View Full Version : redirecting problem, please help (Resolved)
I posted several days ago, and several things have happened since that first post. I replied to my own post, and now realize that I shouldn't because it appears that someone is helping me, when they are not. The link to my original post is here: http://forums.spybot.info/showthread.php?t=55442 (http://forums.spybot.info/showthread.php?t=55478)
Anyway, I reran hijack this and here is the new log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:07 AM, on 2/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://batonrouge.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17599003-a66e-4467-8891-1d57c3e43fcd} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Epson Stylus NX510(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIA.EXE /FU "C:\WINDOWS\TEMP\E_S147.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [F5JMWNZTHI] C:\DOCUME~1\Mom\LOCALS~1\Temp\Spj.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://my.att.net
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.nascar.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/59.10/uploader2.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/52.09/uploader2.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205631147421
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5488/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB78FBDB-ADD0-4E4C-A1C4-729E528ADC8F}: NameServer = 93.188.163.214,93.188.166.27
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.214,93.188.166.27
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.214,93.188.166.27
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.214,93.188.166.27
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter hijack: text/html - {ce7f7176-bfab-45be-bc71-b1828a93c3c2} - (no file)
O20 - Winlogon Notify: awtstur - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Unknown owner - C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: Google Update Service (gupdate1c95ff64fbe87d0) (gupdate1c95ff64fbe87d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: RosettaStoneDaemon - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
--
End of file - 16960 bytes
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
( They can also be found in the C:\RSIT folder )
GMER Rootkit Detector
Please download GMER Rootkit Scanner from Here (http://www.gmer.net/gmer.zip) or Here (http://majorgeeks.com/downloadget.php?id=5198&file=15&evp=3f18075291813a665b2a25536a70b307)
***Please close any open programs ***
Extract the contents of the zip file to your desktop.
Disable your onboard Anti Virus and any other Active protection programs you have installed.
Double-click gmer.exe. The program will begin to run.
Note:- If GMER doesn't run, please Reboot and then rename gmer.exe to Look.exe and try again
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO,
Now use the following settings for a more complete scan..
http://i51.photobucket.com/albums/f387/Katana_1970/th_Gmer_initScan-1.gif (http://i51.photobucket.com/albums/f387/Katana_1970/Gmer_initScanfull.gif)
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !
Please post the results from the GMER scan in your reply.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Mom at 2010-02-18 16:20:57
Microsoft Windows XP Professional Service Pack 3
System drive C: has 412 GB (87%) free of 472 GB
Total RAM: 3070 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:21:49 PM, on 2/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mom\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mom.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://batonrouge.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17599003-a66e-4467-8891-1d57c3e43fcd} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Epson Stylus NX510(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIA.EXE /FU "C:\WINDOWS\TEMP\E_S147.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [F5JMWNZTHI] C:\DOCUME~1\Mom\LOCALS~1\Temp\Spj.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://my.att.net
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.nascar.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/59.10/uploader2.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/52.09/uploader2.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205631147421
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5488/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB78FBDB-ADD0-4E4C-A1C4-729E528ADC8F}: NameServer = 93.188.163.214,93.188.166.27
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.214,93.188.166.27
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.214,93.188.166.27
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.214,93.188.166.27
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter hijack: text/html - {ce7f7176-bfab-45be-bc71-b1828a93c3c2} - (no file)
O20 - Winlogon Notify: awtstur - C:\WINDOWS\
O23 - Service: McAfee Application Installer Cleanup (0037221266467902) (0037221266467902mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\003722~1.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Unknown owner - C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: Google Update Service (gupdate1c95ff64fbe87d0) (gupdate1c95ff64fbe87d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: RosettaStoneDaemon - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
--
End of file - 17307 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17599003-a66e-4467-8891-1d57c3e43fcd}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
Zynga Toolbar - C:\Program Files\Zynga\tbZyn1.dll [2010-02-11 2349592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2010-01-16 761840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]
{7b13ec3e-999a-4b70-b9cb-2617b8323822} - Zynga Toolbar - C:\Program Files\Zynga\tbZyn1.dll [2010-02-11 2349592]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-03-23 339968]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-07-07 1176808]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-10-06 5058560]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-12-12 642856]
"EEventManager"=C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [2009-01-12 669520]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"McPvTray"=C:\Program Files\McAfee\Anti-Theft\McPvTray.exe [2009-11-17 670312]
"WD Drive Manager"=C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-01-30 438272]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-13 169984]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"Epson Stylus NX510(Network)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIA.EXE [2008-11-19 199680]
"F5JMWNZTHI"=C:\DOCUME~1\Mom\LOCALS~1\Temp\Spj.exe []
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-09-26 2356088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2010-02-02 160752]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe [2008-12-12 9555968]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2009-04-30 214536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-11 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-04-30 198160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
C:\PROGRA~1\BRODER~1\MAVISB~1\MINIMA~1.EXE [2002-08-30 2392064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
C:\PROGRA~1\Yahoo!\YAHOO!~1\ymetray.exe [2008-02-05 54512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mom^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
C:\Documents and Settings\Mom\Application Data\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe --silent []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtstur]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"EnableLUA"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype"
"C:\Program Files\Yahoo! Games\Insaniquarium Deluxe\InsaniquariumDeluxe.exe"="C:\Program Files\Yahoo! Games\Insaniquarium Deluxe\InsaniquariumDeluxe.exe:*:Disabled:Insaniquarium"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\ttax.exe:LocalSubNet:Disabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Disabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\updatemgr.exe:LocalSubNet:Disabled:TurboTax Update Manager"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Disabled:TurboTax Update Manager"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager.exe"
"C:\Program Files\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe"="C:\Program Files\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe:*:Enabled:EpsonNet Setup"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be970975-d2b3-11dd-9ef3-001372b183b4}]
shell\AutoRun\command - I:\Setup_FlipShare.exe
shell\Setup FlipShare\command - I:\Setup_FlipShare.exe
======File associations======
.scr - open - "" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2010-02-18 16:20:57 ----D---- C:\rsit
2010-02-17 22:38:00 ----D---- C:\WINDOWS\LastGood
2010-02-12 21:13:45 ----D---- C:\Program Files\SpywareBlaster
2010-02-12 17:00:04 ----D---- C:\Documents and Settings\Mom\Application Data\Facebook
2010-02-11 19:18:00 ----D---- C:\Program Files\ERUNT
2010-02-11 17:17:19 ----D---- C:\Program Files\Flip Video
2010-02-11 17:17:18 ----D---- C:\Documents and Settings\All Users\Application Data\Flip Video
2010-02-10 03:05:17 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 03:05:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 03:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 03:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 03:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 03:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 03:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 03:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-01-30 13:53:08 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-01-24 14:05:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$
2010-01-24 13:42:45 ----D---- C:\Program Files\Common Files\eSellerate
2010-01-24 13:40:03 ----D---- C:\Program Files\Western Digital Technologies
======List of files/folders modified in the last 1 months======
2010-02-18 16:21:32 ----D---- C:\WINDOWS\Temp
2010-02-18 16:21:01 ----D---- C:\WINDOWS\Prefetch
2010-02-18 12:39:10 ----SD---- C:\WINDOWS\Tasks
2010-02-18 11:51:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-17 22:38:42 ----HD---- C:\WINDOWS\inf
2010-02-17 22:38:40 ----D---- C:\WINDOWS\system32\drivers
2010-02-17 22:38:00 ----D---- C:\WINDOWS
2010-02-17 22:37:59 ----D---- C:\Program Files\McAfee
2010-02-13 10:29:35 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-02-12 21:13:45 ----D---- C:\WINDOWS\system32
2010-02-12 21:13:45 ----D---- C:\Program Files
2010-02-12 13:33:07 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-11 19:18:33 ----D---- C:\WINDOWS\erdnt
2010-02-11 19:12:26 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-11 19:12:20 ----RASH---- C:\boot.ini
2010-02-11 19:12:20 ----A---- C:\WINDOWS\win.ini
2010-02-11 19:12:20 ----A---- C:\WINDOWS\system.ini
2010-02-11 19:12:07 ----D---- C:\WINDOWS\Registration
2010-02-11 17:35:56 ----D---- C:\WINDOWS\network diagnostic
2010-02-11 17:17:35 ----SHD---- C:\WINDOWS\Installer
2010-02-11 17:17:34 ----HD---- C:\Config.Msi
2010-02-11 17:16:39 ----D---- C:\Program Files\Pure Digital Technologies
2010-02-11 08:06:04 ----D---- C:\Program Files\Zynga
2010-02-10 03:05:16 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 03:05:14 ----A---- C:\WINDOWS\imsins.BAK
2010-02-10 03:05:11 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-07 17:24:53 ----D---- C:\Program Files\quicken
2010-02-07 10:55:36 ----D---- C:\Program Files\Google
2010-02-02 00:55:46 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2010-02-01 13:26:20 ----AC---- C:\WINDOWS\system32\MRT.exe
2010-01-30 16:14:13 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-30 14:01:00 ----D---- C:\WINDOWS\security
2010-01-30 13:52:00 ----D---- C:\WINDOWS\pss
2010-01-24 13:42:45 ----D---- C:\Program Files\Common Files
2010-01-24 13:39:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-24 13:39:29 ----D---- C:\Program Files\Western Digital
2010-01-23 03:01:21 ----D---- C:\WINDOWS\system32\en-US
2010-01-23 03:01:21 ----D---- C:\Program Files\Internet Explorer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R2 CX23880;Video Advantage PCI; C:\WINDOWS\system32\drivers\cx88vid.sys [2004-05-17 185216]
R2 CX88XBAR;Video Advantage PCI Crossbar; C:\WINDOWS\system32\drivers\CX88XBAR.sys [2004-05-17 9216]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 LxrJD31d;LxrJD31d; \??\C:\WINDOWS\system32\Drivers\LxrJD31d.sys []
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-12-12 23984]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-12-12 25264]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-11 138752]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2005-05-25 158464]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-11 106496]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 sigfilt;sigfilt; C:\WINDOWS\system32\drivers\sigfilt.sys [2005-03-25 1350272]
R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-06-06 180736]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S1 w810mdmm;w810mdmm; C:\WINDOWS\System32\drivers\w810mdmm.sys []
S2 ATIBTCAP;ATI TV Wonder Video Capture; C:\WINDOWS\system32\drivers\atibtcap.sys [2002-11-04 58240]
S2 ATIBTXBAR;ATI TV Wonder Video Crossbar; C:\WINDOWS\system32\drivers\atibtxbr.sys [2002-11-04 6912]
S2 ATIVTUTW;ATI TV Wonder TV Tuner; C:\WINDOWS\system32\drivers\ativtutw.sys [2002-11-04 17664]
S2 ATIVXSTW;ATI TV Wonder Audio Crossbar; C:\WINDOWS\system32\drivers\ativxstw.sys [2002-11-04 28416]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2007-10-01 11520]
S3 WinDriver6;Alohabob USB Bridge Cable Driver; C:\WINDOWS\system32\drivers\windrvr6.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE [2007-12-16 143872]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-10 113664]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe [2006-12-19 94208]
R2 FlipShare Service;FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [2009-11-19 455944]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LinksysUpdater;Linksys Updater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 LxrJD31s;Lexar JD31; C:\WINDOWS\system32\LxrJD31s.exe [2006-10-29 71168]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-12-12 642856]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 RosettaStoneDaemon;RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2009-09-03 444224]
R2 StatusAgent4;Epson Printer Status Agent4; C:\WINDOWS\system32\SAgent4.exe [2006-12-19 131072]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-01-30 106496]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 53248]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S2 0037221266467902mcinstcleanup;McAfee Application Installer Cleanup (0037221266467902); C:\WINDOWS\TEMP\003722~1.EXE [2010-01-11 822048]
S2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate1c95ff64fbe87d0;Google Update Service (gupdate1c95ff64fbe87d0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-02 194032]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2006-03-16 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 AutoSyncService;Memeo AutoSync ; C:\Program Files\Memeo\AutoSync\MemeoService.exe [2007-07-06 31768]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2010-02-18 16:21:55
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Yahoo!\Yahoo! Music Jukebox\oggcodecs\uninst.exe
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{028EC2AF-F501-4567-9CEA-140030DE8544}\setup.exe" -l0x9 -u
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2580F4DA-324F-4945-B16F-B2B867325085}\setup.exe" -l0x9 -u
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
3ivx MPEG-4 5.0.3 (remove only)-->"C:\Program Files\3ivx\3ivx MPEG-4 5.0.3\uninstaller.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 6.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Alchemy-->"C:\Program Files\MSN Games\Alchemy\Uninstall.exe" "C:\Program Files\MSN Games\Alchemy\install.log"
Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft ShowBiz-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B505E6ED-A851-4698-8A69-544C4DE0261E}\setup.exe" -l0x9 -uninst
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avery Wizard 3.1-->MsiExec.exe /I{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}
Bejeweled 2 Deluxe 1.1-->C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BroadJump Client Foundation-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Cake Mania 2 (remove only)-->"C:\Program Files\Yahoo! Games\Cake Mania 2\Uninstall.exe"
Cake Mania 3 (remove only)-->"C:\Program Files\Yahoo! Games\Cake Mania 3\Uninstall.exe"
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Digital Photo Professional 3.0-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities Original Data Security Tools-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\Original Data Security Tools\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities WFT-E1/E2 Utility-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\WFT Utility\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant Video Capture Driver-->C:\WINDOWS\DrvSetup.exe /u
Cooking Academy (remove only)-->C:\Program Files\Yahoo! Games\Cooking Academy\uninstall.exe
Cooking Academy 2 (remove only)-->"C:\Program Files\Yahoo! Games\Cooking Academy 2\Uninstall.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CutePDF Writer 2.6-->C:\WINDOWS\system32\uninscpw.exe C:\Program Files\
DAO-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{438D221C-5B5B-4E4B-B7BD-A86512E5B6C1}
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Diner Dash 2 (remove only)-->"C:\Program Files\Yahoo! Games\Diner Dash 2\Uninstall.exe"
DWG TrueView 2007-->MsiExec.exe /I{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
Epson Event Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\Setup.exe" -l0x9 -u
EPSON NX510 Series Printer Uninstall-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSFIA.EXE /R /APD /P:"EPSON NX510 Series"
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EpsonNet Print-->C:\Program Files\InstallShield Installation Information\{3E31400D-274E-4647-916C-2CACC3741799}\ENPSETUP.exe -runfromtemp -l0x0009 -EPSON -removeonly
EpsonNet Setup-->"C:\Program Files\InstallShield Installation Information\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}\Setup.exe" -runfromtemp -l0x0009 -removeonly
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
exPressit S.E. 2.2-->"C:\Program Files\exPressit S.E. 2.2\UninstallerData\Uninstall exPressit S.E. 2.2.exe"
Family Tree Maker 2010-->"C:\Program Files\InstallShield Installation Information\{89EAD745-088B-4160-B964-42C4D4D273AD}\setup.exe" -runfromtemp -l0x0409 -removeonly
Family Tree Maker 2010-->MsiExec.exe /X{89EAD745-088B-4160-B964-42C4D4D273AD}
Family Tree Maker 8.0-->C:\WINDOWS\IsUninst.exe -fC:\FTW\Uninst.isu
Family Tree Maker-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88200B70-8473-11D6-A964-00B0D0119A5C}\SETUP.EXE" -l0x9
FlipShare-->MsiExec.exe /X{F7F23DFB-31E1-B7EC-7A6D-7668B595ADAE}
Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.0.249.89\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466}
Google SketchUp 7-->MsiExec.exe /I{BEF106F8-2689-4530-925A-E1117836E8CD}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hemera Products-->C:\PROGRA~1\HEMERA~1\UNWISE.EXE C:\PROGRA~1\HEMERA~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet All-In-One Software 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\{706BB40A-4102-4c89-8107-DC68C4EBD19B}\setup\hpzscr01.exe -datfile hposcr14.dat
HP Driver Diagnostics-->MsiExec.exe /X{624D19C3-D55D-4368-BC10-9B53036D8358}
HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photo and Imaging 1.0 - Scanjet 3500c Series-->MsiExec.exe /I{B8E952E3-A823-443A-8493-39A0CCE0E3EB}
HP Photosmart Essential 2.01-->C:\Program Files\Hewlett-Packard\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
Intel® Create & Share® Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9496E9E4-F20A-11D4-8EAA-00062973342B}\setup.exe" -l0009 maintflag
iPod for Windows 2005-02-07-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{78B50D1D-642C-4B89-BCC7-352EAE3614D7} /l1033
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
JD Secure 3.1-->C:\WINDOWS\System32\JDSecure31.exe /u
Linksys EasyLink Advisor-->"C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Linksys EasyLink Advisor-->C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}\setup.exe
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Mavis Beacon Teaches Typing 15-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1F2EF0E-1EE5-4F0B-8A31-EE875EBD3F01}\SETUP.EXE" -l0x9
McAfee Anti-Theft-->MsiExec.exe /I{624880EA-7610-47B6-B4A6-40DD83DB1AB4}
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee Uninstaller-->C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
McAfee Virtual Technician-->MsiExec.exe /I{49FA793C-785E-47E9-93DF-BD442B0B45D1}
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WSE 3.0-->MsiExec.exe /I{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{00173640-AA6F-11D4-B229-002078017FBF}\SETUP.EXE" -uninst
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
My Tribe (remove only)-->"C:\Program Files\Yahoo! Games\My Tribe\Uninstall.exe"
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PowerDirector-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
PowerProducer Express-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Quicken 2009-->MsiExec.exe /X{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rosetta Stone Ltd Services-->MsiExec.exe /X{326057C5-6185-4C85-A630-9C2FC2DB3F93}
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe"
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Advanced Decoder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46C73DE4-E96D-4F7C-8371-F28052183B12}\setup.exe" -l0x9
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SpongeBob Diner Dash (remove only)-->"C:\Program Files\Yahoo! Games\SpongeBob Diner Dash\Uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
TomTom HOME-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TurboTax Deluxe 2003-->C:\Program Files\TurboTax\Deluxe 2003\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2003\Uninstall.log" -NoGui
TurboTax Deluxe 2004-->C:\Program Files\TurboTax\Deluxe 2004\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2004\Uninstall.log" -NoGui
TurboTax Deluxe 2005-->C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
U.B. Funkeys-->C:\Program Files\U.B. Funkeys\uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
VideoAdvantage-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F619B62-0F6D-4747-B778-D7E965994041}\Setup.exe" -l0x9 -removeonly
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual Earth 3D (Beta)-->MsiExec.exe /I{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}
Virtual Villagers - The Secret City (remove only)-->"C:\Program Files\Yahoo! Games\Virtual Villagers - The Secret City\Uninstall.exe"
Virtual Villagers (remove only)-->"C:\Program Files\Yahoo! Games\Virtual Villagers\Uninstall.exe"
Virtual Villagers 2 - The Lost Children (remove only)-->"C:\Program Files\Yahoo! Games\Virtual Villagers 2 - The Lost Children\Uninstall.exe"
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WD Drive Manager (x86)-->MsiExec.exe /X{51B833D8-66B0-4E72-92B9-4E4977EF37F2}
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray-->"C:\WINDOWS\$NtUninstallKB952011$\spuninst\spuninst.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Mobile® Device Handbook-->C:\Program Files\Windows Mobile Device Handbook\Windows Mobile Device Handbook\Bin\DHUninstall.exe
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Music Jukebox-->MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}
Zynga Toolbar-->C:\PROGRA~1\Zynga\UNWISE.EXE /U C:\PROGRA~1\Zynga\INSTALL.LOG
=====HijackThis Backups=====
O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\COMMON~1\YSTEM~1\dvdplay.exe" -vt ndrv [2008-03-16]
O4 - HKLM\..\Run: [705760a3] rundll32.exe "C:\WINDOWS\system32\kwlleyow.dll",b [2008-03-16]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://real.gamehouse.com/games/bejeweled2/popcaploader.cab [2008-03-16]
O2 - BHO: (no name) - {17599003-a66e-4467-8891-1d57c3e43fcd} - C:\WINDOWS\system32\cltxqig.dll (file missing) [2008-03-16]
O4 - HKCU\..\Run: [Qsdin] "C:\Documents and Settings\Mom\Application Data\??sembly\w?crtupd.exe" [2008-03-16]
O20 - Winlogon Notify: awtstur - awtstur.dll (file missing) [2008-03-16]
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-03-16]
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: McAfee VirusScan
FW: McAfee Personal Firewall
======System event log======
Computer Name: KATHY
Event Code: 7000
Message: The ATI TV Wonder TV Tuner service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 62775
Source Name: Service Control Manager
Time Written: 20091224213557.000000-360
Event Type: error
User:
Computer Name: KATHY
Event Code: 7000
Message: The ATI TV Wonder Video Crossbar service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 62774
Source Name: Service Control Manager
Time Written: 20091224213557.000000-360
Event Type: error
User:
Computer Name: KATHY
Event Code: 7000
Message: The ATI TV Wonder Video Capture service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 62773
Source Name: Service Control Manager
Time Written: 20091224213557.000000-360
Event Type: error
User:
Computer Name: KATHY
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409
Scan ID: {A761C688-A910-43D1-8168-981C63B75135}
User: KATHY\Mom
Name: Unknown
ID:
Severity: Not Yet Classified
Category: Not Yet Classified
Path Found: driver:McPvDrv;file:C:\WINDOWS\system32\drivers\McPvDrv.sys
Alert Type: Unclassified software
Detection Type:
Record Number: 62765
Source Name: WinDefend
Time Written: 20091224213301.000000-360
Event Type: warning
User:
Computer Name: KATHY
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Record Number: 62741
Source Name: W32Time
Time Written: 20091224055830.000000-360
Event Type: warning
User:
=====Application event log=====
Computer Name: KATHY
Event Code: 1041
Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
Record Number: 42465
Source Name: Userenv
Time Written: 20100114191729.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: KATHY
Event Code: 1041
Message: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
Record Number: 42464
Source Name: Userenv
Time Written: 20100114180033.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: KATHY
Event Code: 1041
Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
Record Number: 42463
Source Name: Userenv
Time Written: 20100114180033.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: KATHY
Event Code: 1041
Message: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
Record Number: 42462
Source Name: Userenv
Time Written: 20100114173130.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: KATHY
Event Code: 1041
Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
Record Number: 42461
Source Name: Userenv
Time Written: 20100114173130.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Autodesk\DWG TrueView;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
I had to leave for class before it finished. will post when i return.
