Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Help remove Protector-ivkr.exe


(!)

Ciera2455's Avatar
Ciera2455 Ciera2455 is offline
Member with 41 posts.
THREAD STARTER
 
Join Date: Oct 2002
Location: Illinois
10-Jul-2012, 07:22 PM #1
Help remove Protector-ivkr.exe
I haven't been out here in a long while (been fortunate), but thanks in advance for any help you can provide.

Tried the usual removal tricks, Malwarebytes will not run, HouseCall will not load and Kaspersky found the culprit, but failed to remove it with their "free" tool. Want me to buy more protection I guess. I've done all this in 'safe mode'. This came in an email attachment from a friend of the hubby. I run Microsoft Security Essentials and it has been running perfectly until this.

Here's my HijackThis log. I hope it has enough info in it.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:01:22 PM, on 7/10/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mary Jo\Local Settings\Temporary Internet Files\Content.IE5\PQ6R0ZL5\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO:  - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINDOWS\system32\lexpps.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: _uninst_80465894.lnk = C:\Documents and Settings\Mary Jo\Local Settings\Temp\_uninst_80465894.bat
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v47...abblecubes.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://69.129.103.82:8000/activex/AMC.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: FlipShare Server (FlipShareServer) - Unknown owner - C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://www.usps.org/e_stuff/BC.jpg

--
End of file - 11221 bytes
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,944 posts.
 
Join Date: Aug 2003
12-Jul-2012, 12:31 PM #2
Please download DDS by sUBs to your desktop from one of the following locations:

http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

Double-click the DDS.scr to run the tool.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt

Save them both to your desktop. Copy and paste the contents of the DDS.txt and Attach.txt files in your reply please.


Please download GMER from: http://gmer.net/index.php

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the Scan button and when the scan is finished, click Save and save the log in Notepad with the name ark.txt to your desktop.

Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.

Open the ark.txt file and copy and paste the contents of the log here please.
__________________
Microsoft MVP - Consumer Security
Ciera2455's Avatar
Ciera2455 Ciera2455 is offline
Member with 41 posts.
THREAD STARTER
 
