20 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-01-15 14:05 . 2009-12-11 17:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-01-15 14:05 . 2009-12-10 23:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-12-11 03:25 . 2009-12-11 17:07 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-12-11 01:42 . 2009-12-11 01:42 87618 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2009-10-29 05:27 . 2009-10-29 05:27 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2009-10-29 05:45 . 2009-10-29 05:45 67000 c:\windows\system32\Adobe\Director\SWDNLD.EXE
+ 2009-12-11 01:30 . 2009-12-11 01:30 24576 c:\windows\Installer\ea7ce.msi
+ 2009-12-11 01:29 . 2009-12-11 01:29 27648 c:\windows\Installer\ea7c9.msi
+ 2009-10-29 05:29 . 2009-10-29 05:29 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2009-12-11 01:12 . 2009-12-11 01:12 2560 c:\windows\_MSRSTRT.EXE
+ 2009-11-03 00:24 . 2009-11-03 00:24 257440 c:\windows\system32\Macromed\Flash\FlashUtil10d.exe
+ 2009-12-11 02:11 . 2009-12-11 02:11 149280 c:\windows\system32\javaws.exe
- 2009-08-10 13:05 . 2009-07-25 09:23 149280 c:\windows\system32\javaws.exe
- 2009-08-10 13:05 . 2009-07-25 09:23 145184 c:\windows\system32\javaw.exe
+ 2009-12-11 02:11 . 2009-12-11 02:11 145184 c:\windows\system32\javaw.exe
- 2009-08-10 13:05 . 2009-07-25 09:23 145184 c:\windows\system32\java.exe
+ 2009-12-11 02:11 . 2009-12-11 02:11 145184 c:\windows\system32\java.exe
+ 2009-10-29 04:55 . 2009-10-29 04:55 132472 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2009-10-29 05:27 . 2009-10-29 05:27 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2009-10-29 05:43 . 2009-10-29 05:43 464312 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1152602.exe
+ 2009-10-29 05:29 . 2009-10-29 05:29 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2009-10-29 05:28 . 2009-10-29 05:28 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 713216 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2009-10-29 05:26 . 2009-10-29 05:26 503808 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2009-10-29 05:44 . 2009-10-29 05:44 210360 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2009-10-29 05:28 . 2009-10-29 05:28 131072 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2009-10-29 05:01 . 2009-10-29 05:01 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2009-10-29 04:55 . 2009-10-29 04:55 1886320 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2009-10-29 05:05 . 2009-10-29 05:05 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2009-12-11 01:36 . 2009-12-11 01:36 3940352 c:\windows\Installer\ea7d3.msi
+ 2009-12-11 02:11 . 2009-12-11 02:11 1757696 c:\windows\Installer\a80fa.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-09 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-23 1392640]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1168874850\ee\AOLSoftware.exe" [2008-06-24 41824]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-03 98304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-11 149280]

c:\documents and settings\MARTIN TIERNAN\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-2 24576]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1168874850\\ee\\aolsoftware.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\1168874850\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\McAfee\\MSC\\mcsvrcnt.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=
"c:\\WINDOWS\\system32\\HPZinw12.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009


--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: turbotax.com
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\MSVCP60.dll
.
Completion time: 2009-12-11 13:32:38
ComboFix-quarantined-files.txt 2009-12-11 18:32
ComboFix2.txt 2009-12-11 01:06
ComboFix3.txt 2009-12-09 19:49

Pre-Run: 44,888,027,136 bytes free
Post-Run: 44,930,973,696 bytes free

- - End Of File - - 3111FC42ED3BFD327679164A828F5CE5