When i got back, the screen was off. I rebooted and got 2 wondows popped up. One said windows recovered from a serious errorand and said:
Error signature:
BCCode : 4e BCP1 : 00000007 BCP2 : 00033B25 BCP3 : 00000001
BCP4 : 00000000 OSVer : 5_1_2600 SP : 3_0 Product : 256_1
I clicked on details and this popped up:
The following files will be included in the report
C:\DOCUME~1\Mom\LOCALS~1\Temp\WER5bad.dir00\Mini021810-01.dmp
C:\DOCUME~1\Mom\LOCALS~1\Temp\WER5bad.dir00\sysdata.xml
The other window said:
windows cannot find '::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{AF6FB31C-95D0-4A0E-8AFE-099969D8B689}'. mAKE SURE YOU TYPED THE NAME CORRECTLY, AND THEN TRY AGAIN, tO SEARCH FOR A FILE, CLICK THE START BUTTON, AND THEN CLICK SEARCH.
I tried it again and got black screen. Shut down and restarted and black screen again. Powered all the way down and rebooted. Safe mode screen came up, but started in normal mode.
I will wait for further instructions before I proceed.
Your log shows Symantec/Norton entries, but you don't seem to have these products installed ?
----------------------------------------------------------------------------------------
Step 1
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------------------------------------------------------------------------------------
Step 2
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
MalwareBytes Log
Combofix Log
How are things running now ?
---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
Additional Notes
Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended
There is a newer version of Adobe Acrobat Reader available.
Please go to this link Adobe Acrobat Reader Download Link (http://www.adobe.com/products/acrobat/readstep2.html)
Click Download
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts
I don't have the symantec installed - they were uninstalled a long time ago. I don't know where to find these to clean them out.
I ran malwarebytes anti-malware and the log is below. I followed the instructions for combofix, but when I went to run it, a small grey box with green bars came up and then nothing happened - even after 10 minutes. What the instructions said would happen did not - the c-prompt that was supposed to say "please wait, combofix is preparing to run" did not show. I had to kill power and reboot.
As of now, the redirecting is still happening after malwarebytes cleaned out a few things.
Here is the log from malwarebytes. Please let me know what to do with combofix..
Malwarebytes' Anti-Malware 1.44
Database version: 3768
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
2/20/2010 8:09:45 PM
mbam-log-2010-02-20 (20-09-45).txt
Scan type: Full Scan (C:\|)
Objects scanned: 280346
Time elapsed: 41 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 3
Registry Data Items Infected: 4
Folders Infected: 5
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9383002-fc55-4330-b9c9-67e03bc5c840} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{e9383002-fc55-4330-b9c9-67e03bc5c840} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\downloader.downloaderctrl.1 (Adware.2020search) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f5jmwnzthi (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.214,93.188.166.27 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fb78fbdb-add0-4e4c-a1c4-729e528adc8f}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.214,93.188.166.27 -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\system32\dr6 (Adware.Rabio) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ech5 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lows8 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sbc2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\typ2 (Trojan.Downloader) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\BM7364533f.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
Run ComboFix using these instructions:
Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.
"%userprofile%\desktop\combofix.exe" /killall
When finished, it shall produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
I pasted the text in the run box. Combofix launched and again showed the box I described earlier. The box is grey, 1/2"x2", combofix is written at the top. When it opens, the green bars move across to the end, and then nothing happens.
After a while, I try to see if I can do anything on the computer, and it does not respond. I have to power down and reboot.
I have disabled teatimer, windows defender, mcafee firewall, mcafee antivirus, mcafee spyware, and spywareblaster.
Should I run some other program so you can see if anything else might be affecting combofix?
Thank you for your help.
I don't see where my last reply posted, so I will post again.
Still have the same issue. When I pasted in the run box, combofix launched and showed the same box. Grey, 1/2"x2", combofix written at the top, green bars progressed from left to right and then nothing.
After a while, I tried to get a response with task manager, and no response. It was as if it locked up. I powered down, rebooted to get back up.
I have disabled mcafee avtivirus, mcafee spyware, mcafee firewall, windows defender, tea timer, apywareblaster.
Also, last night, I deleted combofix and downloaded from thesecond choice, still the same response.
What next?
Thanks for your help.
Let's see if we can find out what is blocking Combofix ....
Rooter
Download Rooter.exe (http://forums.whatthetech.com/redirect.php?url=http%3A%2F%2Feric.71.mespages.googlepages.com%2FRooter.exe) to your desktop.
Double-click it to start the tool.
A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt.
Post the contents of Rooter.txt in your next reply, along with a fresh RSIT log
rooter log:
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 4 Stepping 3, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 7.0.5730.11
.
C:\ [Fixed-NTFS] .. ( Total:461 Go - Free:402 Go )
D:\ [CD_Rom]
E:\ [Removable]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
.
Scan : 21:29.34
Path : C:\Documents and Settings\Mom\Desktop\Rooter.exe
User : Mom ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (632)
______ \??\C:\WINDOWS\system32\csrss.exe (680)
______ \??\C:\WINDOWS\system32\winlogon.exe (708)
______ C:\WINDOWS\system32\services.exe (752)
______ C:\WINDOWS\system32\lsass.exe (764)
______ C:\WINDOWS\system32\Ati2evxx.exe (984)
______ C:\WINDOWS\system32\svchost.exe (1000)
______ C:\WINDOWS\system32\svchost.exe (1104)
______ C:\Program Files\Windows Defender\MsMpEng.exe (1236)
______ C:\WINDOWS\System32\svchost.exe (1276)
______ C:\WINDOWS\system32\svchost.exe (1340)
______ C:\WINDOWS\system32\svchost.exe (1560)
______ C:\WINDOWS\system32\spoolsv.exe (1692)
______ C:\WINDOWS\system32\svchost.exe (1836)
______ C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe (1876)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (2028)
______ C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (120)
______ C:\Program Files\Bonjour\mDNSResponder.exe (156)
______ C:\WINDOWS\eHome\ehRecvr.exe (168)
______ C:\WINDOWS\eHome\ehSched.exe (376)
______ C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (388)
______ C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (440)
______ C:\Program Files\Flip Video\FlipShare\FlipShareService.exe (464)
______ C:\WINDOWS\system32\svchost.exe (656)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1028)
______ C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe (1212)
______ C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (1428)
______ C:\WINDOWS\system32\LxrJD31s.exe (1508)
______ C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (1756)
______ C:\WINDOWS\system32\java.exe (1768)
______ C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (908)
______ c:\program files\common files\mcafee\mna\mcnasvc.exe (2060)
______ c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (2200)
______ C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (2256)
______ C:\Program Files\McAfee\MPF\MPFSrv.exe (2364)
______ C:\Program Files\McAfee\MSK\MskSrver.exe (2420)
______ C:\WINDOWS\System32\svchost.exe (2476)
______ C:\WINDOWS\System32\svchost.exe (2516)
______ C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (2600)
______ C:\WINDOWS\system32\svchost.exe (2688)
______ C:\WINDOWS\system32\SAgent4.exe (2768)
______ C:\WINDOWS\system32\svchost.exe (2796)
______ C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (2876)
______ C:\WINDOWS\system32\MsPMSPSv.exe (3020)
______ C:\WINDOWS\ehome\mcrdsvc.exe (3076)
______ C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (3336)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (3924)
______ C:\Program Files\Canon\CAL\CALMAIN.exe (3980)
______ C:\WINDOWS\system32\dllhost.exe (3220)
______ C:\WINDOWS\system32\wbem\unsecapp.exe (3256)
______ C:\WINDOWS\System32\alg.exe (3764)
______ C:\WINDOWS\System32\svchost.exe (2856)
______ C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (4032)
______ c:\PROGRA~1\mcafee.com\agent\mcagent.exe (3184)
______ C:\WINDOWS\Explorer.EXE (4056)
______ C:\WINDOWS\stsystra.exe (1524)
______ C:\WINDOWS\ehome\ehtray.exe (476)
______ C:\Program Files\Dell\Media Experience\DMXLauncher.exe (3604)
______ C:\WINDOWS\System32\DLA\DLACTRLW.EXE (3152)
______ C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (2780)
______ C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe (3204)
______ C:\Program Files\Java\jre6\bin\jusched.exe (3728)
______ C:\WINDOWS\eHome\ehmsas.exe (3896)
______ C:\Program Files\Microsoft ActiveSync\wcescomm.exe (264)
______ C:\PROGRA~1\MI3AA1~1\rapimgr.exe (3916)
______ C:\Program Files\Internet Explorer\iexplore.exe (256)
______ C:\WINDOWS\system32\wscntfy.exe (4516)
______ C:\Documents and Settings\Mom\Desktop\Rooter.exe (5648)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:57544704)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:57576960 | Length:495063152640)
\Device\Harddisk0\Partition3 (Start_Offset:495120729600 | Length:4984519680)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\Google Software Updater.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\McDefragTask.job
C:\WINDOWS\Tasks\McQcTask.job
C:\WINDOWS\Tasks\MP Scheduled Scan.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 21:30.01
.
C:\Rooter$\Rooter_1.txt - (21/02/2010 | 21:30.01)
RSIT log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Mom at 2010-02-21 21:31:05
Microsoft Windows XP Professional Service Pack 3
System drive C: has 412 GB (87%) free of 472 GB
Total RAM: 3070 MB (79% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:30 PM, on 2/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\java.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Mom\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mom.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://batonrouge.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17599003-a66e-4467-8891-1d57c3e43fcd} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Epson Stylus NX510(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIA.EXE /FU "C:\WINDOWS\TEMP\E_S147.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://my.att.net
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.nascar.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/59.10/uploader2.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/52.09/uploader2.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205631147421
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5488/mcfscan.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter hijack: text/html - {ce7f7176-bfab-45be-bc71-b1828a93c3c2} - (no file)
O20 - Winlogon Notify: awtstur - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Unknown owner - C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: Google Update Service (gupdate1c95ff64fbe87d0) (gupdate1c95ff64fbe87d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: RosettaStoneDaemon - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
--
End of file - 16023 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-21 61888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17599003-a66e-4467-8891-1d57c3e43fcd}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
Zynga Toolbar - C:\Program Files\Zynga\tbZyn1.dll [2010-02-11 2349592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2010-01-16 761840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]
{7b13ec3e-999a-4b70-b9cb-2617b8323822} - Zynga Toolbar - C:\Program Files\Zynga\tbZyn1.dll [2010-02-11 2349592]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-03-23 339968]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-07-07 1176808]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-10-06 5058560]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-12-12 642856]
"EEventManager"=C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [2009-01-12 669520]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"Epson Stylus NX510(Network)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIA.EXE [2008-11-19 199680]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2010-02-02 160752]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McPvTray]
C:\Program Files\McAfee\Anti-Theft\McPvTray.exe [2009-11-17 670312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe [2008-12-12 9555968]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2009-04-30 214536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-11 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-04-30 198160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager]
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-01-30 438272]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
C:\PROGRA~1\BRODER~1\MAVISB~1\MINIMA~1.EXE [2002-08-30 2392064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
C:\PROGRA~1\Yahoo!\YAHOO!~1\ymetray.exe [2008-02-05 54512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mom^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
C:\Documents and Settings\Mom\Application Data\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe --silent []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtstur]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"EnableLUA"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype"
"C:\Program Files\Yahoo! Games\Insaniquarium Deluxe\InsaniquariumDeluxe.exe"="C:\Program Files\Yahoo! Games\Insaniquarium Deluxe\InsaniquariumDeluxe.exe:*:Disabled:Insaniquarium"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\ttax.exe:LocalSubNet:Disabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Disabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\updatemgr.exe:LocalSubNet:Disabled:TurboTax Update Manager"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Disabled:TurboTax Update Manager"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager.exe"
"C:\Program Files\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe"="C:\Program Files\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe:*:Enabled:EpsonNet Setup"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"="C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be970975-d2b3-11dd-9ef3-001372b183b4}]
shell\AutoRun\command - I:\Setup_FlipShare.exe
shell\Setup FlipShare\command - I:\Setup_FlipShare.exe
======File associations======
.scr - open - "" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2010-02-21 21:30:01 ----D---- C:\Rooter$
2010-02-21 09:23:46 ----D---- C:\32788R22FWJFW
2010-02-20 21:01:11 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-02-20 20:59:09 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-02-20 19:09:24 ----D---- C:\Documents and Settings\Mom\Application Data\Malwarebytes
2010-02-20 19:09:17 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-20 19:09:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-18 21:57:20 ----D---- C:\WINDOWS\Minidump
2010-02-18 16:20:57 ----D---- C:\rsit
2010-02-12 21:13:45 ----D---- C:\Program Files\SpywareBlaster
2010-02-12 17:00:04 ----D---- C:\Documents and Settings\Mom\Application Data\Facebook
2010-02-11 19:18:00 ----D---- C:\Program Files\ERUNT
2010-02-11 17:17:19 ----D---- C:\Program Files\Flip Video
2010-02-11 17:17:18 ----D---- C:\Documents and Settings\All Users\Application Data\Flip Video
2010-02-10 03:05:17 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 03:05:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 03:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 03:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 03:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 03:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 03:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 03:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-01-30 13:53:08 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-01-24 14:05:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$
2010-01-24 13:42:45 ----D---- C:\Program Files\Common Files\eSellerate
2010-01-24 13:40:03 ----D---- C:\Program Files\Western Digital Technologies
======List of files/folders modified in the last 1 months======
2010-02-21 21:31:20 ----D---- C:\WINDOWS\Temp
2010-02-21 21:30:54 ----D---- C:\WINDOWS\Prefetch
2010-02-21 21:29:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-02-21 20:33:34 ----D---- C:\Program Files\quicken
2010-02-21 18:51:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-21 13:07:12 ----D---- C:\WINDOWS
2010-02-21 12:57:38 ----SD---- C:\WINDOWS\Tasks
2010-02-21 12:55:02 ----D---- C:\WINDOWS\Registration
2010-02-21 10:40:23 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-21 10:40:17 ----RASH---- C:\boot.ini
2010-02-21 10:40:17 ----A---- C:\WINDOWS\win.ini
2010-02-21 10:40:17 ----A---- C:\WINDOWS\system.ini
2010-02-21 09:06:48 ----D---- C:\Program Files
2010-02-21 09:05:43 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-20 21:04:11 ----SHD---- C:\WINDOWS\Installer
2010-02-20 21:04:09 ----HD---- C:\Config.Msi
2010-02-20 21:04:09 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-02-20 21:03:38 ----D---- C:\Program Files\Common Files\Adobe
2010-02-20 21:03:28 ----D---- C:\Program Files\Adobe
2010-02-20 21:03:15 ----D---- C:\WINDOWS\WinSxS
2010-02-20 21:01:47 ----D---- C:\WINDOWS\system32
2010-02-20 21:01:13 ----D---- C:\Documents and Settings\Mom\Application Data\Adobe
2010-02-20 21:01:11 ----D---- C:\Program Files\Common Files
2010-02-20 20:11:32 ----D---- C:\WINDOWS\system32\drivers
2010-02-20 07:57:58 ----A---- C:\WINDOWS\DUMP6021.tmp
2010-02-18 21:57:32 ----D---- C:\Program Files\McAfee
2010-02-17 22:38:42 ----HD---- C:\WINDOWS\inf
2010-02-11 19:18:33 ----D---- C:\WINDOWS\erdnt
2010-02-11 17:35:56 ----D---- C:\WINDOWS\network diagnostic
2010-02-11 17:16:39 ----D---- C:\Program Files\Pure Digital Technologies
2010-02-11 08:06:04 ----D---- C:\Program Files\Zynga
2010-02-10 03:05:16 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 03:05:14 ----A---- C:\WINDOWS\imsins.BAK
2010-02-10 03:05:11 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-07 10:55:36 ----D---- C:\Program Files\Google
2010-02-02 00:55:46 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2010-02-01 13:26:20 ----AC---- C:\WINDOWS\system32\MRT.exe
2010-01-30 16:14:13 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-30 14:01:00 ----D---- C:\WINDOWS\security
2010-01-30 13:52:00 ----D---- C:\WINDOWS\pss
2010-01-24 13:39:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-24 13:39:29 ----D---- C:\Program Files\Western Digital
2010-01-23 03:01:21 ----D---- C:\WINDOWS\system32\en-US
2010-01-23 03:01:21 ----D---- C:\Program Files\Internet Explorer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R2 CX23880;Video Advantage PCI; C:\WINDOWS\system32\drivers\cx88vid.sys [2004-05-17 185216]
R2 CX88XBAR;Video Advantage PCI Crossbar; C:\WINDOWS\system32\drivers\CX88XBAR.sys [2004-05-17 9216]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 LxrJD31d;LxrJD31d; \??\C:\WINDOWS\system32\Drivers\LxrJD31d.sys []
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-12-12 23984]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-12-12 25264]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-11 138752]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2005-05-25 158464]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-11 106496]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 sigfilt;sigfilt; C:\WINDOWS\system32\drivers\sigfilt.sys [2005-03-25 1350272]
R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-06-06 180736]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S1 w810mdmm;w810mdmm; C:\WINDOWS\System32\drivers\w810mdmm.sys []
S2 ATIBTCAP;ATI TV Wonder Video Capture; C:\WINDOWS\system32\drivers\atibtcap.sys [2002-11-04 58240]
S2 ATIBTXBAR;ATI TV Wonder Video Crossbar; C:\WINDOWS\system32\drivers\atibtxbr.sys [2002-11-04 6912]
S2 ATIVTUTW;ATI TV Wonder TV Tuner; C:\WINDOWS\system32\drivers\ativtutw.sys [2002-11-04 17664]
S2 ATIVXSTW;ATI TV Wonder Audio Crossbar; C:\WINDOWS\system32\drivers\ativxstw.sys [2002-11-04 28416]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2007-10-01 11520]
S3 WinDriver6;Alohabob USB Bridge Cable Driver; C:\WINDOWS\system32\drivers\windrvr6.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE [2007-12-16 143872]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-10 113664]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe [2006-12-19 94208]
R2 FlipShare Service;FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [2009-11-19 455944]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LinksysUpdater;Linksys Updater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 LxrJD31s;Lexar JD31; C:\WINDOWS\system32\LxrJD31s.exe [2006-10-29 71168]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-12-12 642856]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 RosettaStoneDaemon;RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2009-09-03 444224]
R2 StatusAgent4;Epson Printer Status Agent4; C:\WINDOWS\system32\SAgent4.exe [2006-12-19 131072]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-01-30 106496]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 53248]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate1c95ff64fbe87d0;Google Update Service (gupdate1c95ff64fbe87d0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-02 194032]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2006-03-16 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 AutoSyncService;Memeo AutoSync ; C:\Program Files\Memeo\AutoSync\MemeoService.exe [2007-07-06 31768]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Katana - just a reminder that I an patiently waiting on further direction. Thank you.