Join Date: Oct 2002
Location: Illinois
16-Jul-2012, 12:43 PM #3
Scans
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33
Run by Mary Jo at 8:47:40 on 2012-07-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1334 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: COMODO Firewall Pro *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/a/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar =
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.yahoo.com/search?p=%s
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0411.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [Google Update] "c:\documents and settings\mary jo\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mPolicies-explorer: <NO NAME> =
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: sumtotalsystems.com\allstate
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Yahoo! Backgammon - hxxp://download.games.yahoo.com/games/clients/y/at1_x.cab
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst0401.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} - hxxp://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://69.129.103.82:8000/activex/AMC.cab
DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} - hxxp://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{99B2922A-F756-441F-AD63-68DAAE86535E} : DhcpNameServer = 75.75.75.75 75.75.76.76
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe
IFEO: Ad-Aware.exe - svchost.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 10.254.254.253 Xdrive
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mary jo\application data\mozilla\firefox\profiles\aapazohb.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - plugin: c:\documents and settings\mary jo\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\mary jo\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\mary jo\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\NPPLG90N.DLL
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 171064]
R1 MpKslb8595e48;MpKslb8595e48;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8e82412e-ab82-41b8-903f-7fded73e1694}\MpKslb8595e48.sys [2012-7-16 29904]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-3-16 616408]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
S1 areawcjv;areawcjv;\??\c:\windows\system32\drivers\areawcjv.sys --> c:\windows\system32\drivers\areawcjv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 USBDriver;RCA CDS1000 640x480 Driver;c:\windows\system32\drivers\cds1000.sys --> c:\windows\system32\drivers\cds1000.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-3 129976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
.
=============== Created Last 30 ================
.
2012-07-16 13:32:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-16 07:09:28 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8e82412e-ab82-41b8-903f-7fded73e1694}\offreg.dll
2012-07-16 07:09:28 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8e82412e-ab82-41b8-903f-7fded73e1694}\MpKslb8595e48.sys
2012-07-15 22:03:36 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8e82412e-ab82-41b8-903f-7fded73e1694}\mpengine.dll
2012-07-14 16:03:24 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-12 03:45:09 -------- d-----w- c:\program files\SpywareBlaster
2012-07-10 20:28:00 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2012-07-10 20:28:00 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2012-07-10 20:28:00 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2012-07-10 20:28:00 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2012-07-10 20:28:00 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2012-07-10 20:28:00 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2012-06-22 10:29:30 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
.
==================== Find3M ====================
.
2012-07-12 06:30:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 06:30:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 10:28:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-22 10:28:31 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2003-08-07 14:25:26 11066953 ------w- c:\program files\Helix_Producer_Basic_9.0.1_Setup.exe
.
============= FINISH: 8:49:18.50 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/14/2003 8:58:21 PM
System Uptime: 7/15/2012 4:50:26 PM (16 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G0728
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2660/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 54.682 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 447.665 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2167: 5/2/2012 8:25:30 AM - Software Distribution Service 3.0
RP2168: 5/3/2012 1:58:45 PM - Software Distribution Service 3.0
RP2169: 5/4/2012 2:44:50 PM - System Checkpoint