I do apologise, I didn't get notified of your reply.
I will go over your logs now, and get back ASAP.
There is nothing dramatic showing there ??
Let's try Combofix again, it has been updated.
Please delete the copy of ComboFix that you have and download an updated copy from one of the links below
Please visit this webpage for instructions on using ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
ComboFix.exe (http://www.forospyware.com/sUBs/ComboFix.exe)
ComboFix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper
No problem on the wait. I suspected you were not notified. I am not always notified. Sometimes it heads directly to the spam folder too, so I have to always check.
I will try running again, but it will be later today. I will let you know what happens.
Thanks for helping out!!
If did run this time.
ComboFix 10-02-26.01 - Mom 02/26/2010 16:30:59.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2276 [GMT -6:00]
Running from: c:\documents and settings\Mom\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Mom\My Documents\ZbThumbnail.info
c:\program files\Common Files\Uninstall
c:\recycler\S-1-5-21-1214440339-1935655697-725345543-1004
c:\recycler\S-1-5-21-507921405-1844823847-725345543-1003
c:\windows\system32\01200732.DLL
c:\windows\system32\reboot.txt
.
((((((((((((((((((((((((( Files Created from 2010-01-26 to 2010-02-26 )))))))))))))))))))))))))))))))
.
2010-02-22 03:30 . 2010-02-22 03:30 -------- d-----w- C:\Rooter$
2010-02-21 03:01 . 2010-02-21 03:00 38784 ----a-w- c:\documents and settings\Mom\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-21 03:01 . 2010-02-21 03:01 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-21 02:59 . 2010-02-21 02:59 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-02-21 02:59 . 2010-02-21 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-21 01:09 . 2010-02-21 01:09 -------- d-----w- c:\documents and settings\Mom\Application Data\Malwarebytes
2010-02-21 01:09 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-21 01:09 . 2010-02-21 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-21 01:09 . 2010-02-21 01:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-21 01:09 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-18 22:20 . 2010-02-18 22:21 -------- d-----w- C:\rsit
2010-02-15 01:51 . 2010-02-15 01:51 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\Yahoo!
2010-02-13 03:13 . 2010-02-20 15:33 -------- d-----w- c:\program files\SpywareBlaster
2010-02-12 23:00 . 2010-02-12 23:00 50354 ----a-w- c:\documents and settings\Mom\Application Data\Facebook\uninstall.exe
2010-02-12 23:00 . 2010-02-12 23:00 -------- d-----w- c:\documents and settings\Mom\Application Data\Facebook
2010-02-12 01:18 . 2010-02-12 01:18 -------- d-----w- c:\program files\ERUNT
2010-02-11 23:17 . 2010-02-11 23:17 -------- d-----w- c:\program files\Flip Video
2010-02-11 23:17 . 2010-02-11 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Mom\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Mom\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-01-30 19:53 . 2010-01-30 19:53 -------- d--h--w- c:\windows\system32\GroupPolicy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 22:13 . 2008-07-30 01:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-24 15:16 . 2009-10-02 20:40 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 02:33 . 2006-03-26 05:45 -------- d-----w- c:\program files\quicken
2010-02-21 03:03 . 2006-03-23 04:03 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-20 13:57 . 2006-03-17 01:33 90112 ----a-w- c:\windows\DUMP6021.tmp
2010-02-19 03:57 . 2006-03-17 02:01 -------- d-----w- c:\program files\McAfee
2010-02-11 23:16 . 2008-12-26 03:12 -------- d-----w- c:\program files\Pure Digital Technologies
2010-02-11 14:06 . 2009-12-04 22:15 -------- d-----w- c:\program files\Zynga
2010-02-07 16:55 . 2007-09-29 02:45 -------- d-----w- c:\program files\Google
2010-02-02 06:55 . 2008-12-17 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-30 22:14 . 2006-03-17 01:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-27 02:15 . 2009-09-20 00:34 696320 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-24 19:42 . 2010-01-24 19:42 -------- d-----w- c:\program files\Common Files\eSellerate
2010-01-24 19:40 . 2010-01-24 19:40 8854 ----a-r- c:\documents and settings\Mom\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
2010-01-24 19:40 . 2010-01-24 19:40 40960 ----a-r- c:\documents and settings\Mom\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2010-01-24 19:40 . 2010-01-24 19:40 10134 ----a-r- c:\documents and settings\Mom\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
2010-01-24 19:40 . 2010-01-24 19:40 -------- d-----w- c:\program files\Western Digital Technologies
2010-01-24 19:39 . 2008-08-13 22:02 -------- d-----w- c:\program files\Western Digital
2010-01-12 00:54 . 2010-01-12 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\RosettaStoneLtdServices
2010-01-12 00:52 . 2010-01-12 00:52 -------- d-----w- c:\program files\RosettaStoneLtdServices
2010-01-05 10:00 . 2005-08-16 10:18 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2009-04-08 23:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2005-08-16 10:18 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-03 21:23 . 2010-01-03 21:01 -------- d-----w- c:\program files\Family Tree Maker 2010
2010-01-03 21:04 . 2010-01-03 21:04 -------- d-----w- c:\program files\Windows Media Components
2010-01-03 21:04 . 2010-01-03 21:04 -------- d-----w- c:\program files\Microsoft.NET
2010-01-03 21:04 . 2010-01-03 21:04 1078 ----a-r- c:\documents and settings\Mom\Application Data\Microsoft\Installer\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}\DocumentationShortcu_EDEA8AB776834ED2AA19E6C078064C0D.exe
2010-01-03 21:04 . 2010-01-03 21:04 10134 ----a-r- c:\documents and settings\Mom\Application Data\Microsoft\Installer\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}\ARPPRODUCTICON.exe
2010-01-03 21:04 . 2010-01-03 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-03 21:04 . 2010-01-03 21:04 -------- d-----w- c:\program files\Microsoft WSE
2010-01-03 21:03 . 2010-01-03 21:01 -------- d-----w- c:\program files\BCL Technologies
2009-12-31 16:50 . 2006-03-17 01:27 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2005-08-16 10:37 343040 ------w- c:\windows\system32\mspaint.exe
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 07:08 . 2005-08-16 10:18 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2005-08-16 10:18 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 04:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-03-17 01:27 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-03-31 01:17 . 2006-03-23 04:05 104 --sh--r- c:\windows\system32\59C154333E.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-02-11 2349592]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-02-11 14:06 2349592 ----a-w- c:\program files\Zynga\tbZyn1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-02-11 2349592]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-02-11 2349592]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=c:\windows\pss\Personal Coach.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Mom^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
path=c:\documents and settings\Mom\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
backup=c:\windows\pss\WD Anywhere Backup Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
2010-02-02 06:55 160752 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 03:34 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 21:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McPvTray]
2009-11-17 17:15 670312 ----a-w- c:\program files\McAfee\Anti-Theft\McPvTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2008-12-12 18:46 9555968 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2009-05-01 01:24 214536 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-11 10:19 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 10:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-05-01 01:24 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager]
2008-01-30 10:50 438272 ----a-w- c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 23:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
"c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"67:UDP"= 67:UDP:DHCP Discovery Service
R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [11/17/2009 11:15 AM 63080]
R2 CX88XBAR;Video Advantage PCI Crossbar;c:\windows\system32\drivers\cx88xbar.sys [4/1/2006 7:42 PM 9216]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/25/2008 8:55 PM 93320]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [9/3/2009 3:44 PM 444224]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [1/30/2008 4:52 AM 106496]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S1 w810mdmm;w810mdmm;c:\windows\system32\drivers\w810mdmm.sys --> c:\windows\system32\drivers\w810mdmm.sys [?]
S2 gupdate1c95ff64fbe87d0;Google Update Service (gupdate1c95ff64fbe87d0);c:\program files\Google\Update\GoogleUpdate.exe [12/16/2008 9:19 PM 133104]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 1:43 PM 204800]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [1/24/2010 1:39 PM 11520]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [7/6/2007 4:28 PM 31768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
2010-02-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-20 06:55]
2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-17 15:49]
2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-17 15:49]
2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-04-06 17:22]
2010-02-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-04-06 17:22]
2010-02-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://batonrouge.cox.net/cci/home
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: att.net\my
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: nascar.com\www
Trusted Zone: windowsupdate.com\download
Trusted Zone: yahoo.com\us.f519.mail
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/59.10/uploader2.cab
.
- - - - ORPHANS REMOVED - - - -
BHO-{17599003-a66e-4467-8891-1d57c3e43fcd} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
Notify-awtstur - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
AddRemove-Diner Dash 2 - c:\program files\Yahoo! Games\Diner Dash 2\Uninstall.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 16:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x8AFE88C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f14b3a
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3930530056-1653841120-937661522-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2010-02-26 16:40:24
ComboFix-quarantined-files.txt 2010-02-26 22:40
ComboFix2.txt 2008-03-16 17:45
Pre-Run: 432,405,667,840 bytes free
Post-Run: 432,412,340,224 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - 4727FAF462127961FA65E9990A12E52A
That log looks clean apart from a few orphans, how are things running now ?
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
Still having redirects when I click on llinks from google search.
I get this in a window when I try to run Kapersky:
Launch of the Java application is interupted! Please establish an uninterrupted Internet connection for work with this program.
My internet connection is always on. The java icon appears in the system tray after I click on accept, but then it gives the error.
Not sure what to do.
Let's just have a look at something......
You must first verify that you can logon to the Windows Recovery Console.
How to use the Windows XP Recovery Console (http://www.bleepingcomputer.com/tutorials/tutorial117.html#start)
Next, please download maxlook (http://noahdfear.net/downloads/maxlook.exe), saving the file to your desktop.
Double click maxlook.exe to run it. Note - you must run it only once!
As instructed when the tool runs, restart the computer and logon to the Recovery Console.
Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C
batch look.bat
http://noahdfear.net/WTT/lookXP.gif
You will see 1 file copied many times then return to the x:\windows> prompt.
Type Exit to restart your computer then logon in normal mode.
Please run maxlook.exe again now. Note - you must run it only once!
It will produce looklog.txt on the desktop and open it.
Please post the results here.
maxlook:
Run from C:\Documents and Settings\Mom\Desktop\maxlook.exe on Sat 02/27/2010 at 9:23:20.93
No infected file found
Not sure if this matters, but:
While the system was rebooting, McAfee popped a window up and said it repaired something. I checked the log and attached is a screen shot of what it said.
McAfee popped a window up and said it repaired somethingThat file was part of tool I asked you to download, nothing to worry about.
A couple of questions for you ...
Do you have a Router ?
Which browser are you using for the web ?
Do you get redirected to the same site, or different ones ?
Do you know anything about Zynga Toolbar ?
Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan (http://www.pandasecurity.com/activescan/index/) << LINK
Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small export to notepad button and save the report to your desktop.
Please post the report in your reply.
answers:
Yes, I have a wirelss router. The infected PC is hard wired to the router.
Browser is IE7
I get redirected to random sites.
Zynga toolbar was downloaded for a game I play in facebook. I don't need it.
Active scan said I was infected. Report is here:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-02-28 07:42:53
PROTECTIONS: 1
MALWARE: 24
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\documents and settings\mom\cookies\mom@trafficmp[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\mom\cookies\mom@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\mom\cookies\mom@atdmt[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\mom\cookies\mom@247realmedia[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\mom\cookies\mom@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\mom\cookies\mom@mediaplex[2].txt
00147806 Cookie/7search TrackingCookie No 0 Yes No c:\documents and settings\mom\cookies\mom@7search[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\mom\cookies\mom@com[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\mom\cookies\mom@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\mom\cookies\mom@bs.serving-sys[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\documents and settings\mom\cookies\mom@www.burstbeacon[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\documents and settings\mom\cookies\mom@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\mom\cookies\mom@server.iad.liveperson[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\mom\cookies\mom@advertising[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\mom\cookies\mom@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\mom\cookies\mom@ads.pointroll[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\mom\cookies\mom@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\mom\cookies\mom@realmedia[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\documents and settings\mom\cookies\mom@go[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No c:\documents and settings\mom\cookies\mom@searchportal.information[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\mom\cookies\mom@target[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No c:\documents and settings\mom\cookies\mom@did-it[1].txt
00966839 Spyware/Virtumonde Spyware No 1 Yes No c:\program files\viewpoint\viewpoint experience technology\newcomponents\swfview.dll
01260840 Trj/Downloader.PME Virus/Trojan No 1 Yes No c:\documents and settings\mom\local settings\application data\wildtangent\cdacache\00\00\73.dat
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Well, that didn't shed much light on the situation :(
The files that Panda found were mainly cookies, and it didn't flag anything that would cause redirects.
Yes, I have a wirelss router. The infected PC is hard wired to the router.
Do you have more than one computer ?
If so, is that one having the same problems ?
Yes I have more than one computer.
I spot checked one and it is not having the same problem.
Looking around the web there appear to be many cases of redirects with Zynga installed, and when it is removed the problem stops.
I think we should try uninstalling it and see if that helps.
----------------------------------------------------------------------------------------
Step 1
Remove Programs
Older versions of some programs have vulnerabilities that malware can use to infect your system.
Now click Start---Control Panel. Double click Add or Remove Programs.
If any of the following programs are still listed there, click on the program to highlight it, and click on remove.
Zynga Toolbar
Now close the Control Panel.
----------------------------------------------------------------------------------------
Step 2
Custom CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"=-
[-HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Symantec PIF AlertEng"=-
Folder::
c:\program files\Zynga
c:\program files\viewpoint\viewpoint experience technology\newcomponents
c:\documents and settings\mom\local settings\application data\wildtangent
ADS::
Save this as CFScript.txt and place it on your desktop.
http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Combofix Log
A fresh HJT log
How are things running now ?
combofix part 1:
ComboFix 10-02-27.04 - Mom 02/28/2010 12:43:16.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2445 [GMT -6:00]
Running from: c:\documents and settings\Mom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mom\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\mom\local settings\application data\wildtangent
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\01.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\02.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\03.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\04.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\05.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\06.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\07.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\08.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\09.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\0A.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\0B.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\0C.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\0D.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\0E.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\0F.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\10.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\11.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\12.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\13.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\14.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\15.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\16.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\17.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\18.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\19.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\1A.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\1B.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\1C.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\1D.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\1E.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\1F.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\20.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\21.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\22.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\23.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\24.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\25.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\26.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\27.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\28.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\29.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\2A.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\2B.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\2C.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\2D.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\2E.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\2F.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\30.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\31.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\32.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\33.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\34.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\35.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\36.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\37.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\38.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\39.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\3A.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\3B.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\3C.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\3D.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\3E.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\3F.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\40.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\41.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\42.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\43.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\44.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\45.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\46.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\47.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\48.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\49.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\4A.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\4B.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\4C.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\4D.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\4E.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\4F.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\50.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\51.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\52.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\53.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\54.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\55.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\56.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\57.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\58.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\59.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\5A.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\5B.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\5C.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\5D.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\5E.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\5F.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\60.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\61.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\62.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\63.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\64.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\65.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\66.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\67.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\68.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\69.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\6A.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\6B.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\6C.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\6D.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\6E.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\6F.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\70.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\71.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\72.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\73.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\74.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\75.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\76.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\77.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\78.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\79.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\7A.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\7B.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\7C.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\7D.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\7E.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\7F.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\80.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\81.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\82.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\83.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\84.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\85.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\86.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\87.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\88.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\89.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\8A.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\8B.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\8C.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\8D.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\8E.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\8F.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\90.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\91.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\92.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\93.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\94.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\95.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\00\00\96.dat
c:\documents and settings\mom\local settings\application data\wildtangent\Cdacache\cdacache.odds
c:\program files\viewpoint\viewpoint experience technology\newcomponents
c:\program files\viewpoint\viewpoint experience technology\newcomponents\JpegReader.dll
c:\program files\viewpoint\viewpoint experience technology\newcomponents\MTS3Reader.dll
c:\program files\viewpoint\viewpoint experience technology\newcomponents\SWFView.dll
c:\program files\viewpoint\viewpoint experience technology\newcomponents\WaveletReader.dll
.
((((((((((((((((((((((((( Files Created from 2010-01-28 to 2010-02-28 )))))))))))))))))))))))))))))))
.
2010-02-28 03:19 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-02-28 03:19 . 2010-02-28 03:19 -------- d-----w- c:\program files\Panda Security
2010-02-27 15:17 . 2010-02-27 15:23 -------- d-----w- c:\windows\maxdriver
2010-02-22 03:30 . 2010-02-22 03:30 -------- d-----w- C:\Rooter$
2010-02-21 03:01 . 2010-02-21 03:00 38784 ----a-w- c:\documents and settings\Mom\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-21 03:01 . 2010-02-21 03:01 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-21 02:59 . 2010-02-21 02:59 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-02-21 02:59 . 2010-02-21 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-21 01:09 . 2010-02-21 01:09 -------- d-----w- c:\documents and settings\Mom\Application Data\Malwarebytes
2010-02-21 01:09 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-21 01:09 . 2010-02-21 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-21 01:09 . 2010-02-21 01:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-21 01:09 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-18 22:20 . 2010-02-18 22:21 -------- d-----w- C:\rsit
2010-02-15 01:51 . 2010-02-15 01:51 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\Yahoo!
2010-02-13 03:13 . 2010-02-27 15:44 -------- d-----w- c:\program files\SpywareBlaster
2010-02-12 23:00 . 2010-02-12 23:00 50354 ----a-w- c:\documents and settings\Mom\Application Data\Facebook\uninstall.exe
2010-02-12 23:00 . 2010-02-12 23:00 -------- d-----w- c:\documents and settings\Mom\Application Data\Facebook
2010-02-12 01:18 . 2010-02-12 01:18 -------- d-----w- c:\program files\ERUNT
2010-02-11 23:17 . 2010-02-11 23:17 -------- d-----w- c:\program files\Flip Video
2010-02-11 23:17 . 2010-02-11 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Mom\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Mom\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-01-30 19:53 . 2010-01-30 19:53 -------- d--h--w- c:\windows\system32\GroupPolicy
combofix part 2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 18:26 . 2008-07-30 01:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-24 15:16 . 2009-10-02 20:40 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 02:33 . 2006-03-26 05:45 -------- d-----w- c:\program files\quicken
2010-02-21 03:03 . 2006-03-23 04:03 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-20 13:57 . 2006-03-17 01:33 90112 ----a-w- c:\windows\DUMP6021.tmp
2010-02-19 03:57 . 2006-03-17 02:01 -------- d-----w- c:\program files\McAfee
2010-02-11 23:16 . 2008-12-26 03:12 -------- d-----w- c:\program files\Pure Digital Technologies
2010-02-07 16:55 . 2007-09-29 02:45 -------- d-----w- c:\program files\Google
2010-02-02 06:55 . 2008-12-17 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-30 22:14 . 2006-03-17 01:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-27 02:15 . 2009-09-20 00:34 696320 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-24 19:42 . 2010-01-24 19:42 -------- d-----w- c:\program files\Common Files\eSellerate
2010-01-24 19:40 . 2010-01-24 19:40 8854 ----a-r- c:\documents and settings\Mom\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
2010-01-24 19:40 . 2010-01-24 19:40 40960 ----a-r- c:\documents and settings\Mom\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2010-01-24 19:40 . 2010-01-24 19:40 10134 ----a-r- c:\documents and settings\Mom\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
2010-01-24 19:40 . 2010-01-24 19:40 -------- d-----w- c:\program files\Western Digital Technologies
2010-01-24 19:39 . 2008-08-13 22:02 -------- d-----w- c:\program files\Western Digital
2010-01-12 00:54 . 2010-01-12 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\RosettaStoneLtdServices
2010-01-12 00:52 . 2010-01-12 00:52 -------- d-----w- c:\program files\RosettaStoneLtdServices
2010-01-05 10:00 . 2005-08-16 10:18 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2009-04-08 23:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2005-08-16 10:18 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-03 21:23 . 2010-01-03 21:01 -------- d-----w- c:\program files\Family Tree Maker 2010
2010-01-03 21:04 . 2010-01-03 21:04 -------- d-----w- c:\program files\Windows Media Components
2010-01-03 21:04 . 2010-01-03 21:04 -------- d-----w- c:\program files\Microsoft.NET
2010-01-03 21:04 . 2010-01-03 21:04 1078 ----a-r- c:\documents and settings\Mom\Application Data\Microsoft\Installer\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}\DocumentationShortcu_EDEA8AB776834ED2AA19E6C078064C0D.exe
2010-01-03 21:04 . 2010-01-03 21:04 10134 ----a-r- c:\documents and settings\Mom\Application Data\Microsoft\Installer\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}\ARPPRODUCTICON.exe
2010-01-03 21:04 . 2010-01-03 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-03 21:04 . 2010-01-03 21:04 -------- d-----w- c:\program files\Microsoft WSE
2010-01-03 21:03 . 2010-01-03 21:01 -------- d-----w- c:\program files\BCL Technologies
2009-12-31 16:50 . 2006-03-17 01:27 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2005-08-16 10:37 343040 ------w- c:\windows\system32\mspaint.exe
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 07:08 . 2005-08-16 10:18 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2005-08-16 10:18 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 04:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-03-17 01:27 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-03-31 01:17 . 2006-03-23 04:05 104 --sh--r- c:\windows\system32\59C154333E.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-02-26_22.37.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-28 18:07 . 2010-02-28 18:07 16384 c:\windows\Temp\Perflib_Perfdata_700.dat
+ 2010-02-27 02:41 . 2010-02-28 17:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-03-23 02:42 . 2010-02-28 17:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-03-23 02:42 . 2010-02-26 22:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-03-23 02:42 . 2010-02-26 22:28 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-02-27 02:41 . 2010-02-28 17:59 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2001-07-14 23:32 . 2001-07-14 23:32 69632 c:\windows\setupupd\temp\wsdueng.dll
+ 2006-09-29 00:00 . 2006-09-29 00:00 82944 c:\windows\maxdriver\WudfRd.sys
+ 2006-09-28 23:55 . 2006-09-28 23:55 77568 c:\windows\maxdriver\WudfPf.sys
+ 2006-03-25 14:43 . 2008-04-13 18:46 19200 c:\windows\maxdriver\wstcodec.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 12032 c:\windows\maxdriver\ws2ifsl.sys
+ 2005-08-16 10:18 . 2006-10-19 01:00 38528 c:\windows\maxdriver\wpdusb.sys
+ 2006-03-17 01:48 . 2008-04-13 19:17 83072 c:\windows\maxdriver\wdmaud.sys
+ 2010-01-24 19:39 . 2007-10-01 21:17 11520 c:\windows\maxdriver\wdcsam.sys