RP2170: 5/4/2012 9:19:56 PM - Software Distribution Service 3.0
RP2171: 5/5/2012 10:16:11 PM - System Checkpoint
RP2172: 5/6/2012 6:52:01 AM - Software Distribution Service 3.0
RP2173: 5/7/2012 7:38:55 AM - Software Distribution Service 3.0
RP2174: 5/8/2012 8:43:45 AM - Software Distribution Service 3.0
RP2175: 5/9/2012 8:32:13 AM - Software Distribution Service 3.0
RP2176: 5/10/2012 9:29:55 AM - Software Distribution Service 3.0
RP2177: 5/11/2012 9:44:19 AM - Software Distribution Service 3.0
RP2178: 5/12/2012 12:19:30 PM - System Checkpoint
RP2179: 5/13/2012 2:13:31 AM - Software Distribution Service 3.0
RP2180: 5/13/2012 9:13:15 AM - Software Distribution Service 3.0
RP2181: 5/14/2012 12:38:37 PM - System Checkpoint
RP2182: 5/14/2012 4:50:48 PM - Software Distribution Service 3.0
RP2183: 5/14/2012 9:55:56 PM - Software Distribution Service 3.0
RP2184: 5/16/2012 9:51:50 AM - Software Distribution Service 3.0
RP2185: 5/16/2012 10:11:53 AM - Software Distribution Service 3.0
RP2186: 5/17/2012 11:09:58 AM - Software Distribution Service 3.0
RP2187: 5/18/2012 11:34:40 AM - System Checkpoint
RP2188: 5/18/2012 9:07:35 PM - Software Distribution Service 3.0
RP2189: 5/19/2012 11:27:44 PM - System Checkpoint
RP2190: 5/20/2012 10:22:42 AM - Software Distribution Service 3.0
RP2191: 5/21/2012 12:09:03 PM - System Checkpoint
RP2192: 5/22/2012 9:31:12 AM - Software Distribution Service 3.0
RP2193: 5/23/2012 2:02:42 AM - Software Distribution Service 3.0
RP2194: 5/23/2012 3:23:30 PM - Software Distribution Service 3.0
RP2195: 5/24/2012 8:16:59 PM - Software Distribution Service 3.0
RP2196: 5/25/2012 6:18:23 PM - Software Distribution Service 3.0
RP2197: 5/26/2012 9:27:41 PM - Software Distribution Service 3.0
RP2198: 5/28/2012 4:34:52 AM - Software Distribution Service 3.0
RP2199: 5/29/2012 9:42:21 AM - Software Distribution Service 3.0
RP2200: 5/30/2012 8:40:05 AM - Software Distribution Service 3.0
RP2201: 5/31/2012 9:25:21 AM - Software Distribution Service 3.0
RP2202: 6/1/2012 10:39:44 AM - Software Distribution Service 3.0
RP2203: 6/2/2012 11:05:15 AM - Software Distribution Service 3.0
RP2204: 6/3/2012 1:22:08 PM - System Checkpoint
RP2205: 6/3/2012 4:23:39 PM - Software Distribution Service 3.0
RP2206: 6/4/2012 4:33:12 PM - System Checkpoint
RP2207: 6/5/2012 2:20:53 AM - Software Distribution Service 3.0
RP2208: 6/5/2012 10:52:54 AM - Software Distribution Service 3.0
RP2209: 6/6/2012 11:53:29 AM - System Checkpoint
RP2210: 6/6/2012 7:42:22 PM - Software Distribution Service 3.0
RP2211: 6/8/2012 6:26:58 AM - Software Distribution Service 3.0
RP2212: 6/9/2012 9:34:23 AM - Software Distribution Service 3.0
RP2213: 6/10/2012 10:20:12 AM - Software Distribution Service 3.0
RP2214: 6/11/2012 6:06:49 PM - System Checkpoint
RP2215: 6/12/2012 6:33:11 AM - Software Distribution Service 3.0
RP2216: 6/14/2012 4:43:46 PM - Software Distribution Service 3.0
RP2217: 6/15/2012 3:14:37 AM - Software Distribution Service 3.0
RP2218: 6/16/2012 9:46:09 AM - Software Distribution Service 3.0
RP2219: 6/17/2012 10:49:28 AM - Software Distribution Service 3.0
RP2220: 6/18/2012 1:29:27 PM - System Checkpoint
RP2221: 6/18/2012 7:32:37 PM - Software Distribution Service 3.0
RP2222: 6/20/2012 8:14:54 AM - Software Distribution Service 3.0
RP2223: 6/21/2012 11:15:25 AM - System Checkpoint
RP2224: 6/22/2012 5:26:21 AM - Removed Java(TM) 6 Update 31
RP2225: 6/22/2012 5:28:00 AM - Installed Java(TM) 6 Update 33
RP2226: 6/22/2012 5:30:22 AM - Software Distribution Service 3.0
RP2227: 6/23/2012 7:57:03 AM - Software Distribution Service 3.0
RP2228: 6/24/2012 7:59:02 AM - Software Distribution Service 3.0
RP2229: 6/25/2012 9:26:47 AM - Software Distribution Service 3.0
RP2230: 6/26/2012 10:08:01 AM - System Checkpoint
RP2231: 6/27/2012 5:51:49 AM - Software Distribution Service 3.0
RP2232: 6/28/2012 9:25:03 AM - Software Distribution Service 3.0
RP2233: 6/29/2012 9:54:42 AM - Software Distribution Service 3.0
RP2234: 6/30/2012 5:51:26 PM - Software Distribution Service 3.0
RP2235: 7/1/2012 6:00:29 PM - System Checkpoint
RP2236: 7/2/2012 9:09:12 AM - Software Distribution Service 3.0
RP2237: 7/3/2012 9:27:28 AM - System Checkpoint
RP2238: 7/3/2012 5:10:28 PM - Software Distribution Service 3.0
RP2239: 7/4/2012 5:57:18 PM - System Checkpoint
RP2240: 7/5/2012 6:20:47 AM - Software Distribution Service 3.0
RP2241: 7/6/2012 8:52:12 AM - Software Distribution Service 3.0
RP2242: 7/7/2012 3:18:55 PM - System Checkpoint
RP2243: 7/7/2012 6:33:33 PM - Software Distribution Service 3.0
RP2244: 7/8/2012 8:01:14 PM - System Checkpoint
RP2245: 7/9/2012 6:10:11 AM - Software Distribution Service 3.0
RP2246: 7/10/2012 9:02:02 AM - Software Distribution Service 3.0
RP2247: 7/12/2012 12:43:36 AM - Software Distribution Service 3.0