+ 2008-09-17 23:33 . 2004-08-04 03:29 25471 c:\windows\maxdriver\watv10nt.sys
+ 2008-09-17 23:33 . 2004-08-04 03:29 22271 c:\windows\maxdriver\watv06nt.sys
+ 2005-08-16 10:18 . 2008-04-13 18:57 34560 c:\windows\maxdriver\wanarp.sys
+ 2008-09-17 23:33 . 2004-08-04 03:29 11935 c:\windows\maxdriver\wadv11nt.sys
+ 2008-09-17 23:33 . 2004-08-04 03:29 11871 c:\windows\maxdriver\wadv09nt.sys
+ 2008-09-17 23:33 . 2004-08-04 03:29 11295 c:\windows\maxdriver\wadv08nt.sys
+ 2008-09-17 23:33 . 2004-08-04 03:29 11807 c:\windows\maxdriver\wadv07nt.sys
+ 2008-09-17 23:33 . 2008-04-13 18:43 14208 c:\windows\maxdriver\wacompen.sys
+ 2007-03-30 17:17 . 2006-02-20 23:59 83344 c:\windows\maxdriver\w810obex.sys
+ 2007-03-30 17:17 . 2006-02-20 23:59 85408 c:\windows\maxdriver\w810mgmt.sys
+ 2007-03-30 17:17 . 2006-02-20 23:59 94064 c:\windows\maxdriver\w810mdm.sys
+ 2007-03-30 17:17 . 2006-02-20 23:59 58288 c:\windows\maxdriver\w810bus.sys
+ 2005-08-16 10:18 . 2008-04-13 18:41 52352 c:\windows\maxdriver\volsnap.sys
+ 2005-08-16 10:18 . 2008-04-13 18:44 81664 c:\windows\maxdriver\videoprt.sys
+ 2005-08-17 03:21 . 2008-04-13 18:36 42240 c:\windows\maxdriver\viaagp.sys
+ 2005-08-16 10:18 . 2008-04-13 18:44 20992 c:\windows\maxdriver\vga.sys
+ 2001-08-17 20:02 . 2004-08-10 11:00 58112 c:\windows\maxdriver\vdmindvd.sys
+ 2004-08-04 05:08 . 2008-04-13 18:45 20608 c:\windows\maxdriver\usbuhci.sys
+ 2006-03-17 01:34 . 2008-04-13 18:45 26368 c:\windows\maxdriver\usbstor.sys
+ 2007-07-20 00:19 . 2008-04-13 18:45 15104 c:\windows\maxdriver\usbscan.sys
+ 2006-04-05 00:36 . 2008-04-13 18:47 25856 c:\windows\maxdriver\usbprint.sys
+ 2004-08-04 05:08 . 2008-04-13 18:45 15872 c:\windows\maxdriver\usbintel.sys
+ 2004-08-04 05:08 . 2008-04-13 18:45 59520 c:\windows\maxdriver\usbhub.sys
+ 2004-08-04 05:08 . 2008-04-13 18:45 30208 c:\windows\maxdriver\usbehci.sys
+ 2006-03-23 02:41 . 2008-04-13 18:45 32128 c:\windows\maxdriver\usbccgp.sys
+ 2001-08-17 20:03 . 2008-04-13 18:45 25728 c:\windows\maxdriver\usbcamd2.sys
+ 2001-08-17 20:03 . 2008-04-13 18:45 25600 c:\windows\maxdriver\usbcamd.sys
+ 2010-01-12 00:49 . 2008-04-13 18:45 60032 c:\windows\maxdriver\USBAUDIO.sys
+ 2008-10-14 02:52 . 2009-08-29 00:42 40448 c:\windows\maxdriver\usbaapl.sys
+ 2008-08-24 20:31 . 2008-04-13 18:56 12800 c:\windows\maxdriver\usb8023x.sys
+ 2005-08-16 10:18 . 2008-04-13 18:56 12800 c:\windows\maxdriver\usb8023.sys
+ 2005-08-17 03:29 . 2001-08-17 19:52 36736 c:\windows\maxdriver\ultra.sys
+ 2005-08-16 10:18 . 2008-04-13 18:32 66048 c:\windows\maxdriver\udfs.sys
+ 2008-09-17 23:33 . 2008-04-13 18:36 44672 c:\windows\maxdriver\uagp35.sys
+ 2004-08-04 05:03 . 2008-04-13 18:56 12288 c:\windows\maxdriver\tunmp.sys
+ 2001-08-17 20:06 . 2004-08-10 11:00 21376 c:\windows\maxdriver\tsbvcap.sys
+ 2001-08-17 20:01 . 2004-08-10 11:00 51712 c:\windows\maxdriver\tosdvd.sys
+ 2005-08-16 10:37 . 2008-04-14 00:13 40840 c:\windows\maxdriver\termdd.sys
+ 2005-08-16 10:37 . 2008-04-14 00:13 21896 c:\windows\maxdriver\tdtcp.sys
+ 2005-08-16 10:37 . 2008-04-14 00:13 12040 c:\windows\maxdriver\tdpipe.sys
+ 2005-08-16 10:18 . 2008-04-13 19:00 19072 c:\windows\maxdriver\tdi.sys
+ 2005-08-16 10:18 . 2008-04-13 18:40 14976 c:\windows\maxdriver\tape.sys
+ 2006-03-17 01:48 . 2008-04-13 19:15 60800 c:\windows\maxdriver\sysaudio.sys
+ 2005-08-17 03:25 . 2001-08-17 20:07 32640 c:\windows\maxdriver\symc8xx.sys
+ 2005-08-17 03:26 . 2001-08-17 20:07 16256 c:\windows\maxdriver\symc810.sys
+ 2005-08-17 03:26 . 2001-08-17 20:07 30688 c:\windows\maxdriver\sym_u3.sys
+ 2005-08-17 03:24 . 2001-08-17 20:07 28384 c:\windows\maxdriver\sym_hi.sys
+ 2006-03-17 01:48 . 2008-04-13 18:45 56576 c:\windows\maxdriver\swmidi.sys
+ 2006-03-25 14:45 . 2008-04-13 18:46 15232 c:\windows\maxdriver\streamip.sys
+ 2004-08-04 05:08 . 2008-04-13 18:45 49408 c:\windows\maxdriver\stream.sys
+ 2005-08-16 10:40 . 2008-04-13 18:36 73472 c:\windows\maxdriver\sr.sys
+ 2005-08-17 03:22 . 2001-08-17 20:07 19072 c:\windows\maxdriver\sparrow.sys
+ 2004-08-04 05:09 . 2008-04-13 18:46 25344 c:\windows\maxdriver\sonydcam.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 14592 c:\windows\maxdriver\smclib.sys
+ 2008-09-17 23:33 . 2004-08-04 03:41 13240 c:\windows\maxdriver\slwdmsup.sys
+ 2008-09-17 23:33 . 2004-08-04 03:41 95424 c:\windows\maxdriver\slnthal.sys
+ 2006-03-25 14:45 . 2008-04-13 18:46 11136 c:\windows\maxdriver\slip.sys
+ 2005-08-17 03:20 . 2008-04-13 18:36 40960 c:\windows\maxdriver\sisagp.sys
+ 2004-08-04 04:59 . 2008-04-13 18:40 11392 c:\windows\maxdriver\sfloppy.sys
+ 2004-08-04 04:59 . 2008-04-13 18:40 11008 c:\windows\maxdriver\sffp_sd.sys
+ 2008-09-17 23:33 . 2008-04-13 18:40 10240 c:\windows\maxdriver\sffp_mmc.sys
+ 2004-08-04 04:59 . 2008-04-13 18:40 11904 c:\windows\maxdriver\sffdisk.sys
+ 2004-08-04 05:15 . 2008-04-13 19:15 64512 c:\windows\maxdriver\serial.sys
+ 2004-08-04 04:59 . 2008-04-13 18:40 15744 c:\windows\maxdriver\serenum.sys
+ 2010-02-27 15:22 . 2002-09-18 12:38 82944 c:\windows\maxdriver\sed.exe
+ 2005-08-16 10:18 . 2007-11-13 10:25 20480 c:\windows\maxdriver\secdrv.sys
+ 2004-08-04 05:07 . 2008-04-13 18:36 79232 c:\windows\maxdriver\sdbus.sys
+ 2004-08-04 04:59 . 2008-04-13 18:40 96384 c:\windows\maxdriver\scsiport.sys
+ 2010-01-24 19:36 . 2008-04-13 18:40 43904 c:\windows\maxdriver\sbp2port.sys
+ 2008-08-24 20:31 . 2008-04-13 18:56 30592 c:\windows\maxdriver\rndismpx.sys
+ 2005-08-16 10:18 . 2008-04-13 18:56 30592 c:\windows\maxdriver\rndismp.sys
+ 2001-08-17 19:24 . 2004-08-10 11:00 12032 c:\windows\maxdriver\riodrv.sys
+ 2001-08-17 19:24 . 2004-08-10 11:00 12032 c:\windows\maxdriver\rio8drv.sys
+ 2008-09-17 23:33 . 2008-04-13 18:46 59136 c:\windows\maxdriver\rfcomm.sys
+ 2005-08-16 10:35 . 2008-04-13 18:40 57600 c:\windows\maxdriver\redbook.sys
+ 2008-09-17 23:33 . 2004-08-04 03:41 13776 c:\windows\maxdriver\recagent.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 34432 c:\windows\maxdriver\rawwan.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 16512 c:\windows\maxdriver\raspti.sys
+ 2005-08-16 10:18 . 2008-04-13 19:19 48384 c:\windows\maxdriver\raspptp.sys
+ 2005-08-16 10:18 . 2008-04-13 18:57 41472 c:\windows\maxdriver\raspppoe.sys
+ 2005-08-16 10:18 . 2008-04-13 19:19 51328 c:\windows\maxdriver\rasl2tp.sys
+ 2005-08-17 03:26 . 2001-08-17 19:52 49024 c:\windows\maxdriver\ql1280.sys
+ 2005-08-17 03:26 . 2001-08-17 19:52 40448 c:\windows\maxdriver\ql1240.sys
+ 2005-08-17 03:27 . 2001-08-17 19:52 45312 c:\windows\maxdriver\ql12160.sys
+ 2005-08-17 03:26 . 2001-08-17 19:52 33152 c:\windows\maxdriver\ql10wnt.sys
+ 2005-08-17 03:26 . 2001-08-17 19:52 40320 c:\windows\maxdriver\ql1080.sys
+ 2008-11-20 19:19 . 2008-11-20 19:19 43872 c:\windows\maxdriver\pxhelp20.sys
+ 2009-09-19 15:19 . 2008-12-12 23:05 25264 c:\windows\maxdriver\purendis.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 17792 c:\windows\maxdriver\ptilink.sys
+ 2005-08-16 10:18 . 2008-04-13 18:56 69120 c:\windows\maxdriver\psched.sys
+ 2004-08-04 04:59 . 2008-04-13 18:31 35840 c:\windows\maxdriver\processr.sys
+ 2009-09-19 15:19 . 2008-12-12 23:05 23984 c:\windows\maxdriver\pnarp.sys
+ 2006-04-02 03:52 . 2003-12-05 23:46 10368 c:\windows\maxdriver\pfc.sys
+ 2005-08-17 03:24 . 2001-08-17 20:07 27296 c:\windows\maxdriver\perc2.sys
+ 2004-08-04 04:59 . 2008-04-13 18:40 24960 c:\windows\maxdriver\pciidex.sys
+ 2004-08-04 05:07 . 2008-04-13 18:36 68224 c:\windows\maxdriver\pci.sys
+ 2005-08-16 10:18 . 2008-04-13 18:40 19712 c:\windows\maxdriver\partmgr.sys
+ 2004-08-04 04:59 . 2008-04-13 18:40 80128 c:\windows\maxdriver\parport.sys
+ 2004-08-04 04:59 . 2008-04-13 18:31 42752 c:\windows\maxdriver\p3.sys
+ 2006-03-17 01:33 . 2008-04-13 18:46 61696 c:\windows\maxdriver\ohci1394.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 55936 c:\windows\maxdriver\nwlnkspx.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 63232 c:\windows\maxdriver\nwlnknb.sys
+ 2005-08-16 10:18 . 2008-04-13 18:56 88320 c:\windows\maxdriver\nwlnkipx.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 32512 c:\windows\maxdriver\nwlnkfwd.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 12416 c:\windows\maxdriver\nwlnkflt.sys
+ 2005-08-16 10:18 . 2008-04-13 18:32 30848 c:\windows\maxdriver\npfs.sys
+ 2005-08-16 10:18 . 2008-04-13 18:53 40320 c:\windows\maxdriver\nmnt.sys
+ 2001-08-17 19:24 . 2004-08-10 11:00 12032 c:\windows\maxdriver\nikedrv.sys
+ 2004-08-04 04:58 . 2008-04-13 18:51 61824 c:\windows\maxdriver\nic1394.sys
+ 2005-08-16 10:18 . 2008-04-13 18:56 34688 c:\windows\maxdriver\netbios.sys
+ 2005-08-16 10:18 . 2008-04-13 18:57 40576 c:\windows\maxdriver\ndproxy.sys
+ 2005-08-16 10:18 . 2008-04-13 19:20 91520 c:\windows\maxdriver\ndiswan.sys
+ 2004-08-04 05:03 . 2008-04-13 18:55 14592 c:\windows\maxdriver\ndisuio.sys
+ 2005-08-16 10:18 . 2008-04-13 18:57 10112 c:\windows\maxdriver\ndistapi.sys
+ 2006-03-25 14:45 . 2008-04-13 18:46 10880 c:\windows\maxdriver\ndisip.sys
+ 2006-03-25 14:43 . 2008-04-13 18:46 85248 c:\windows\maxdriver\nabtsfec.sys
+ 2008-09-17 23:32 . 2008-04-13 18:43 12672 c:\windows\maxdriver\mutohpen.sys
+ 2004-08-04 05:07 . 2008-04-13 18:36 15488 c:\windows\maxdriver\mssmbios.sys
+ 2005-08-16 10:18 . 2008-04-13 18:56 35072 c:\windows\maxdriver\msgpc.sys
+ 2005-08-16 10:18 . 2008-04-13 18:32 19072 c:\windows\maxdriver\msfs.sys
+ 2007-04-14 17:13 . 2008-04-13 18:46 51200 c:\windows\maxdriver\msdv.sys
+ 2005-08-17 03:24 . 2001-08-17 19:52 17280 c:\windows\maxdriver\mraid35x.sys
+ 2005-08-16 10:18 . 2008-04-13 18:39 92544 c:\windows\maxdriver\mqac.sys
+ 2005-08-16 10:18 . 2008-04-13 18:39 42368 c:\windows\maxdriver\mountmgr.sys
+ 2006-03-23 02:42 . 2001-08-17 19:48 12160 c:\windows\maxdriver\mouhid.sys
+ 2004-08-04 04:58 . 2008-04-13 18:39 23040 c:\windows\maxdriver\mouclass.sys
+ 2004-08-04 05:08 . 2008-04-13 19:00 30080 c:\windows\maxdriver\modem.sys
+ 2005-08-16 10:37 . 2004-08-10 09:45 11008 c:\windows\maxdriver\mhndrv.sys
+ 2007-04-06 03:20 . 2009-09-16 15:22 40552 c:\windows\maxdriver\mfesmfk.sys
+ 2007-04-06 03:20 . 2009-09-16 15:22 34248 c:\windows\maxdriver\mferkdk.sys
+ 2007-04-06 03:20 . 2009-09-16 15:22 35272 c:\windows\maxdriver\mfebopk.sys
+ 2007-04-06 03:19 . 2009-09-16 15:22 79816 c:\windows\maxdriver\mfeavfk.sys
+ 2004-08-04 05:07 . 2008-04-13 18:36 63744 c:\windows\maxdriver\mf.sys
+ 2008-09-17 23:32 . 2004-08-04 03:41 11868 c:\windows\maxdriver\mdmxsdk.sys
+ 2009-11-17 17:15 . 2009-11-17 17:15 63080 c:\windows\maxdriver\McPvDrv.sys
+ 2010-02-21 01:09 . 2010-01-07 22:07 38224 c:\windows\maxdriver\mbamswissarmy.sys
+ 2010-02-21 01:09 . 2010-01-07 22:07 19160 c:\windows\maxdriver\mbam.sys
+ 2006-10-29 17:39 . 2006-10-29 17:39 69824 c:\windows\maxdriver\LxrJD31d.sys
+ 2005-08-16 10:18 . 2009-06-24 11:18 92928 c:\windows\maxdriver\ksecdd.sys
+ 2006-03-23 02:41 . 2008-04-13 18:39 14592 c:\windows\maxdriver\kbdhid.sys
+ 2004-08-04 04:58 . 2008-04-13 18:39 24576 c:\windows\maxdriver\kbdclass.sys
+ 2001-08-17 19:58 . 2008-04-13 18:36 37248 c:\windows\maxdriver\isapnp.sys
+ 2005-08-16 10:33 . 2008-04-13 18:54 11264 c:\windows\maxdriver\irenum.sys
+ 2005-08-17 03:06 . 2008-04-13 18:45 46592 c:\windows\maxdriver\irbus.sys
+ 2004-11-02 21:12 . 2004-11-02 21:12 19456 c:\windows\maxdriver\iqvw32.sys
+ 2005-08-16 10:18 . 2008-04-13 19:19 75264 c:\windows\maxdriver\ipsec.sys
+ 2005-08-16 10:18 . 2008-04-13 18:57 20864 c:\windows\maxdriver\ipinip.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 32896 c:\windows\maxdriver\ipfltdrv.sys
+ 2005-08-16 10:18 . 2008-04-13 18:53 36608 c:\windows\maxdriver\ip6fw.sys
+ 2004-08-04 04:59 . 2008-04-13 18:31 36352 c:\windows\maxdriver\intelppm.sys
+ 2005-08-17 03:29 . 2001-08-17 19:52 16000 c:\windows\maxdriver\ini910u.sys
+ 2004-08-04 05:00 . 2008-04-13 18:40 42112 c:\windows\maxdriver\imapi.sys
+ 2004-08-04 05:14 . 2008-04-13 19:18 52480 c:\windows\maxdriver\i8042prt.sys
+ 2005-08-17 03:27 . 2008-04-13 18:41 18560 c:\windows\maxdriver\i2omp.sys
+ 2006-04-05 00:38 . 2007-03-08 04:20 21568 c:\windows\maxdriver\HPZius12.sys
+ 2006-04-05 00:42 . 2007-03-08 04:20 16496 c:\windows\maxdriver\HPZipr12.sys
+ 2006-04-05 00:42 . 2007-03-08 04:20 49920 c:\windows\maxdriver\HPZid412.sys
+ 2005-08-17 03:25 . 2001-08-17 20:07 25952 c:\windows\maxdriver\hpn.sys
+ 2006-03-23 02:41 . 2008-04-13 18:45 10368 c:\windows\maxdriver\hidusb.sys
+ 2004-08-04 05:08 . 2008-04-13 18:45 24960 c:\windows\maxdriver\hidparse.sys
+ 2005-08-17 03:06 . 2008-04-13 18:45 19200 c:\windows\maxdriver\hidir.sys
+ 2004-08-04 05:08 . 2008-04-13 18:45 36864 c:\windows\maxdriver\hidclass.sys
+ 2008-09-17 23:31 . 2008-04-13 18:46 25600 c:\windows\maxdriver\hidbth.sys
+ 2006-09-19 19:44 . 2009-05-18 19:17 26600 c:\windows\maxdriver\GEARAspiWDM.sys
+ 2008-09-17 23:31 . 2008-04-13 18:36 46464 c:\windows\maxdriver\gagp30kx.sys
+ 2001-08-17 19:57 . 2004-08-10 11:00 12160 c:\windows\maxdriver\fsvga.sys
+ 2004-08-04 04:59 . 2008-04-13 18:40 20480 c:\windows\maxdriver\flpydisk.sys
+ 2005-08-16 10:18 . 2008-04-13 18:33 44544 c:\windows\maxdriver\fips.sys
+ 2004-08-04 04:59 . 2008-04-13 18:40 27392 c:\windows\maxdriver\fdc.sys
+ 2004-08-04 05:00 . 2008-04-13 18:38 71168 c:\windows\maxdriver\dxg.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 10496 c:\windows\maxdriver\dxapi.sys
+ 2006-03-17 02:01 . 2005-08-12 11:20 40544 c:\windows\maxdriver\DRVNDDM.SYS
+ 2006-03-17 02:01 . 2005-09-12 09:30 89264 c:\windows\maxdriver\DRVMCDB.SYS
+ 2006-03-17 01:48 . 2008-04-13 18:45 60160 c:\windows\maxdriver\drmk.sys
+ 2005-08-17 03:23 . 2001-08-17 20:07 20192 c:\windows\maxdriver\dpti2o.sys
+ 2006-03-17 01:48 . 2008-04-13 18:45 52864 c:\windows\maxdriver\dmusic.sys
+ 2006-03-17 02:01 . 2005-08-25 18:16 22684 c:\windows\maxdriver\DLARTL_N.SYS
+ 2005-08-16 10:18 . 2008-04-13 18:40 14208 c:\windows\maxdriver\diskdump.sys
+ 2004-08-04 04:59 . 2008-04-13 18:40 36352 c:\windows\maxdriver\disk.sys
+ 2005-08-17 03:28 . 2001-08-17 19:52 14720 c:\windows\maxdriver\dac960nt.sys
+ 2004-08-04 04:59 . 2008-04-13 18:31 36736 c:\windows\maxdriver\crusoe.sys
+ 2001-08-17 19:24 . 2004-08-10 11:00 11776 c:\windows\maxdriver\cpqdap01.sys
+ 2005-08-17 03:24 . 2001-08-17 19:52 14976 c:\windows\maxdriver\cpqarray.sys
+ 2005-08-16 10:18 . 2008-04-13 19:16 49536 c:\windows\maxdriver\classpnp.sys
+ 2004-08-04 04:59 . 2008-04-13 18:40 62976 c:\windows\maxdriver\cdrom.sys
+ 2005-08-16 10:18 . 2008-04-13 19:14 63744 c:\windows\maxdriver\cdfs.sys
+ 2001-08-17 19:52 . 2004-08-10 11:00 18688 c:\windows\maxdriver\cdaudio.sys
+ 2006-03-25 14:43 . 2008-04-13 18:46 17024 c:\windows\maxdriver\ccdecode.sys
+ 2001-08-17 19:52 . 2001-08-17 19:52 13952 c:\windows\maxdriver\cbidf2k.sys
+ 2008-09-17 23:30 . 2008-04-13 18:46 18944 c:\windows\maxdriver\bthusb.sys
+ 2008-09-17 23:30 . 2008-04-13 18:46 36480 c:\windows\maxdriver\bthprint.sys
+ 2008-09-17 23:30 . 2008-04-13 18:46 37888 c:\windows\maxdriver\bthmodem.sys
+ 2008-09-17 23:30 . 2008-04-13 18:46 17024 c:\windows\maxdriver\bthenum.sys
+ 2005-08-16 10:18 . 2008-04-13 18:53 71552 c:\windows\maxdriver\bridge.sys
+ 2007-04-14 17:13 . 2008-04-13 18:46 38912 c:\windows\maxdriver\avc.sys
+ 2005-08-16 10:18 . 2008-04-13 18:51 55808 c:\windows\maxdriver\atmlane.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 31360 c:\windows\maxdriver\atmepvc.sys
+ 2005-08-16 10:18 . 2008-04-13 18:51 59904 c:\windows\maxdriver\atmarpc.sys
+ 2006-03-25 14:40 . 2002-11-05 05:00 28416 c:\windows\maxdriver\ativxstw.sys
+ 2006-03-25 14:37 . 2002-11-05 05:00 17664 c:\windows\maxdriver\ativtutw.sys
+ 2008-09-17 23:30 . 2004-08-04 03:29 63488 c:\windows\maxdriver\atinxsxx.sys
+ 2008-09-17 23:30 . 2004-08-04 03:29 31744 c:\windows\maxdriver\atinxbxx.sys
+ 2008-09-17 23:30 . 2004-08-04 03:29 73216 c:\windows\maxdriver\atintuxx.sys
+ 2008-09-17 23:30 . 2004-08-04 03:29 13824 c:\windows\maxdriver\atinttxx.sys
+ 2008-09-17 23:30 . 2004-08-04 03:29 28672 c:\windows\maxdriver\atinsnxx.sys
+ 2008-09-17 23:30 . 2004-08-04 03:29 52224 c:\windows\maxdriver\atinraxx.sys
+ 2008-09-17 23:30 . 2004-08-04 03:29 14336 c:\windows\maxdriver\atinpdxx.sys
+ 2008-09-17 23:30 . 2004-08-04 03:29 13824 c:\windows\maxdriver\atinmdxx.sys
+ 2008-09-17 23:30 . 2004-08-04 03:29 57856 c:\windows\maxdriver\atinbtxx.sys
+ 2006-03-25 14:36 . 2002-11-05 05:00 58240 c:\windows\maxdriver\atibtcap.sys
+ 2008-09-17 23:30 . 2004-08-04 03:29 34735 c:\windows\maxdriver\ati1xsxx.sys
+ 2008-09-17 23:30 . 2004-08-04 03:29 29455 c:\windows\maxdriver\ati1xbxx.sys
+ 2008-09-17 23:30 . 2004-08-04 03:29 36463 c:\windows\maxdriver\ati1tuxx.sys
+ 2008-09-17 23:30 . 2004-08-04 03:29 21343 c:\windows\maxdriver\ati1ttxx.sys
+ 2008-09-17 23:30 . 2004-08-04 03:29 26367 c:\windows\maxdriver\ati1snxx.sys
+ 2008-09-17 23:30 . 2004-08-04 03:29 63663 c:\windows\maxdriver\ati1rvxx.sys
+ 2008-09-17 23:30 . 2004-08-04 03:29 30671 c:\windows\maxdriver\ati1raxx.sys
+ 2008-09-17 23:30 . 2004-08-04 03:29 12047 c:\windows\maxdriver\ati1pdxx.sys
+ 2008-09-17 23:30 . 2004-08-04 03:29 11615 c:\windows\maxdriver\ati1mdxx.sys
+ 2008-09-17 23:30 . 2004-08-04 03:29 56623 c:\windows\maxdriver\ati1btxx.sys