RP2248: 7/12/2012 3:16:54 AM - Software Distribution Service 3.0
RP2249: 7/13/2012 10:21:46 AM - Software Distribution Service 3.0
RP2250: 7/14/2012 11:03:16 AM - Software Distribution Service 3.0
RP2251: 7/15/2012 5:03:29 PM - Software Distribution Service 3.0
.
==== Image File Execution Options =============
.
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe
IFEO: Ad-Aware.exe - svchost.exe
IFEO: adaware.exe - svchost.exe
IFEO: advxdwin.exe - svchost.exe
IFEO: AdwarePrj.exe - svchost.exe
IFEO: agent.exe - svchost.exe
IFEO: agentsvr.exe - svchost.exe
IFEO: agentw.exe - svchost.exe
IFEO: alertsvc.exe - svchost.exe
IFEO: alevir.exe - svchost.exe
IFEO: alogserv.exe - svchost.exe
IFEO: AlphaAV - svchost.exe
IFEO: AlphaAV.exe - svchost.exe
IFEO: AluSchedulerSvc.exe - svchost.exe
IFEO: amon9x.exe - svchost.exe
IFEO: Anti-Virus Professional.exe - svchost.exe
IFEO: AntispywarXP2009.exe - svchost.exe
IFEO: antivirus.exe - svchost.exe
IFEO: AntivirusPlus - svchost.exe
IFEO: AntivirusPlus.exe - svchost.exe
IFEO: AntivirusPro_2010.exe - svchost.exe
IFEO: AntivirusXP - svchost.exe
IFEO: AntivirusXP.exe - svchost.exe
IFEO: antivirusxppro2009.exe - svchost.exe
IFEO: AntiVirus_Pro.exe - svchost.exe
IFEO: ants.exe - svchost.exe
IFEO: apimonitor.exe - svchost.exe
IFEO: aplica32.exe - svchost.exe
IFEO: arr.exe - svchost.exe
IFEO: ashAvast.exe - svchost.exe
IFEO: ashBug.exe - svchost.exe
IFEO: ashChest.exe - svchost.exe
IFEO: ashCnsnt.exe - svchost.exe
IFEO: ashDisp.exe - svchost.exe
IFEO: ashLogV.exe - svchost.exe
IFEO: ashMaiSv.exe - svchost.exe
IFEO: ashPopWz.exe - svchost.exe
IFEO: ashQuick.exe - svchost.exe
IFEO: ashServ.exe - svchost.exe
IFEO: ashSimp2.exe - svchost.exe
IFEO: ashSimpl.exe - svchost.exe
IFEO: ashSkPcc.exe - svchost.exe
IFEO: ashSkPck.exe - svchost.exe
IFEO: ashUpd.exe - svchost.exe
IFEO: ashWebSv.exe - svchost.exe
IFEO: aswChLic.exe - svchost.exe
IFEO: aswRegSvr.exe - svchost.exe
IFEO: aswRunDll.exe - svchost.exe
IFEO: aswUpdSv.exe - svchost.exe
IFEO: atcon.exe - svchost.exe
IFEO: atguard.exe - svchost.exe
IFEO: atro55en.exe - svchost.exe
IFEO: atupdater.exe - svchost.exe
IFEO: atwatch.exe - svchost.exe
IFEO: au.exe - svchost.exe
IFEO: aupdate.exe - svchost.exe
IFEO: auto-protect.nav80try.exe - svchost.exe
IFEO: autotrace.exe - svchost.exe
IFEO: autoupdate.exe - svchost.exe
IFEO: av360.exe - svchost.exe
IFEO: avadmin.exe - svchost.exe
IFEO: AVCare.exe - svchost.exe
IFEO: avcenter.exe - svchost.exe
IFEO: avciman.exe - svchost.exe
IFEO: avconfig.exe - svchost.exe
IFEO: AVENGINE.EXE - svchost.exe
IFEO: avgcc32.exe - svchost.exe
IFEO: avgchk.exe - svchost.exe
IFEO: avgcmgr.exe - svchost.exe
IFEO: avgcsrvx.exe - svchost.exe
IFEO: avgdumpx.exe - svchost.exe
IFEO: avgemc.exe - svchost.exe
IFEO: avgiproxy.exe - svchost.exe
IFEO: avgnsx.exe - svchost.exe
IFEO: avgnt.exe - svchost.exe
IFEO: avgrsx.exe - svchost.exe
IFEO: avgscanx.exe - svchost.exe
IFEO: avgserv.exe - svchost.exe
IFEO: avgserv9.exe - svchost.exe
IFEO: avgsrmax.exe - svchost.exe
IFEO: avgtray.exe - svchost.exe
IFEO: avguard.exe - svchost.exe
IFEO: avgui.exe - svchost.exe
IFEO: avgupd.exe - svchost.exe
IFEO: avgw.exe - svchost.exe
IFEO: avgwdsvc.exe - svchost.exe
IFEO: avkpop.exe - svchost.exe
IFEO: avkservice.exe - svchost.exe
IFEO: avkwctl9.exe - svchost.exe
IFEO: avltmain.exe - svchost.exe
IFEO: avmailc.exe - svchost.exe
IFEO: avmcdlg.exe - svchost.exe
IFEO: avnotify.exe - svchost.exe
IFEO: avshadow.exe - svchost.exe
IFEO: avsynmgr.exe - svchost.exe
IFEO: avupgsvc.exe - svchost.exe
IFEO: AVWEBGRD.EXE - svchost.exe
IFEO: avwin.exe - svchost.exe
IFEO: avwinnt.exe - svchost.exe
IFEO: avwsc.exe - svchost.exe
IFEO: avwupd.exe - svchost.exe
IFEO: avwupsrv.exe - svchost.exe
IFEO: avxmonitor9x.exe - svchost.exe
IFEO: avxmonitornt.exe - svchost.exe
IFEO: avxquar.exe - svchost.exe
IFEO: b.exe - svchost.exe
IFEO: backweb.exe - svchost.exe
IFEO: bargains.exe - svchost.exe
IFEO: bdfvcl.exe - svchost.exe
IFEO: bdfvwiz.exe - svchost.exe
IFEO: BDInProcPatch.exe - svchost.exe
IFEO: bdmcon.exe - svchost.exe
IFEO: BDMsnScan.exe - svchost.exe
IFEO: BDSurvey.exe - svchost.exe
IFEO: bd_professional.exe - svchost.exe
IFEO: beagle.exe - svchost.exe
IFEO: belt.exe - svchost.exe
IFEO: bidef.exe - svchost.exe
IFEO: bidserver.exe - svchost.exe
IFEO: bipcp.exe - svchost.exe
IFEO: bipcpevalsetup.exe - svchost.exe
IFEO: bisp.exe - svchost.exe
IFEO: blink.exe - svchost.exe
IFEO: blss.exe - svchost.exe
IFEO: bootconf.exe - svchost.exe
IFEO: bootwarn.exe - svchost.exe
IFEO: borg2.exe - svchost.exe
IFEO: bpc.exe - svchost.exe
IFEO: brasil.exe - svchost.exe
IFEO: brastk.exe - svchost.exe
IFEO: brw.exe - svchost.exe
IFEO: bs120.exe - svchost.exe
IFEO: bspatch.exe - svchost.exe
IFEO: bundle.exe - svchost.exe
IFEO: bvt.exe - svchost.exe
IFEO: c.exe - svchost.exe
IFEO: cavscan.exe - svchost.exe
IFEO: ccapp.exe - svchost.exe
IFEO: ccevtmgr.exe - svchost.exe
IFEO: ccpxysvc.exe - svchost.exe
IFEO: ccSvcHst.exe - svchost.exe
IFEO: cdp.exe - svchost.exe
IFEO: cfd.exe - svchost.exe
IFEO: cfgwiz.exe - svchost.exe
IFEO: cfp.exe - svchost.exe
IFEO: cfpconfg.exe - svchost.exe
IFEO: cfplogvw.exe - svchost.exe
IFEO: cfpupdat.exe - svchost.exe
IFEO: clean.exe - svchost.exe
IFEO: cleanIELow.exe - svchost.exe
IFEO: cleanpc.exe - svchost.exe
IFEO: click.exe - svchost.exe
IFEO: cmd32.exe - svchost.exe
IFEO: cmdagent.exe - svchost.exe
IFEO: cmesys.exe - svchost.exe
IFEO: cmgrdian.exe - svchost.exe
IFEO: cmon016.exe - svchost.exe
IFEO: connectionmonitor.exe - svchost.exe
IFEO: control - svchost.exe
IFEO: cpd.exe - svchost.exe
IFEO: cpf9x206.exe - svchost.exe
IFEO: cpfnt206.exe - svchost.exe
IFEO: crashrep.exe - svchost.exe
IFEO: csc.exe - svchost.exe
IFEO: cssconfg.exe - svchost.exe
IFEO: cssupdat.exe - svchost.exe
IFEO: cssurf.exe - svchost.exe
IFEO: ctrl.exe - svchost.exe
IFEO: cv.exe - svchost.exe
IFEO: cwnb181.exe - svchost.exe
IFEO: cwntdwmo.exe - svchost.exe
IFEO: d.exe - svchost.exe
IFEO: datemanager.exe - svchost.exe
IFEO: dcomx.exe - svchost.exe
IFEO: defalert.exe - svchost.exe
IFEO: defscangui.exe - svchost.exe
IFEO: defwatch.exe - svchost.exe
IFEO: deloeminfs.exe - svchost.exe
IFEO: deputy.exe - svchost.exe
IFEO: divx.exe - svchost.exe
IFEO: dllcache.exe - svchost.exe
IFEO: dllreg.exe - svchost.exe
IFEO: doors.exe - svchost.exe
IFEO: dop.exe - svchost.exe
IFEO: dpf.exe - svchost.exe
IFEO: dpfsetup.exe - svchost.exe
IFEO: dpps2.exe - svchost.exe
IFEO: driverctrl.exe - svchost.exe
IFEO: drwatson.exe - svchost.exe
IFEO: drweb32.exe - svchost.exe
IFEO: drwebupw.exe - svchost.exe
IFEO: dssagent.exe - svchost.exe
IFEO: efpeadm.exe - svchost.exe
IFEO: emsw.exe - svchost.exe
IFEO: ent.exe - svchost.exe
IFEO: escanhnt.exe - svchost.exe
IFEO: escanv95.exe - svchost.exe
IFEO: espwatch.exe - svchost.exe
IFEO: ethereal.exe - svchost.exe
IFEO: etrustcipe.exe - svchost.exe
IFEO: evpn.exe - svchost.exe
IFEO: exantivirus-cnet.exe - svchost.exe
IFEO: exe.avxw.exe - svchost.exe
IFEO: expert.exe - svchost.exe
IFEO: explore.exe - svchost.exe
IFEO: fact.exe - svchost.exe
IFEO: fameh32.exe - svchost.exe
IFEO: fast.exe - svchost.exe
IFEO: fch32.exe - svchost.exe
IFEO: fih32.exe - svchost.exe
IFEO: firewall.exe - svchost.exe
IFEO: fixcfg.exe - svchost.exe
IFEO: fixfp.exe - svchost.exe
IFEO: fnrb32.exe - svchost.exe
IFEO: fp-win_trial.exe - svchost.exe
IFEO: frmwrk32.exe - svchost.exe
IFEO: fsaa.exe - svchost.exe
IFEO: fsav.exe - svchost.exe
IFEO: fsav32.exe - svchost.exe
IFEO: fsav530stbyb.exe - svchost.exe
IFEO: fsav530wtbyb.exe - svchost.exe
IFEO: fsav95.exe - svchost.exe
IFEO: fsgk32.exe - svchost.exe
IFEO: fsm32.exe - svchost.exe
IFEO: fsma32.exe - svchost.exe
IFEO: fsmb32.exe - svchost.exe
IFEO: gator.exe - svchost.exe
IFEO: gav.exe - svchost.exe
IFEO: gbmenu.exe - svchost.exe
IFEO: gbn976rl.exe - svchost.exe
IFEO: gbpoll.exe - svchost.exe
IFEO: generics.exe - svchost.exe
IFEO: gmt.exe - svchost.exe
IFEO: guard.exe - svchost.exe
IFEO: guarddog.exe - svchost.exe
IFEO: guardgui.exe - svchost.exe
IFEO: guardxkickoff.exe - svchost.exe
IFEO: hacktracersetup.exe - svchost.exe
IFEO: hbinst.exe - svchost.exe
IFEO: hbsrv.exe - svchost.exe
IFEO: History.exe - svchost.exe
IFEO: homeav2010.exe - svchost.exe
IFEO: hotactio.exe - svchost.exe
IFEO: hotpatch.exe - svchost.exe
IFEO: htlog.exe - svchost.exe
IFEO: htpatch.exe - svchost.exe
IFEO: hwpe.exe - svchost.exe
IFEO: hxdl.exe - svchost.exe
IFEO: hxiul.exe - svchost.exe
IFEO: iamstats.exe - svchost.exe
IFEO: Identity.exe - svchost.exe
IFEO: idle.exe - svchost.exe
IFEO: iedll.exe - svchost.exe
IFEO: iedriver.exe - svchost.exe
IFEO: IEShow.exe - svchost.exe
IFEO: ifw2000.exe - svchost.exe
IFEO: inetlnfo.exe - svchost.exe
IFEO: infus.exe - svchost.exe
IFEO: infwin.exe - svchost.exe
IFEO: init.exe - svchost.exe
IFEO: init32.exe - svchost.exe
IFEO: install[1].exe - svchost.exe
IFEO: install[2].exe - svchost.exe
IFEO: install[3].exe - svchost.exe
IFEO: install[4].exe - svchost.exe
IFEO: install[5].exe - svchost.exe
IFEO: intdel.exe - svchost.exe
IFEO: intren.exe - svchost.exe
IFEO: istsvc.exe - svchost.exe
IFEO: jammer.exe - svchost.exe
IFEO: jdbgmrg.exe - svchost.exe
IFEO: JsRcGen.exe - svchost.exe
IFEO: kavlite40eng.exe - svchost.exe
IFEO: kavpers40eng.exe - svchost.exe
IFEO: kavpf.exe - svchost.exe
IFEO: kazza.exe - svchost.exe
IFEO: keenvalue.exe - svchost.exe
IFEO: kerio-pf-213-en-win.exe - svchost.exe
IFEO: kerio-wrl-421-en-win.exe - svchost.exe
IFEO: kerio-wrp-421-en-win.exe - svchost.exe
IFEO: killprocesssetup161.exe - svchost.exe
IFEO: ldnetmon.exe - svchost.exe
IFEO: ldpro.exe - svchost.exe
IFEO: ldpromenu.exe - svchost.exe
IFEO: ldscan.exe - svchost.exe
IFEO: licmgr.exe - svchost.exe