+ 2004-08-04 04:59 . 2010-02-27 15:22 96512 c:\windows\maxdriver\atapi.sys
+ 2005-08-16 10:18 . 2008-04-13 18:57 14336 c:\windows\maxdriver\asyncmac.sys
+ 2005-08-17 03:28 . 2001-08-17 19:51 14848 c:\windows\maxdriver\asc3550.sys
+ 2005-08-17 03:29 . 2001-08-17 19:52 22400 c:\windows\maxdriver\asc3350p.sys
+ 2005-08-17 03:28 . 2001-08-17 19:52 26496 c:\windows\maxdriver\asc.sys
+ 2004-08-04 04:58 . 2008-04-13 18:51 60800 c:\windows\maxdriver\arp1394.sys
+ 2005-08-17 03:29 . 2001-08-17 19:52 12032 c:\windows\maxdriver\amsint.sys
+ 2004-08-04 04:59 . 2008-04-13 18:31 37760 c:\windows\maxdriver\amdk7.sys
+ 2004-08-04 04:59 . 2008-04-13 18:31 37376 c:\windows\maxdriver\amdk6.sys
+ 2005-08-17 03:15 . 2008-04-13 18:36 43008 c:\windows\maxdriver\amdagp.sys
+ 2005-08-17 03:15 . 2008-04-13 18:36 42752 c:\windows\maxdriver\alim1541.sys
+ 2005-08-17 03:23 . 2001-08-17 20:07 56960 c:\windows\maxdriver\aic78xx.sys
+ 2005-08-17 03:23 . 2001-08-17 20:07 55168 c:\windows\maxdriver\aic78u2.sys
+ 2005-08-17 03:22 . 2001-08-17 19:52 12800 c:\windows\maxdriver\aha154x.sys
+ 2005-08-17 03:20 . 2008-04-13 18:36 44928 c:\windows\maxdriver\agpcpq.sys
+ 2005-08-16 10:34 . 2008-04-13 18:36 42368 c:\windows\maxdriver\agp440.sys
+ 2001-08-17 19:57 . 2004-08-10 11:00 11648 c:\windows\maxdriver\acpiec.sys
+ 2005-08-17 03:29 . 2001-08-17 19:52 23552 c:\windows\maxdriver\ABP480N5.SYS
+ 2007-04-14 17:13 . 2008-04-13 18:46 48128 c:\windows\maxdriver\61883.sys
+ 2006-03-17 01:33 . 2008-04-13 18:46 53376 c:\windows\maxdriver\1394bus.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 4352 c:\windows\maxdriver\wmilib.sys
+ 2007-03-30 17:17 . 2006-02-20 23:59 5808 c:\windows\maxdriver\w810whnt.sys
+ 2007-03-30 17:17 . 2006-02-20 23:59 5808 c:\windows\maxdriver\w810wh.sys
+ 2007-03-30 17:17 . 2006-02-20 23:59 8336 c:\windows\maxdriver\w810mdfl.sys
+ 2007-03-30 17:17 . 2006-02-20 23:59 6176 c:\windows\maxdriver\w810cmnt.sys
+ 2007-03-30 17:17 . 2006-02-20 23:59 6176 c:\windows\maxdriver\w810cm.sys
+ 2005-08-17 03:31 . 2008-04-13 18:40 5376 c:\windows\maxdriver\viaide.sys
+ 2001-08-17 20:03 . 2004-08-10 11:00 4736 c:\windows\maxdriver\usbd.sys
+ 2005-08-17 03:32 . 2001-08-17 19:51 4992 c:\windows\maxdriver\toside.sys
+ 2004-08-04 04:58 . 2008-04-13 18:39 4352 c:\windows\maxdriver\swenum.sys
+ 2006-03-17 01:48 . 2008-04-13 18:45 6272 c:\windows\maxdriver\splitter.sys
+ 2008-09-17 23:33 . 2008-04-13 18:36 5888 c:\windows\maxdriver\smbali.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 5888 c:\windows\maxdriver\rootmdm.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 4224 c:\windows\maxdriver\rdpcdd.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 8832 c:\windows\maxdriver\rasacd.sys
+ 2006-03-17 01:28 . 2004-12-23 07:58 8704 c:\windows\maxdriver\PFModNT.sys
+ 2005-08-17 03:25 . 2001-08-17 20:07 5504 c:\windows\maxdriver\perc2hib.sys
+ 2001-08-17 19:51 . 2001-08-17 19:51 3328 c:\windows\maxdriver\pciide.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 6784 c:\windows\maxdriver\parvdm.sys
+ 2001-08-17 19:57 . 2004-08-10 11:00 3456 c:\windows\maxdriver\oprghdlr.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 2944 c:\windows\maxdriver\null.sys
+ 2006-03-25 14:46 . 2008-04-13 18:39 5504 c:\windows\maxdriver\mstee.sys
+ 2006-03-17 01:48 . 2008-04-13 18:39 4992 c:\windows\maxdriver\mspqm.sys
+ 2006-03-17 01:48 . 2008-04-13 18:39 5376 c:\windows\maxdriver\mspclock.sys
+ 2006-03-17 01:48 . 2008-04-13 18:39 7552 c:\windows\maxdriver\mskssrv.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 4224 c:\windows\maxdriver\mnmdd.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 7680 c:\windows\maxdriver\mcd.sys
+ 2005-08-16 10:34 . 2008-04-13 18:40 5504 c:\windows\maxdriver\intelide.sys
+ 2005-08-17 03:27 . 2008-04-13 18:41 8576 c:\windows\maxdriver\i2omgmt.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 7936 c:\windows\maxdriver\fs_rec.sys
+ 2006-03-17 01:33 . 2001-08-17 19:46 6400 c:\windows\maxdriver\enum1394.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 3328 c:\windows\maxdriver\dxgthk.sys
+ 2006-03-17 01:48 . 2008-04-13 18:45 2944 c:\windows\maxdriver\drmkaud.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 5888 c:\windows\maxdriver\dmload.sys
+ 2006-03-17 02:01 . 2005-08-25 18:16 5628 c:\windows\maxdriver\DLACDBHM.SYS
+ 2006-04-02 01:42 . 2004-05-17 06:00 9216 c:\windows\maxdriver\cx88xbar.sys
+ 2005-08-17 03:30 . 2001-08-17 19:51 6656 c:\windows\maxdriver\cmdide.sys
+ 2007-02-02 08:00 . 2007-02-02 08:00 9464 c:\windows\maxdriver\cdralw2k.sys
+ 2007-02-02 08:00 . 2007-02-02 08:00 9336 c:\windows\maxdriver\cdr4_xp.sys
+ 2005-08-17 03:28 . 2001-08-17 19:52 7680 c:\windows\maxdriver\cd20xrnt.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 4224 c:\windows\maxdriver\beep.sys
+ 2005-08-16 10:35 . 2001-08-17 19:59 3072 c:\windows\maxdriver\audstub.sys
+ 2006-03-25 14:40 . 2002-11-05 05:00 6912 c:\windows\maxdriver\atibtxbr.sys
+ 2006-03-17 01:54 . 2006-03-17 01:54 8552 c:\windows\maxdriver\asctrm.sys
+ 2006-03-25 14:58 . 2003-08-01 14:00 5056 c:\windows\maxdriver\AloPar.sys
+ 2005-08-17 03:30 . 2001-08-17 19:51 5248 c:\windows\maxdriver\aliide.sys
+ 2008-09-17 23:33 . 2008-04-13 18:46 121984 c:\windows\maxdriver\usbvideo.sys
+ 2004-08-04 05:08 . 2008-04-13 18:45 143872 c:\windows\maxdriver\usbport.sys
+ 2005-08-16 10:18 . 2008-04-13 18:39 384768 c:\windows\maxdriver\update.sys
+ 2005-08-16 10:18 . 2008-06-20 11:08 225856 c:\windows\maxdriver\tcpip6.sys
+ 2005-08-16 10:18 . 2008-06-20 11:51 361600 c:\windows\maxdriver\tcpip.sys
+ 2006-03-17 01:28 . 2005-06-07 03:40 180736 c:\windows\maxdriver\sthda.sys
+ 2006-03-17 01:27 . 2009-12-31 16:50 353792 c:\windows\maxdriver\srv.sys
+ 2008-09-17 23:33 . 2004-08-04 03:41 404990 c:\windows\maxdriver\slntamr.sys
+ 2008-09-17 23:33 . 2004-08-04 03:41 129535 c:\windows\maxdriver\slnt7554.sys
+ 2008-09-17 23:33 . 2004-08-04 03:29 166912 c:\windows\maxdriver\s3gnbm.sys
+ 2005-08-16 10:18 . 2008-05-08 14:02 203136 c:\windows\maxdriver\rmcast.sys
+ 2005-08-16 10:37 . 2008-04-14 00:13 139656 c:\windows\maxdriver\rdpwd.sys
+ 2005-08-16 10:37 . 2008-04-13 18:32 196224 c:\windows\maxdriver\rdpdr.sys
+ 2005-08-16 10:18 . 2008-04-13 19:28 175744 c:\windows\maxdriver\rdbss.sys
+ 2004-03-16 17:58 . 2008-04-13 19:19 146048 c:\windows\maxdriver\portcls.sys
+ 2004-08-04 05:07 . 2008-04-13 18:36 120192 c:\windows\maxdriver\pcmcia.sys
+ 2005-08-16 10:18 . 2008-04-13 18:34 163584 c:\windows\maxdriver\nwrdr.sys
+ 2008-09-17 23:32 . 2004-08-04 03:41 180360 c:\windows\maxdriver\ntmtlfax.sys
+ 2005-08-16 10:18 . 2008-04-13 19:15 574976 c:\windows\maxdriver\ntfs.sys
+ 2005-08-16 10:18 . 2008-04-13 19:21 162816 c:\windows\maxdriver\netbt.sys
+ 2005-08-16 10:18 . 2008-04-13 19:20 182656 c:\windows\maxdriver\ndis.sys
+ 2005-08-16 10:18 . 2008-04-13 19:17 105344 c:\windows\maxdriver\mup.sys
+ 2008-09-17 23:32 . 2004-08-04 03:29 452736 c:\windows\maxdriver\mtxparhm.sys
+ 2008-09-17 23:32 . 2004-08-04 03:41 126686 c:\windows\maxdriver\mtlmnt5.sys
+ 2006-03-17 01:27 . 2009-12-04 18:22 455424 c:\windows\maxdriver\mrxsmb.sys
+ 2005-08-16 10:18 . 2008-04-13 18:32 180608 c:\windows\maxdriver\mrxdav.sys
+ 2007-04-06 03:19 . 2009-07-16 17:32 120136 c:\windows\maxdriver\Mpfp.sys
+ 2007-04-06 03:19 . 2009-09-16 15:22 214664 c:\windows\maxdriver\mfehidk.sys
+ 2004-08-04 05:15 . 2008-04-13 19:16 141056 c:\windows\maxdriver\ks.sys
+ 2006-03-17 01:48 . 2008-04-13 18:45 172416 c:\windows\maxdriver\kmixer.sys
+ 2005-08-16 10:18 . 2008-04-13 18:57 152832 c:\windows\maxdriver\ipnat.sys
+ 2004-08-04 05:00 . 2009-10-20 16:20 265728 c:\windows\maxdriver\http.sys
+ 2008-09-17 23:31 . 2004-08-04 03:41 685056 c:\windows\maxdriver\hsfcxts2.sys
+ 2008-09-17 23:31 . 2004-08-04 03:41 220032 c:\windows\maxdriver\hsfbs2s2.sys
+ 2004-08-12 23:45 . 2004-08-12 23:45 113664 c:\windows\maxdriver\Hdaudio.sys
+ 2004-08-12 23:45 . 2008-04-13 16:36 144384 c:\windows\maxdriver\hdaudbus.sys
+ 2001-08-17 19:52 . 2001-08-17 19:52 125056 c:\windows\maxdriver\ftdisk.sys
+ 2005-08-16 10:40 . 2008-04-13 18:32 129792 c:\windows\maxdriver\fltmgr.sys
+ 2005-08-16 10:18 . 2008-04-13 19:14 143744 c:\windows\maxdriver\fastfat.sys
+ 2005-08-16 10:35 . 2004-10-15 03:30 155648 c:\windows\maxdriver\e100b325.sys
+ 2005-08-16 10:18 . 2008-04-13 18:44 153344 c:\windows\maxdriver\dmio.sys
+ 2005-08-16 10:18 . 2008-04-13 18:44 799744 c:\windows\maxdriver\dmboot.sys
+ 2005-08-17 03:28 . 2001-08-17 19:52 179584 c:\windows\maxdriver\dac2w2k.sys
+ 2006-04-02 01:42 . 2004-05-17 06:00 185216 c:\windows\maxdriver\cx88vid.sys
+ 2006-03-17 01:28 . 2005-05-26 04:34 158464 c:\windows\maxdriver\CTUSFSYN.SYS
+ 2006-03-17 01:28 . 2005-01-11 06:15 138752 c:\windows\maxdriver\CTSFM2K.SYS
+ 2006-03-17 01:28 . 2005-01-11 06:15 106496 c:\windows\maxdriver\CTOSS2K.SYS
+ 2001-08-17 20:02 . 2004-08-10 11:00 262528 c:\windows\maxdriver\cinemst2.sys
+ 2008-06-11 09:34 . 2008-06-13 11:05 272128 c:\windows\maxdriver\bthport.sys
+ 2008-09-17 23:30 . 2008-04-13 18:51 101120 c:\windows\maxdriver\bthpan.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 352256 c:\windows\maxdriver\atmuni.sys
+ 2006-03-25 14:39 . 2004-08-04 04:29 104960 c:\windows\maxdriver\atinrvxx.sys
+ 2008-09-17 23:30 . 2004-08-04 03:29 327040 c:\windows\maxdriver\ati2mtaa.sys
+ 2005-08-16 10:18 . 2008-08-14 10:04 138496 c:\windows\maxdriver\afd.sys
+ 2006-03-17 01:48 . 2008-04-13 16:39 142592 c:\windows\maxdriver\aec.sys
+ 2005-08-17 03:23 . 2001-08-17 20:07 101888 c:\windows\maxdriver\adpu160m.sys
+ 2004-08-04 05:07 . 2008-04-13 18:36 187776 c:\windows\maxdriver\acpi.sys
+ 2009-08-04 20:06 . 2009-08-04 20:06 132352 c:\windows\Downloaded Program Files\as2stubie.dll
+ 2006-03-17 01:28 . 2005-03-25 22:11 1350272 c:\windows\maxdriver\sigfilt.sys
+ 2010-02-27 15:22 . 2009-12-12 03:48 1041920 c:\windows\maxdriver\pevFind.exe
+ 2005-08-16 10:35 . 2004-08-04 04:29 1897408 c:\windows\maxdriver\nv4_mini.sys
+ 2008-09-17 23:32 . 2004-08-04 03:41 1309184 c:\windows\maxdriver\mtlstrm.sys
+ 2008-09-17 23:31 . 2004-08-04 03:41 1041536 c:\windows\maxdriver\hsfdpsp2.sys
+ 2006-03-17 01:28 . 2005-08-04 10:10 1273344 c:\windows\maxdriver\ati2mtag.sys
.
-- Snapshot reset to current date --
combofix part 3:
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtstur]
[BU]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=c:\windows\pss\Personal Coach.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Mom^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
path=c:\documents and settings\Mom\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
backup=c:\windows\pss\WD Anywhere Backup Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
2010-02-02 06:55 160752 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 03:34 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 21:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McPvTray]
2009-11-17 17:15 670312 ----a-w- c:\program files\McAfee\Anti-Theft\McPvTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2008-12-12 18:46 9555968 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2009-05-01 01:24 214536 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-11 10:19 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 10:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-05-01 01:24 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager]
2008-01-30 10:50 438272 ----a-w- c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 23:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
"c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"67:UDP"= 67:UDP:DHCP Discovery Service
R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [11/17/2009 11:15 AM 63080]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2/27/2010 9:19 PM 28552]
R2 CX88XBAR;Video Advantage PCI Crossbar;c:\windows\system32\drivers\cx88xbar.sys [4/1/2006 7:42 PM 9216]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/25/2008 8:55 PM 93320]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [9/3/2009 3:44 PM 444224]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [1/30/2008 4:52 AM 106496]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S1 w810mdmm;w810mdmm;c:\windows\system32\drivers\w810mdmm.sys --> c:\windows\system32\drivers\w810mdmm.sys [?]
S2 gupdate1c95ff64fbe87d0;Google Update Service (gupdate1c95ff64fbe87d0);c:\program files\Google\Update\GoogleUpdate.exe [12/16/2008 9:19 PM 133104]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 1:43 PM 204800]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [1/24/2010 1:39 PM 11520]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [7/6/2007 4:28 PM 31768]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PAVBOOT
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
2010-02-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-20 06:55]
2010-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-17 15:49]
2010-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-17 15:49]
2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-04-06 17:22]
2010-02-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-04-06 17:22]
2010-02-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://batonrouge.cox.net/cci/home
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: att.net\my
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: nascar.com\www
Trusted Zone: windowsupdate.com\download
Trusted Zone: yahoo.com\us.f519.mail
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/59.10/uploader2.cab
.
- - - - ORPHANS REMOVED - - - -
BHO-{17599003-a66e-4467-8891-1d57c3e43fcd} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-28 12:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x8B07C8C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f14b3a
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3930530056-1653841120-937661522-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2010-02-28 12:55:58
ComboFix-quarantined-files.txt 2010-02-28 18:55
ComboFix2.txt 2010-02-26 22:40
ComboFix3.txt 2008-03-16 17:45
Pre-Run: 432,194,105,344 bytes free
Post-Run: 432,197,906,432 bytes free
- - End Of File - - 9E99B61DEB440503F2D62A53D34D67FC
I checked the google links, and it still redirects. I googled redirect virus and it sent me to "apartmentfinder.com" and knows the town I live in.
hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:20 PM, on 2/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Java\jre6\bin\jusched.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://batonrouge.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://my.att.net
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.nascar.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/59.10/uploader2.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/52.09/uploader2.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205631147421
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5488/mcfscan.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: awtstur - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Unknown owner - C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: Google Update Service (gupdate1c95ff64fbe87d0) (gupdate1c95ff64fbe87d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: RosettaStoneDaemon - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
--
End of file - 15345 bytes
Let's just try something before you upgrade.
Please try running a vanilla IE as follows:
Start > All Programs > Accessories > System Tools - IE (No Add-Ons)
See if you are still getting the redirects.
If you are still getting them, please do the following
Download TDSSKiller.zip (http://support.kaspersky.com/viruses/solutions?qid=208280684) and extract TDSSKiller.exe to your Desktop.
Double-click TDSSKiller.exe and follow the prompts to run it.
When finished, it will prompt you to press any key.
It will produce a log here > C:\TDSSKiller.2.2.7_date_time_log.txt
Please navigate to the file, double-click to open it, and copy/paste the contents in your next reply.
IE was was NOT HAPPY when trying to run with no add ons... :laugh:
Ran the TDSS
15:29:58:671 5084 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
15:29:58:671 5084 ================================================================================
15:29:58:671 5084 SystemInfo:
15:29:58:671 5084 OS Version: 5.1.2600 ServicePack: 3.0
15:29:58:671 5084 Product type: Workstation
15:29:58:671 5084 ComputerName: KATHY
15:29:58:671 5084 UserName: Mom
15:29:58:671 5084 Windows directory: C:\WINDOWS
15:29:58:671 5084 Processor architecture: Intel x86
15:29:58:671 5084 Number of processors: 2
15:29:58:671 5084 Page size: 0x1000
15:29:58:687 5084 Boot type: Normal boot
15:29:58:687 5084 ================================================================================
15:29:58:687 5084 UnloadDriverW: NtUnloadDriver error 2
15:29:58:687 5084 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
15:29:58:859 5084 Initialize success
15:29:58:859 5084
15:29:58:859 5084 Scanning Services ...