IFEO: lnetinfo.exe - svchost.exe
IFEO: loader.exe - svchost.exe
IFEO: localnet.exe - svchost.exe
IFEO: lockdown.exe - svchost.exe
IFEO: lordpe.exe - svchost.exe
IFEO: lsetup.exe - svchost.exe
IFEO: luau.exe - svchost.exe
IFEO: lucomserver.exe - svchost.exe
IFEO: luinit.exe - svchost.exe
IFEO: luspt.exe - svchost.exe
IFEO: MalwareRemoval.exe - svchost.exe
IFEO: mapisvc32.exe - svchost.exe
IFEO: mbam.exe - svchost.exe
IFEO: mbamgui.exe - svchost.exe
IFEO: mbamservice.exe - svchost.exe
IFEO: mcagent.exe - svchost.exe
IFEO: mcmnhdlr.exe - svchost.exe
IFEO: mcmpeng.exe - svchost.exe
IFEO: mcmscsvc.exe - svchost.exe
IFEO: mcnasvc.exe - svchost.exe
IFEO: mcproxy.exe - svchost.exe
IFEO: McSACore.exe - svchost.exe
IFEO: mcshell.exe - svchost.exe
IFEO: mcshield.exe - svchost.exe
IFEO: mcsysmon.exe - svchost.exe
IFEO: mctool.exe - svchost.exe
IFEO: mcupdate.exe - svchost.exe
IFEO: mcvsrte.exe - svchost.exe
IFEO: mcvsshld.exe - svchost.exe
IFEO: md.exe - svchost.exe
IFEO: mfin32.exe - svchost.exe
IFEO: mfw2en.exe - svchost.exe
IFEO: mfweng3.02d30.exe - svchost.exe
IFEO: mgavrtcl.exe - svchost.exe
IFEO: mgavrte.exe - svchost.exe
IFEO: mghtml.exe - svchost.exe
IFEO: mgui.exe - svchost.exe
IFEO: minilog.exe - svchost.exe
IFEO: mmod.exe - svchost.exe
IFEO: monitor.exe - svchost.exe
IFEO: mostat.exe - svchost.exe
IFEO: mpfagent.exe - svchost.exe
IFEO: mpfservice.exe - svchost.exe
IFEO: MPFSrv.exe - svchost.exe
IFEO: mrflux.exe - svchost.exe
IFEO: mrt.exe - svchost.exe
IFEO: msa.exe - svchost.exe
IFEO: msapp.exe - svchost.exe
IFEO: msbb.exe - svchost.exe
IFEO: msblast.exe - svchost.exe
IFEO: mscache.exe - svchost.exe
IFEO: msccn32.exe - svchost.exe
IFEO: mscman.exe - svchost.exe
IFEO: msconfig - svchost.exe
IFEO: msdm.exe - svchost.exe
IFEO: msdos.exe - svchost.exe
IFEO: msiexec16.exe - svchost.exe
IFEO: mslaugh.exe - svchost.exe
IFEO: msmgt.exe - svchost.exe
IFEO: msmsgri32.exe - svchost.exe
IFEO: mssmmc32.exe - svchost.exe
IFEO: mssys.exe - svchost.exe
IFEO: msvxd.exe - svchost.exe
IFEO: mu0311ad.exe - svchost.exe
IFEO: mwatch.exe - svchost.exe
IFEO: nav.exe - svchost.exe
IFEO: navap.navapsvc.exe - svchost.exe
IFEO: navdx.exe - svchost.exe
IFEO: navstub.exe - svchost.exe
IFEO: nc2000.exe - svchost.exe
IFEO: ncinst4.exe - svchost.exe
IFEO: ndd32.exe - svchost.exe
IFEO: neomonitor.exe - svchost.exe
IFEO: neowatchlog.exe - svchost.exe
IFEO: netarmor.exe - svchost.exe
IFEO: netd32.exe - svchost.exe
IFEO: netinfo.exe - svchost.exe
IFEO: netmon.exe - svchost.exe
IFEO: netscanpro.exe - svchost.exe
IFEO: netspyhunter-1.2.exe - svchost.exe
IFEO: netutils.exe - svchost.exe
IFEO: nisserv.exe - svchost.exe
IFEO: nmain.exe - svchost.exe
IFEO: nod32.exe - svchost.exe
IFEO: norton_internet_secu_3.0_407.exe - svchost.exe
IFEO: notstart.exe - svchost.exe
IFEO: npf40_tw_98_nt_me_2k.exe - svchost.exe
IFEO: npfmessenger.exe - svchost.exe
IFEO: nprotect.exe - svchost.exe
IFEO: npscheck.exe - svchost.exe
IFEO: npssvc.exe - svchost.exe
IFEO: nsched32.exe - svchost.exe
IFEO: nssys32.exe - svchost.exe
IFEO: nstask32.exe - svchost.exe
IFEO: nsupdate.exe - svchost.exe
IFEO: nt.exe - svchost.exe
IFEO: ntrtscan.exe - svchost.exe
IFEO: ntvdm.exe - svchost.exe
IFEO: ntxconfig.exe - svchost.exe
IFEO: nui.exe - svchost.exe
IFEO: nvarch16.exe - svchost.exe
IFEO: nvsvc32.exe - svchost.exe
IFEO: nwinst4.exe - svchost.exe
IFEO: nwservice.exe - svchost.exe
IFEO: nwtool16.exe - svchost.exe
IFEO: OAcat.exe - svchost.exe
IFEO: OAhlp.exe - svchost.exe
IFEO: OAReg.exe - svchost.exe
IFEO: oasrv.exe - svchost.exe
IFEO: oaui.exe - svchost.exe
IFEO: oaview.exe - svchost.exe
IFEO: ODSW.exe - svchost.exe
IFEO: ollydbg.exe - svchost.exe
IFEO: onsrvr.exe - svchost.exe
IFEO: optimize.exe - svchost.exe
IFEO: ostronet.exe - svchost.exe
IFEO: otfix.exe - svchost.exe
IFEO: outpost.exe - svchost.exe
IFEO: outpostinstall.exe - svchost.exe
IFEO: outpostproinstall.exe - svchost.exe
IFEO: ozn695m5.exe - svchost.exe
IFEO: padmin.exe - svchost.exe
IFEO: panixk.exe - svchost.exe
IFEO: patch.exe - svchost.exe
IFEO: pav.exe - svchost.exe
IFEO: PavFnSvr.exe - svchost.exe
IFEO: pavproxy.exe - svchost.exe
IFEO: pavprsrv.exe - svchost.exe
IFEO: pavsrv51.exe - svchost.exe
IFEO: pc.exe - svchost.exe
IFEO: pcip10117_0.exe - svchost.exe
IFEO: pcscan.exe - svchost.exe
IFEO: pctsAuxs.exe - svchost.exe
IFEO: pctsGui.exe - svchost.exe
IFEO: pctsSvc.exe - svchost.exe
IFEO: pctsTray.exe - svchost.exe
IFEO: PC_Antispyware2010.exe - svchost.exe
IFEO: pdfndr.exe - svchost.exe
IFEO: pdsetup.exe - svchost.exe
IFEO: PerAvir.exe - svchost.exe
IFEO: periscope.exe - svchost.exe
IFEO: personalguard - svchost.exe
IFEO: personalguard.exe - svchost.exe
IFEO: perswf.exe - svchost.exe
IFEO: pf2.exe - svchost.exe
IFEO: pfwadmin.exe - svchost.exe
IFEO: pgmonitr.exe - svchost.exe
IFEO: pingscan.exe - svchost.exe