15:29:58:859 5084 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
15:29:58:859 5084 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:29:58:859 5084 wfopen_ex: Trying to KLMD file open
15:29:58:859 5084 wfopen_ex: File opened ok (Flags 2)
15:29:58:859 5084 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
15:29:58:859 5084 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:29:58:859 5084 wfopen_ex: Trying to KLMD file open
15:29:58:859 5084 wfopen_ex: File opened ok (Flags 2)
15:29:59:296 5084 GetAdvancedServicesInfo: Raw services enum returned 433 services
15:29:59:328 5084 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
15:29:59:328 5084 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
15:29:59:328 5084
15:29:59:328 5084 Scanning Kernel memory ...
15:29:59:328 5084 Devices to scan: 12
15:29:59:328 5084
15:29:59:328 5084 Driver Name: Disk
15:29:59:328 5084 IRP_MJ_CREATE : BA0EEBB0
15:29:59:328 5084 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:29:59:328 5084 IRP_MJ_CLOSE : BA0EEBB0
15:29:59:328 5084 IRP_MJ_READ : BA0E8D1F
15:29:59:328 5084 IRP_MJ_WRITE : BA0E8D1F
15:29:59:328 5084 IRP_MJ_QUERY_INFORMATION : 804F4562
15:29:59:328 5084 IRP_MJ_SET_INFORMATION : 804F4562
15:29:59:328 5084 IRP_MJ_QUERY_EA : 804F4562
15:29:59:328 5084 IRP_MJ_SET_EA : 804F4562
15:29:59:328 5084 IRP_MJ_FLUSH_BUFFERS : BA0E92E2
15:29:59:328 5084 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:29:59:328 5084 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:29:59:328 5084 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:29:59:328 5084 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:29:59:328 5084 IRP_MJ_DEVICE_CONTROL : BA0E93BB
15:29:59:328 5084 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28
15:29:59:328 5084 IRP_MJ_SHUTDOWN : BA0E92E2
15:29:59:328 5084 IRP_MJ_LOCK_CONTROL : 804F4562
15:29:59:328 5084 IRP_MJ_CLEANUP : 804F4562
15:29:59:328 5084 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:29:59:328 5084 IRP_MJ_QUERY_SECURITY : 804F4562
15:29:59:328 5084 IRP_MJ_SET_SECURITY : 804F4562
15:29:59:328 5084 IRP_MJ_POWER : BA0EAC82
15:29:59:328 5084 IRP_MJ_SYSTEM_CONTROL : BA0EF99E
15:29:59:328 5084 IRP_MJ_DEVICE_CHANGE : 804F4562
15:29:59:328 5084 IRP_MJ_QUERY_QUOTA : 804F4562
15:29:59:328 5084 IRP_MJ_SET_QUOTA : 804F4562
15:29:59:328 5084 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:29:59:328 5084 sion
15:29:59:328 5084 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:29:59:328 5084
15:29:59:328 5084 Driver Name: Disk
15:29:59:328 5084 IRP_MJ_CREATE : BA0EEBB0
15:29:59:328 5084 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:29:59:328 5084 IRP_MJ_CLOSE : BA0EEBB0
15:29:59:328 5084 IRP_MJ_READ : BA0E8D1F
15:29:59:328 5084 IRP_MJ_WRITE : BA0E8D1F
15:29:59:328 5084 IRP_MJ_QUERY_INFORMATION : 804F4562
15:29:59:328 5084 IRP_MJ_SET_INFORMATION : 804F4562
15:29:59:328 5084 IRP_MJ_QUERY_EA : 804F4562
15:29:59:328 5084 IRP_MJ_SET_EA : 804F4562
15:29:59:328 5084 IRP_MJ_FLUSH_BUFFERS : BA0E92E2
15:29:59:328 5084 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:29:59:328 5084 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:29:59:328 5084 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:29:59:328 5084 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:29:59:328 5084 IRP_MJ_DEVICE_CONTROL : BA0E93BB
15:29:59:328 5084 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28
15:29:59:328 5084 IRP_MJ_SHUTDOWN : BA0E92E2
15:29:59:328 5084 IRP_MJ_LOCK_CONTROL : 804F4562
15:29:59:328 5084 IRP_MJ_CLEANUP : 804F4562
15:29:59:328 5084 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:29:59:328 5084 IRP_MJ_QUERY_SECURITY : 804F4562
15:29:59:328 5084 IRP_MJ_SET_SECURITY : 804F4562
15:29:59:328 5084 IRP_MJ_POWER : BA0EAC82
15:29:59:328 5084 IRP_MJ_SYSTEM_CONTROL : BA0EF99E
15:29:59:328 5084 IRP_MJ_DEVICE_CHANGE : 804F4562
15:29:59:328 5084 IRP_MJ_QUERY_QUOTA : 804F4562
15:29:59:328 5084 IRP_MJ_SET_QUOTA : 804F4562
15:29:59:328 5084 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:29:59:328 5084 sion
15:29:59:343 5084 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:29:59:343 5084
15:29:59:343 5084 Driver Name: Disk
15:29:59:343 5084 IRP_MJ_CREATE : BA0EEBB0
15:29:59:343 5084 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:29:59:343 5084 IRP_MJ_CLOSE : BA0EEBB0
15:29:59:343 5084 IRP_MJ_READ : BA0E8D1F
15:29:59:343 5084 IRP_MJ_WRITE : BA0E8D1F
15:29:59:343 5084 IRP_MJ_QUERY_INFORMATION : 804F4562
15:29:59:343 5084 IRP_MJ_SET_INFORMATION : 804F4562
15:29:59:343 5084 IRP_MJ_QUERY_EA : 804F4562
15:29:59:343 5084 IRP_MJ_SET_EA : 804F4562
15:29:59:343 5084 IRP_MJ_FLUSH_BUFFERS : BA0E92E2
15:29:59:343 5084 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:29:59:343 5084 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:29:59:343 5084 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:29:59:343 5084 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:29:59:343 5084 IRP_MJ_DEVICE_CONTROL : BA0E93BB
15:29:59:343 5084 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28
15:29:59:343 5084 IRP_MJ_SHUTDOWN : BA0E92E2
15:29:59:343 5084 IRP_MJ_LOCK_CONTROL : 804F4562
15:29:59:343 5084 IRP_MJ_CLEANUP : 804F4562
15:29:59:343 5084 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:29:59:343 5084 IRP_MJ_QUERY_SECURITY : 804F4562
15:29:59:343 5084 IRP_MJ_SET_SECURITY : 804F4562
15:29:59:343 5084 IRP_MJ_POWER : BA0EAC82
15:29:59:343 5084 IRP_MJ_SYSTEM_CONTROL : BA0EF99E
15:29:59:343 5084 IRP_MJ_DEVICE_CHANGE : 804F4562
15:29:59:343 5084 IRP_MJ_QUERY_QUOTA : 804F4562
15:29:59:343 5084 IRP_MJ_SET_QUOTA : 804F4562
15:29:59:343 5084 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:29:59:343 5084 sion
15:29:59:343 5084 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:29:59:343 5084
15:29:59:343 5084 Driver Name: Disk
15:29:59:343 5084 IRP_MJ_CREATE : BA0EEBB0
15:29:59:343 5084 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:29:59:343 5084 IRP_MJ_CLOSE : BA0EEBB0
15:29:59:343 5084 IRP_MJ_READ : BA0E8D1F
15:29:59:343 5084 IRP_MJ_WRITE : BA0E8D1F
15:29:59:343 5084 IRP_MJ_QUERY_INFORMATION : 804F4562
15:29:59:343 5084 IRP_MJ_SET_INFORMATION : 804F4562
15:29:59:343 5084 IRP_MJ_QUERY_EA : 804F4562
15:29:59:343 5084 IRP_MJ_SET_EA : 804F4562
15:29:59:343 5084 IRP_MJ_FLUSH_BUFFERS : BA0E92E2
15:29:59:343 5084 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:29:59:343 5084 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:29:59:343 5084 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:29:59:343 5084 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:29:59:343 5084 IRP_MJ_DEVICE_CONTROL : BA0E93BB
15:29:59:343 5084 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28
15:29:59:343 5084 IRP_MJ_SHUTDOWN : BA0E92E2
15:29:59:343 5084 IRP_MJ_LOCK_CONTROL : 804F4562
15:29:59:343 5084 IRP_MJ_CLEANUP : 804F4562
15:29:59:343 5084 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:29:59:343 5084 IRP_MJ_QUERY_SECURITY : 804F4562
15:29:59:343 5084 IRP_MJ_SET_SECURITY : 804F4562
15:29:59:343 5084 IRP_MJ_POWER : BA0EAC82
15:29:59:343 5084 IRP_MJ_SYSTEM_CONTROL : BA0EF99E
15:29:59:343 5084 IRP_MJ_DEVICE_CHANGE : 804F4562
15:29:59:343 5084 IRP_MJ_QUERY_QUOTA : 804F4562
15:29:59:343 5084 IRP_MJ_SET_QUOTA : 804F4562
15:29:59:343 5084 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:29:59:343 5084 sion
15:29:59:343 5084 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:29:59:343 5084
15:29:59:343 5084 Driver Name: USBSTOR
15:29:59:343 5084 IRP_MJ_CREATE : BA3FD218
15:29:59:343 5084 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:29:59:343 5084 IRP_MJ_CLOSE : BA3FD218
15:29:59:343 5084 IRP_MJ_READ : BA3FD23C
15:29:59:343 5084 IRP_MJ_WRITE : BA3FD23C
15:29:59:343 5084 IRP_MJ_QUERY_INFORMATION : 804F4562
15:29:59:343 5084 IRP_MJ_SET_INFORMATION : 804F4562
15:29:59:343 5084 IRP_MJ_QUERY_EA : 804F4562
15:29:59:343 5084 IRP_MJ_SET_EA : 804F4562
15:29:59:343 5084 IRP_MJ_FLUSH_BUFFERS : 804F4562
15:29:59:343 5084 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:29:59:343 5084 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:29:59:343 5084 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:29:59:343 5084 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:29:59:343 5084 IRP_MJ_DEVICE_CONTROL : BA3FD180
15:29:59:343 5084 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA3F89E6
15:29:59:343 5084 IRP_MJ_SHUTDOWN : 804F4562
15:29:59:343 5084 IRP_MJ_LOCK_CONTROL : 804F4562
15:29:59:343 5084 IRP_MJ_CLEANUP : 804F4562
15:29:59:343 5084 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:29:59:343 5084 IRP_MJ_QUERY_SECURITY : 804F4562
15:29:59:343 5084 IRP_MJ_SET_SECURITY : 804F4562
15:29:59:343 5084 IRP_MJ_POWER : BA3FC5F0
15:29:59:343 5084 IRP_MJ_SYSTEM_CONTROL : BA3FAA6E
15:29:59:343 5084 IRP_MJ_DEVICE_CHANGE : 804F4562
15:29:59:343 5084 IRP_MJ_QUERY_QUOTA : 804F4562
15:29:59:343 5084 IRP_MJ_SET_QUOTA : 804F4562
15:29:59:359 5084 siohd: 0
15:29:59:359 5084 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
15:29:59:359 5084
15:29:59:359 5084 Driver Name: USBSTOR
15:29:59:359 5084 IRP_MJ_CREATE : BA3FD218
15:29:59:359 5084 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:29:59:359 5084 IRP_MJ_CLOSE : BA3FD218
15:29:59:359 5084 IRP_MJ_READ : BA3FD23C
15:29:59:359 5084 IRP_MJ_WRITE : BA3FD23C
15:29:59:359 5084 IRP_MJ_QUERY_INFORMATION : 804F4562
15:29:59:359 5084 IRP_MJ_SET_INFORMATION : 804F4562
15:29:59:359 5084 IRP_MJ_QUERY_EA : 804F4562
15:29:59:375 5084 IRP_MJ_SET_EA : 804F4562
15:29:59:375 5084 IRP_MJ_FLUSH_BUFFERS : 804F4562
15:29:59:375 5084 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:29:59:375 5084 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:29:59:375 5084 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:29:59:375 5084 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:29:59:375 5084 IRP_MJ_DEVICE_CONTROL : BA3FD180
15:29:59:375 5084 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA3F89E6
15:29:59:375 5084 IRP_MJ_SHUTDOWN : 804F4562
15:29:59:375 5084 IRP_MJ_LOCK_CONTROL : 804F4562
15:29:59:375 5084 IRP_MJ_CLEANUP : 804F4562
15:29:59:375 5084 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:29:59:375 5084 IRP_MJ_QUERY_SECURITY : 804F4562
15:29:59:375 5084 IRP_MJ_SET_SECURITY : 804F4562
15:29:59:375 5084 IRP_MJ_POWER : BA3FC5F0
15:29:59:375 5084 IRP_MJ_SYSTEM_CONTROL : BA3FAA6E
15:29:59:375 5084 IRP_MJ_DEVICE_CHANGE : 804F4562
15:29:59:375 5084 IRP_MJ_QUERY_QUOTA : 804F4562
15:29:59:375 5084 IRP_MJ_SET_QUOTA : 804F4562
15:29:59:375 5084 siohd: 0
15:29:59:375 5084 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
15:29:59:375 5084
15:29:59:375 5084 Driver Name: USBSTOR
15:29:59:375 5084 IRP_MJ_CREATE : BA3FD218
15:29:59:375 5084 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:29:59:375 5084 IRP_MJ_CLOSE : BA3FD218
15:29:59:375 5084 IRP_MJ_READ : BA3FD23C
15:29:59:375 5084 IRP_MJ_WRITE : BA3FD23C
15:29:59:375 5084 IRP_MJ_QUERY_INFORMATION : 804F4562
15:29:59:375 5084 IRP_MJ_SET_INFORMATION : 804F4562
15:29:59:375 5084 IRP_MJ_QUERY_EA : 804F4562
15:29:59:375 5084 IRP_MJ_SET_EA : 804F4562
15:29:59:375 5084 IRP_MJ_FLUSH_BUFFERS : 804F4562
15:29:59:375 5084 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:29:59:375 5084 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:29:59:375 5084 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:29:59:375 5084 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:29:59:375 5084 IRP_MJ_DEVICE_CONTROL : BA3FD180
15:29:59:375 5084 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA3F89E6
15:29:59:375 5084 IRP_MJ_SHUTDOWN : 804F4562
15:29:59:375 5084 IRP_MJ_LOCK_CONTROL : 804F4562
15:29:59:375 5084 IRP_MJ_CLEANUP : 804F4562
15:29:59:375 5084 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:29:59:375 5084 IRP_MJ_QUERY_SECURITY : 804F4562
15:29:59:375 5084 IRP_MJ_SET_SECURITY : 804F4562
15:29:59:375 5084 IRP_MJ_POWER : BA3FC5F0
15:29:59:375 5084 IRP_MJ_SYSTEM_CONTROL : BA3FAA6E
15:29:59:375 5084 IRP_MJ_DEVICE_CHANGE : 804F4562
15:29:59:375 5084 IRP_MJ_QUERY_QUOTA : 804F4562
15:29:59:375 5084 IRP_MJ_SET_QUOTA : 804F4562
15:29:59:375 5084 siohd: 0
15:29:59:375 5084 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
15:29:59:375 5084
15:29:59:375 5084 Driver Name: USBSTOR
15:29:59:375 5084 IRP_MJ_CREATE : BA3FD218
15:29:59:375 5084 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:29:59:375 5084 IRP_MJ_CLOSE : BA3FD218
15:29:59:375 5084 IRP_MJ_READ : BA3FD23C
15:29:59:375 5084 IRP_MJ_WRITE : BA3FD23C
15:29:59:375 5084 IRP_MJ_QUERY_INFORMATION : 804F4562
15:29:59:375 5084 IRP_MJ_SET_INFORMATION : 804F4562
15:29:59:375 5084 IRP_MJ_QUERY_EA : 804F4562
15:29:59:375 5084 IRP_MJ_SET_EA : 804F4562
15:29:59:375 5084 IRP_MJ_FLUSH_BUFFERS : 804F4562
15:29:59:375 5084 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:29:59:375 5084 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:29:59:375 5084 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:29:59:375 5084 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:29:59:375 5084 IRP_MJ_DEVICE_CONTROL : BA3FD180
15:29:59:375 5084 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA3F89E6
15:29:59:375 5084 IRP_MJ_SHUTDOWN : 804F4562
15:29:59:375 5084 IRP_MJ_LOCK_CONTROL : 804F4562
15:29:59:375 5084 IRP_MJ_CLEANUP : 804F4562
15:29:59:375 5084 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:29:59:375 5084 IRP_MJ_QUERY_SECURITY : 804F4562
15:29:59:375 5084 IRP_MJ_SET_SECURITY : 804F4562
15:29:59:375 5084 IRP_MJ_POWER : BA3FC5F0
15:29:59:375 5084 IRP_MJ_SYSTEM_CONTROL : BA3FAA6E
15:29:59:375 5084 IRP_MJ_DEVICE_CHANGE : 804F4562
15:29:59:375 5084 IRP_MJ_QUERY_QUOTA : 804F4562
15:29:59:375 5084 IRP_MJ_SET_QUOTA : 804F4562
15:29:59:375 5084 siohd: 0
15:29:59:390 5084 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
15:29:59:390 5084
15:29:59:390 5084 Driver Name: Disk
15:29:59:390 5084 IRP_MJ_CREATE : BA0EEBB0
15:29:59:390 5084 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:29:59:390 5084 IRP_MJ_CLOSE : BA0EEBB0
15:29:59:390 5084 IRP_MJ_READ : BA0E8D1F
15:29:59:390 5084 IRP_MJ_WRITE : BA0E8D1F
15:29:59:390 5084 IRP_MJ_QUERY_INFORMATION : 804F4562
15:29:59:390 5084 IRP_MJ_SET_INFORMATION : 804F4562
15:29:59:390 5084 IRP_MJ_QUERY_EA : 804F4562
15:29:59:390 5084 IRP_MJ_SET_EA : 804F4562
15:29:59:390 5084 IRP_MJ_FLUSH_BUFFERS : BA0E92E2
15:29:59:390 5084 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:29:59:390 5084 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:29:59:390 5084 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:29:59:390 5084 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:29:59:390 5084 IRP_MJ_DEVICE_CONTROL : BA0E93BB
15:29:59:390 5084 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28
15:29:59:390 5084 IRP_MJ_SHUTDOWN : BA0E92E2
15:29:59:390 5084 IRP_MJ_LOCK_CONTROL : 804F4562
15:29:59:390 5084 IRP_MJ_CLEANUP : 804F4562
15:29:59:390 5084 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:29:59:390 5084 IRP_MJ_QUERY_SECURITY : 804F4562
15:29:59:390 5084 IRP_MJ_SET_SECURITY : 804F4562
15:29:59:390 5084 IRP_MJ_POWER : BA0EAC82
15:29:59:390 5084 IRP_MJ_SYSTEM_CONTROL : BA0EF99E
15:29:59:390 5084 IRP_MJ_DEVICE_CHANGE : 804F4562
15:29:59:390 5084 IRP_MJ_QUERY_QUOTA : 804F4562
15:29:59:390 5084 IRP_MJ_SET_QUOTA : 804F4562
15:29:59:390 5084 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:29:59:390 5084 sion
15:29:59:390 5084 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:29:59:390 5084
15:29:59:390 5084 Driver Name: Disk
15:29:59:390 5084 IRP_MJ_CREATE : BA0EEBB0
15:29:59:390 5084 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:29:59:390 5084 IRP_MJ_CLOSE : BA0EEBB0
15:29:59:390 5084 IRP_MJ_READ : BA0E8D1F
15:29:59:390 5084 IRP_MJ_WRITE : BA0E8D1F
15:29:59:390 5084 IRP_MJ_QUERY_INFORMATION : 804F4562
15:29:59:390 5084 IRP_MJ_SET_INFORMATION : 804F4562
15:29:59:390 5084 IRP_MJ_QUERY_EA : 804F4562
15:29:59:390 5084 IRP_MJ_SET_EA : 804F4562
15:29:59:390 5084 IRP_MJ_FLUSH_BUFFERS : BA0E92E2
15:29:59:390 5084 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:29:59:390 5084 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:29:59:390 5084 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:29:59:390 5084 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:29:59:390 5084 IRP_MJ_DEVICE_CONTROL : BA0E93BB
15:29:59:390 5084 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28
15:29:59:390 5084 IRP_MJ_SHUTDOWN : BA0E92E2