IFEO: platin.exe - svchost.exe
IFEO: pop3trap.exe - svchost.exe
IFEO: poproxy.exe - svchost.exe
IFEO: popscan.exe - svchost.exe
IFEO: portdetective.exe - svchost.exe
IFEO: portmonitor.exe - svchost.exe
IFEO: powerscan.exe - svchost.exe
IFEO: ppinupdt.exe - svchost.exe
IFEO: pptbc.exe - svchost.exe
IFEO: ppvstop.exe - svchost.exe
IFEO: prizesurfer.exe - svchost.exe
IFEO: prmt.exe - svchost.exe
IFEO: prmvr.exe - svchost.exe
IFEO: procdump.exe - svchost.exe
IFEO: processmonitor.exe - svchost.exe
IFEO: procexplorerv1.0.exe - svchost.exe
IFEO: programauditor.exe - svchost.exe
IFEO: proport.exe - svchost.exe
IFEO: protector.exe - svchost.exe
IFEO: protectx.exe - svchost.exe
IFEO: PSANCU.exe - svchost.exe
IFEO: PSANHost.exe - svchost.exe
IFEO: PSANToManager.exe - svchost.exe
IFEO: PsCtrls.exe - svchost.exe
IFEO: PsImSvc.exe - svchost.exe
IFEO: PskSvc.exe - svchost.exe
IFEO: pspf.exe - svchost.exe
IFEO: PSUNMain.exe - svchost.exe
IFEO: purge.exe - svchost.exe
IFEO: qconsole.exe - svchost.exe
IFEO: qh.exe - svchost.exe
IFEO: qserver.exe - svchost.exe
IFEO: Quick Heal.exe - svchost.exe
IFEO: QuickHealCleaner.exe - svchost.exe
IFEO: rapapp.exe - svchost.exe
IFEO: rav8win32eng.exe - svchost.exe
IFEO: ray.exe - svchost.exe
IFEO: rb32.exe - svchost.exe
IFEO: rcsync.exe - svchost.exe
IFEO: realmon.exe - svchost.exe
IFEO: reged.exe - svchost.exe
IFEO: regedt32.exe - svchost.exe
IFEO: rescue.exe - svchost.exe
IFEO: rescue32.exe - svchost.exe
IFEO: rrguard.exe - svchost.exe
IFEO: rscdwld.exe - svchost.exe
IFEO: rshell.exe - svchost.exe
IFEO: rtvscan.exe - svchost.exe
IFEO: rtvscn95.exe - svchost.exe
IFEO: rulaunch.exe - svchost.exe
IFEO: rwg - svchost.exe
IFEO: rwg.exe - svchost.exe
IFEO: SafetyKeeper.exe - svchost.exe
IFEO: sahagent.exe - svchost.exe
IFEO: Save.exe - svchost.exe
IFEO: SaveArmor.exe - svchost.exe
IFEO: SaveDefense.exe - svchost.exe
IFEO: SaveKeep.exe - svchost.exe
IFEO: savenow.exe - svchost.exe
IFEO: sbserv.exe - svchost.exe
IFEO: sc.exe - svchost.exe
IFEO: scam32.exe - svchost.exe
IFEO: Secure Veteran.exe - svchost.exe
IFEO: secureveteran.exe - svchost.exe
IFEO: Security Center.exe - svchost.exe
IFEO: SecurityFighter.exe - svchost.exe
IFEO: securitysoldier.exe - svchost.exe
IFEO: setloadorder.exe - svchost.exe
IFEO: setupvameeval.exe - svchost.exe
IFEO: setup_flowprotector_us.exe - svchost.exe
IFEO: sgssfw32.exe - svchost.exe
IFEO: sh.exe - svchost.exe
IFEO: shellspyinstall.exe - svchost.exe
IFEO: shield.exe - svchost.exe
IFEO: shn.exe - svchost.exe
IFEO: showbehind.exe - svchost.exe
IFEO: signcheck.exe - svchost.exe
IFEO: smart.exe - svchost.exe
IFEO: smartprotector.exe - svchost.exe
IFEO: smrtdefp.exe - svchost.exe
IFEO: sms.exe - svchost.exe
IFEO: smss32.exe - svchost.exe
IFEO: snetcfg.exe - svchost.exe
IFEO: soap.exe - svchost.exe
IFEO: sofi.exe - svchost.exe
IFEO: SoftSafeness.exe - svchost.exe
IFEO: sperm.exe - svchost.exe
IFEO: spf.exe - svchost.exe
IFEO: spoler.exe - svchost.exe
IFEO: spoolcv.exe - svchost.exe
IFEO: spoolsv32.exe - svchost.exe
IFEO: spywarexpguard.exe - svchost.exe
IFEO: spyxx.exe - svchost.exe
IFEO: srexe.exe - svchost.exe
IFEO: srng.exe - svchost.exe
IFEO: ss3edit.exe - svchost.exe
IFEO: ssgrate.exe - svchost.exe
IFEO: ssg_4104.exe - svchost.exe
IFEO: st2.exe - svchost.exe
IFEO: start.exe - svchost.exe
IFEO: stcloader.exe - svchost.exe
IFEO: supftrl.exe - svchost.exe
IFEO: support.exe - svchost.exe
IFEO: supporter5.exe - svchost.exe
IFEO: svc.exe - svchost.exe
IFEO: svchostc.exe - svchost.exe
IFEO: svchosts.exe - svchost.exe
IFEO: svshost.exe - svchost.exe
IFEO: sweepnet.sweepsrv.sys.swnetsup.exe - svchost.exe
IFEO: symlcsvc.exe - svchost.exe
IFEO: symproxysvc.exe - svchost.exe
IFEO: symtray.exe - svchost.exe
IFEO: system.exe - svchost.exe
IFEO: system32.exe - svchost.exe
IFEO: sysupd.exe - svchost.exe
IFEO: tapinstall.exe - svchost.exe
IFEO: taumon.exe - svchost.exe
IFEO: tc.exe - svchost.exe
IFEO: tcm.exe - svchost.exe
IFEO: tds-3.exe - svchost.exe
IFEO: teekids.exe - svchost.exe
IFEO: tfak.exe - svchost.exe
IFEO: tfak5.exe - svchost.exe
IFEO: tgbob.exe - svchost.exe
IFEO: titanin.exe - svchost.exe
IFEO: titaninxp.exe - svchost.exe
IFEO: TPSrv.exe - svchost.exe
IFEO: trickler.exe - svchost.exe
IFEO: trjscan.exe - svchost.exe
IFEO: trjsetup.exe - svchost.exe
IFEO: trojantrap3.exe - svchost.exe
IFEO: TrustWarrior.exe - svchost.exe
IFEO: tsadbot.exe - svchost.exe
IFEO: tsc.exe - svchost.exe
IFEO: tvmd.exe - svchost.exe
IFEO: tvtmd.exe - svchost.exe
IFEO: undoboot.exe - svchost.exe
IFEO: updat.exe - svchost.exe
IFEO: upgrad.exe - svchost.exe
IFEO: utpost.exe - svchost.exe
IFEO: vbcmserv.exe - svchost.exe
IFEO: vbcons.exe - svchost.exe
IFEO: vbust.exe - svchost.exe
IFEO: vbwin9x.exe - svchost.exe
IFEO: vbwinntw.exe - svchost.exe
IFEO: vcsetup.exe - svchost.exe