15:29:59:390 5084 IRP_MJ_LOCK_CONTROL : 804F4562
15:29:59:390 5084 IRP_MJ_CLEANUP : 804F4562
15:29:59:390 5084 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:29:59:390 5084 IRP_MJ_QUERY_SECURITY : 804F4562
15:29:59:390 5084 IRP_MJ_SET_SECURITY : 804F4562
15:29:59:390 5084 IRP_MJ_POWER : BA0EAC82
15:29:59:390 5084 IRP_MJ_SYSTEM_CONTROL : BA0EF99E
15:29:59:390 5084 IRP_MJ_DEVICE_CHANGE : 804F4562
15:29:59:390 5084 IRP_MJ_QUERY_QUOTA : 804F4562
15:29:59:390 5084 IRP_MJ_SET_QUOTA : 804F4562
15:29:59:390 5084 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:29:59:406 5084 sion
15:29:59:406 5084 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:29:59:406 5084
15:29:59:406 5084 Driver Name: Disk
15:29:59:406 5084 IRP_MJ_CREATE : BA0EEBB0
15:29:59:406 5084 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
15:29:59:406 5084 IRP_MJ_CLOSE : BA0EEBB0
15:29:59:406 5084 IRP_MJ_READ : BA0E8D1F
15:29:59:406 5084 IRP_MJ_WRITE : BA0E8D1F
15:29:59:406 5084 IRP_MJ_QUERY_INFORMATION : 804F4562
15:29:59:406 5084 IRP_MJ_SET_INFORMATION : 804F4562
15:29:59:406 5084 IRP_MJ_QUERY_EA : 804F4562
15:29:59:406 5084 IRP_MJ_SET_EA : 804F4562
15:29:59:406 5084 IRP_MJ_FLUSH_BUFFERS : BA0E92E2
15:29:59:406 5084 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
15:29:59:406 5084 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
15:29:59:406 5084 IRP_MJ_DIRECTORY_CONTROL : 804F4562
15:29:59:406 5084 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
15:29:59:406 5084 IRP_MJ_DEVICE_CONTROL : BA0E93BB
15:29:59:406 5084 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECF28
15:29:59:406 5084 IRP_MJ_SHUTDOWN : BA0E92E2
15:29:59:406 5084 IRP_MJ_LOCK_CONTROL : 804F4562
15:29:59:406 5084 IRP_MJ_CLEANUP : 804F4562
15:29:59:406 5084 IRP_MJ_CREATE_MAILSLOT : 804F4562
15:29:59:406 5084 IRP_MJ_QUERY_SECURITY : 804F4562
15:29:59:406 5084 IRP_MJ_SET_SECURITY : 804F4562
15:29:59:406 5084 IRP_MJ_POWER : BA0EAC82
15:29:59:406 5084 IRP_MJ_SYSTEM_CONTROL : BA0EF99E
15:29:59:406 5084 IRP_MJ_DEVICE_CHANGE : 804F4562
15:29:59:406 5084 IRP_MJ_QUERY_QUOTA : 804F4562
15:29:59:406 5084 IRP_MJ_SET_QUOTA : 804F4562
15:29:59:406 5084 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
15:29:59:406 5084 sion
15:29:59:406 5084 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
15:29:59:406 5084
15:29:59:406 5084 Driver Name: atapi
15:29:59:406 5084 IRP_MJ_CREATE : B9F14B3A
15:29:59:406 5084 IRP_MJ_CREATE_NAMED_PIPE : B9F14B3A
15:29:59:406 5084 IRP_MJ_CLOSE : B9F14B3A
15:29:59:406 5084 IRP_MJ_READ : B9F14B3A
15:29:59:406 5084 IRP_MJ_WRITE : B9F14B3A
15:29:59:406 5084 IRP_MJ_QUERY_INFORMATION : B9F14B3A
15:29:59:406 5084 IRP_MJ_SET_INFORMATION : B9F14B3A
15:29:59:406 5084 IRP_MJ_QUERY_EA : B9F14B3A
15:29:59:406 5084 IRP_MJ_SET_EA : B9F14B3A
15:29:59:406 5084 IRP_MJ_FLUSH_BUFFERS : B9F14B3A
15:29:59:406 5084 IRP_MJ_QUERY_VOLUME_INFORMATION : B9F14B3A
15:29:59:406 5084 IRP_MJ_SET_VOLUME_INFORMATION : B9F14B3A
15:29:59:406 5084 IRP_MJ_DIRECTORY_CONTROL : B9F14B3A
15:29:59:406 5084 IRP_MJ_FILE_SYSTEM_CONTROL : B9F14B3A
15:29:59:406 5084 IRP_MJ_DEVICE_CONTROL : B9F14B3A
15:29:59:406 5084 IRP_MJ_INTERNAL_DEVICE_CONTROL : B9F14B3A
15:29:59:406 5084 IRP_MJ_SHUTDOWN : B9F14B3A
15:29:59:406 5084 IRP_MJ_LOCK_CONTROL : B9F14B3A
15:29:59:406 5084 IRP_MJ_CLEANUP : B9F14B3A
15:29:59:406 5084 IRP_MJ_CREATE_MAILSLOT : B9F14B3A
15:29:59:406 5084 IRP_MJ_QUERY_SECURITY : B9F14B3A
15:29:59:406 5084 IRP_MJ_SET_SECURITY : B9F14B3A
15:29:59:406 5084 IRP_MJ_POWER : B9F14B3A
15:29:59:406 5084 IRP_MJ_SYSTEM_CONTROL : B9F14B3A
15:29:59:406 5084 IRP_MJ_DEVICE_CHANGE : B9F14B3A
15:29:59:406 5084 IRP_MJ_QUERY_QUOTA : B9F14B3A
15:29:59:406 5084 IRP_MJ_SET_QUOTA : B9F14B3A
15:29:59:406 5084 TDL3_IrpHookDetect: TDL3 Stub signature found, trying to get hook true addr
15:29:59:406 5084 TDL3_IrpHookDetect: New IrpHandler addr: 8B07C8C8
15:29:59:406 5084 ihd: 10, FFDF0308, 510, 134, 3, 120, 0
15:29:59:406 5084 Driver "atapi" Irp handler infected by TDSS rootkit ... 15:29:59:406 5084 cured
15:29:59:406 5084 siohd: 0
15:29:59:421 5084 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Infected
15:29:59:421 5084 File C:\WINDOWS\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... 15:29:59:421 5084 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
15:29:59:421 5084 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
15:29:59:562 5084 vfvi6
15:29:59:671 5084 !dsvbh1
15:30:00:671 5084 dsvbh2
15:30:00:671 5084 fdfb2
15:30:00:671 5084 Backup copy found, using it..
15:30:00:703 5084 will be cured on next reboot
15:30:00:703 5084 Reboot required for cure complete..
15:30:00:828 5084 Cure on reboot scheduled successfully
15:30:00:828 5084
15:30:00:828 5084 Completed
15:30:00:828 5084
15:30:00:828 5084 Results:
15:30:00:828 5084 Memory objects infected / cured / cured on reboot: 1 / 1 / 0
15:30:00:843 5084 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
15:30:00:843 5084 File objects infected / cured / cured on reboot: 1 / 0 / 1
15:30:00:843 5084
15:30:00:843 5084 UnloadDriverW: NtUnloadDriver error 1
15:30:00:843 5084 KLMD_Unload: UnloadDriverW(klmd21) error 1
15:30:00:843 5084 KLMD(ARK) unloaded successfully
HA !!
It looks like we have tracked it down.
Please run Combofix again, and let me know if the redirects continue after.
YES!!! All is working now. Thank you so much for being so patient and diligent.
Any words of wisdom on how to prevent this from happening again?
combofix log:
ComboFix 10-02-27.04 - Mom 02/28/2010 15:56:35.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2445 [GMT -6:00]
Running from: c:\documents and settings\Mom\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((( Files Created from 2010-01-28 to 2010-02-28 )))))))))))))))))))))))))))))))
.
2010-02-28 03:19 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-02-28 03:19 . 2010-02-28 03:19 -------- d-----w- c:\program files\Panda Security
2010-02-27 15:17 . 2010-02-27 15:23 -------- d-----w- c:\windows\maxdriver
2010-02-22 03:30 . 2010-02-22 03:30 -------- d-----w- C:\Rooter$
2010-02-21 03:01 . 2010-02-21 03:00 38784 ----a-w- c:\documents and settings\Mom\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-21 03:01 . 2010-02-21 03:01 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-21 02:59 . 2010-02-21 02:59 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-02-21 02:59 . 2010-02-21 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-21 01:09 . 2010-02-21 01:09 -------- d-----w- c:\documents and settings\Mom\Application Data\Malwarebytes
2010-02-21 01:09 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-21 01:09 . 2010-02-21 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-21 01:09 . 2010-02-21 01:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-21 01:09 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-18 22:20 . 2010-02-18 22:21 -------- d-----w- C:\rsit
2010-02-15 01:51 . 2010-02-15 01:51 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\Yahoo!
2010-02-13 03:13 . 2010-02-27 15:44 -------- d-----w- c:\program files\SpywareBlaster
2010-02-12 23:00 . 2010-02-12 23:00 50354 ----a-w- c:\documents and settings\Mom\Application Data\Facebook\uninstall.exe
2010-02-12 23:00 . 2010-02-12 23:00 -------- d-----w- c:\documents and settings\Mom\Application Data\Facebook
2010-02-12 01:18 . 2010-02-12 01:18 -------- d-----w- c:\program files\ERUNT
2010-02-11 23:17 . 2010-02-11 23:17 -------- d-----w- c:\program files\Flip Video
2010-02-11 23:17 . 2010-02-11 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Mom\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Mom\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-01-30 19:53 . 2010-01-30 19:53 -------- d--h--w- c:\windows\system32\GroupPolicy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 21:55 . 2008-07-30 01:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-28 21:31 . 2004-08-04 04:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-24 15:16 . 2009-10-02 20:40 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 02:33 . 2006-03-26 05:45 -------- d-----w- c:\program files\quicken
2010-02-21 03:03 . 2006-03-23 04:03 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-20 13:57 . 2006-03-17 01:33 90112 ----a-w- c:\windows\DUMP6021.tmp
2010-02-19 03:57 . 2006-03-17 02:01 -------- d-----w- c:\program files\McAfee
2010-02-11 23:16 . 2008-12-26 03:12 -------- d-----w- c:\program files\Pure Digital Technologies
2010-02-07 16:55 . 2007-09-29 02:45 -------- d-----w- c:\program files\Google
2010-02-02 06:55 . 2008-12-17 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-30 22:14 . 2006-03-17 01:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-27 02:15 . 2009-09-20 00:34 696320 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-24 19:42 . 2010-01-24 19:42 -------- d-----w- c:\program files\Common Files\eSellerate
2010-01-24 19:40 . 2010-01-24 19:40 8854 ----a-r- c:\documents and settings\Mom\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
2010-01-24 19:40 . 2010-01-24 19:40 40960 ----a-r- c:\documents and settings\Mom\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2010-01-24 19:40 . 2010-01-24 19:40 10134 ----a-r- c:\documents and settings\Mom\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
2010-01-24 19:40 . 2010-01-24 19:40 -------- d-----w- c:\program files\Western Digital Technologies
2010-01-24 19:39 . 2008-08-13 22:02 -------- d-----w- c:\program files\Western Digital
2010-01-12 00:54 . 2010-01-12 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\RosettaStoneLtdServices
2010-01-12 00:52 . 2010-01-12 00:52 -------- d-----w- c:\program files\RosettaStoneLtdServices
2010-01-05 10:00 . 2005-08-16 10:18 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2009-04-08 23:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2005-08-16 10:18 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-03 21:23 . 2010-01-03 21:01 -------- d-----w- c:\program files\Family Tree Maker 2010
2010-01-03 21:04 . 2010-01-03 21:04 -------- d-----w- c:\program files\Windows Media Components
2010-01-03 21:04 . 2010-01-03 21:04 -------- d-----w- c:\program files\Microsoft.NET
2010-01-03 21:04 . 2010-01-03 21:04 1078 ----a-r- c:\documents and settings\Mom\Application Data\Microsoft\Installer\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}\DocumentationShortcu_EDEA8AB776834ED2AA19E6C078064C0D.exe
2010-01-03 21:04 . 2010-01-03 21:04 10134 ----a-r- c:\documents and settings\Mom\Application Data\Microsoft\Installer\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}\ARPPRODUCTICON.exe
2010-01-03 21:04 . 2010-01-03 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-03 21:04 . 2010-01-03 21:04 -------- d-----w- c:\program files\Microsoft WSE
2010-01-03 21:03 . 2010-01-03 21:01 -------- d-----w- c:\program files\BCL Technologies
2009-12-31 16:50 . 2006-03-17 01:27 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2005-08-16 10:37 343040 ------w- c:\windows\system32\mspaint.exe
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 07:08 . 2005-08-16 10:18 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2005-08-16 10:18 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 04:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-03-17 01:27 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-03-31 01:17 . 2006-03-23 04:05 104 --sh--r- c:\windows\system32\59C154333E.sys
.
((((((((((((((((((((((((((((( SnapShot_2010-02-28_18.53.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-28 21:32 . 2010-02-28 21:32 16384 c:\windows\Temp\Perflib_Perfdata_2b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtstur]
[BU]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=c:\windows\pss\Personal Coach.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Mom^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
path=c:\documents and settings\Mom\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
backup=c:\windows\pss\WD Anywhere Backup Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
2010-02-02 06:55 160752 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 03:34 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 21:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McPvTray]
2009-11-17 17:15 670312 ----a-w- c:\program files\McAfee\Anti-Theft\McPvTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2008-12-12 18:46 9555968 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2009-05-01 01:24 214536 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-11 10:19 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 10:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-05-01 01:24 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager]
2008-01-30 10:50 438272 ----a-w- c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 23:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
"c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"67:UDP"= 67:UDP:DHCP Discovery Service
R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [11/17/2009 11:15 AM 63080]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2/27/2010 9:19 PM 28552]
R2 CX88XBAR;Video Advantage PCI Crossbar;c:\windows\system32\drivers\cx88xbar.sys [4/1/2006 7:42 PM 9216]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/25/2008 8:55 PM 93320]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [9/3/2009 3:44 PM 444224]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [1/30/2008 4:52 AM 106496]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S1 w810mdmm;w810mdmm;c:\windows\system32\drivers\w810mdmm.sys --> c:\windows\system32\drivers\w810mdmm.sys [?]
S2 gupdate1c95ff64fbe87d0;Google Update Service (gupdate1c95ff64fbe87d0);c:\program files\Google\Update\GoogleUpdate.exe [12/16/2008 9:19 PM 133104]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 1:43 PM 204800]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [1/24/2010 1:39 PM 11520]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [7/6/2007 4:28 PM 31768]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - KLMDB
*Deregistered* - klmdb
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
2010-02-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-20 06:55]
2010-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-17 15:49]
2010-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-17 15:49]
2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-04-06 17:22]
2010-02-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-04-06 17:22]
2010-02-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://batonrouge.cox.net/cci/home
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: att.net\my
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: nascar.com\www
Trusted Zone: windowsupdate.com\download
Trusted Zone: yahoo.com\us.f519.mail
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/59.10/uploader2.cab
.
- - - - ORPHANS REMOVED - - - -
BHO-{17599003-a66e-4467-8891-1d57c3e43fcd} - (no file)
SafeBoot-klmdb.sys
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-28 16:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3930530056-1653841120-937661522-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1452)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-02-28 16:05:51
ComboFix-quarantined-files.txt 2010-02-28 22:05
ComboFix2.txt 2010-02-28 18:56
ComboFix3.txt 2010-02-26 22:40
ComboFix4.txt 2008-03-16 17:45
Pre-Run: 432,207,953,920 bytes free
Post-Run: 432,197,853,184 bytes free
- - End Of File - - 2EDC8113C6A3998094C4D01167A2D450
1) Thank you so much for being so patient and diligent.
2) Any words of wisdom on how to prevent this from happening again?
1) Not a problem, I'm just sorry I didn't spot it sooner.
2) Since you mention it :D: .... have a look below, I have given a few tips for staying clean and clear.
Congratulations your logs look clean :)
Let's see if I can help you keep it that way
First lets tidy up
Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://neoshine.co.uk/mina/Katana/CFU.gif
You can also delete any logs we have produced and any other tools we have downloaded.
----------------------------------------------------------- -----------------------------------------------------------
The following is some info to help you stay safe and clean.
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
All is well, thanks.
I have followed many recommendations you posted, and have adjusted security settings some.
Again, thank you so much.
Hope you have a wonderful week.