IFEO: vet32.exe - svchost.exe
IFEO: vfsetup.exe - svchost.exe
IFEO: vir-help.exe - svchost.exe
IFEO: virusmdpersonalfirewall.exe - svchost.exe
IFEO: virusutilities.exe - svchost.exe
IFEO: VisthAux.exe - svchost.exe
IFEO: VisthLic.exe - svchost.exe
IFEO: VisthUpd.exe - svchost.exe
IFEO: vnlan300.exe - svchost.exe
IFEO: vnpc3000.exe - svchost.exe
IFEO: vpc32.exe - svchost.exe
IFEO: vpc42.exe - svchost.exe
IFEO: vpfw30s.exe - svchost.exe
IFEO: vptray.exe - svchost.exe
IFEO: vscenu6.02d30.exe - svchost.exe
IFEO: vsched.exe - svchost.exe
IFEO: vsisetup.exe - svchost.exe
IFEO: vsmain.exe - svchost.exe
IFEO: vsmon.exe - svchost.exe
IFEO: vswin9xe.exe - svchost.exe
IFEO: vswinntse.exe - svchost.exe
IFEO: vswinperse.exe - svchost.exe
IFEO: w32dsm89.exe - svchost.exe
IFEO: W3asbas.exe - svchost.exe
IFEO: w9x.exe - svchost.exe
IFEO: watchdog.exe - svchost.exe
IFEO: webdav.exe - svchost.exe
IFEO: WebProxy.exe - svchost.exe
IFEO: webtrap.exe - svchost.exe
IFEO: whoswatchingme.exe - svchost.exe
IFEO: wimmun32.exe - svchost.exe
IFEO: win-bugsfix.exe - svchost.exe
IFEO: win32.exe - svchost.exe
IFEO: win32us.exe - svchost.exe
IFEO: winactive.exe - svchost.exe
IFEO: winav.exe - svchost.exe
IFEO: windll32.exe - svchost.exe
IFEO: window.exe - svchost.exe
IFEO: windows Police Pro.exe - svchost.exe
IFEO: windows.exe - svchost.exe
IFEO: wininetd.exe - svchost.exe
IFEO: wininitx.exe - svchost.exe
IFEO: winlogin.exe - svchost.exe
IFEO: winmain.exe - svchost.exe
IFEO: winppr32.exe - svchost.exe
IFEO: winrecon.exe - svchost.exe
IFEO: winservn.exe - svchost.exe
IFEO: winssk32.exe - svchost.exe
IFEO: winstart.exe - svchost.exe
IFEO: winstart001.exe - svchost.exe
IFEO: wintsk32.exe - svchost.exe
IFEO: winupdate.exe - svchost.exe
IFEO: wkufind.exe - svchost.exe
IFEO: wnad.exe - svchost.exe
IFEO: wnt.exe - svchost.exe
IFEO: wradmin.exe - svchost.exe
IFEO: wrctrl.exe - svchost.exe
IFEO: wsbgate.exe - svchost.exe
IFEO: wscfxas.exe - svchost.exe
IFEO: wscfxav.exe - svchost.exe
IFEO: wscfxfw.exe - svchost.exe
IFEO: wsctool.exe - svchost.exe
IFEO: wupdater.exe - svchost.exe
IFEO: wupdt.exe - svchost.exe
IFEO: wyvernworksfirewall.exe - svchost.exe
IFEO: xpdeluxe.exe - svchost.exe
IFEO: xpf202en.exe - svchost.exe
IFEO: xp_antispyware.exe - svchost.exe
IFEO: zapro.exe - svchost.exe
IFEO: zapsetup3001.exe - svchost.exe
IFEO: zatutor.exe - svchost.exe
IFEO: zonalm2601.exe - svchost.exe
IFEO: ~1.exe - svchost.exe
IFEO: ~2.exe - svchost.exe
.
==== Installed Programs ======================
.
.
Sansa Media Converter
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Amazon MP3 Downloader 1.0.10
AnswerWorks 4.0 Runtime - English
ArcSoft PhotoImpression 5
ArcSoft PhotoStudio 5.5
Banctec Service Agreement
CA Pest Patrol Realtime Protection
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner
CDDRV_Installer
CK McCormick Creative Clips & fonts
ClickArtŪ Fonts 2
Comcast High-Speed Internet Install Wizard
Comcast Toolbar 3.0
Compatibility Pack for the 2007 Office system
Conexant SmartHSFi V92 56K DF PCI Modem
Creating Keepsakes Scrapbook Designer
Critical Update for Windows Media Player 11 (KB959772)
DAO
Dell Digital Jukebox Driver
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support 5.0.0 (766)
DesignPro 5.0 Media Edition
Digital Line Detect
DVDSentry
EarthLink Free Trial
Easy CD Creator 5 Basic
EPSON Print CD
EPSON Printer Software
EPSON Stylus Photo R380 User's Guide
erLT
Excel 2000 Quattro Pro 7.0 Converter
exPressit S.E. 2.2
Facebook Plug-In
FlipShare
Free Window Registry Repair
Google Chrome
Google Earth
Google Updater
Helix Producer Basic 9
Help and Support Customization
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Image Resizer Powertoy for Windows XP
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet
Internet Explorer Q903235
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 8
Java Auto Updater
Java Web Start
Java(TM) 6 Update 33
Java(TM) 6 Update 7
Learn2 Player (Uninstall Only)
Lizardtech DjVu Control (autoinstall)
Logitech Desktop Messenger
Logitech MouseWare 9.79.1
Logitech Resource Center
Malwarebytes Anti-Malware version 1.61.0.1400
MapSource - Americas BlueChart v4.00
MediaFACE 4.0
MediaFACE 4.0 Business Image Library
MediaFACE 4.0 General Image Library
MediaFACE 4.0 Lifestyle Image Library
MediaFACE 4.0 Music Image Library
MediaFACE 4.0 Special Occasion Image Library
MediaFACE 4.0 Spiritual Image Library
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft FrontPage 2002
Microsoft Image Composer 1.5
Microsoft Interactive Training
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Converter Pack
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office XP Media Content
Microsoft Office XP Web Components
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Modem Helper
Move Networks Media Player for Internet Explorer
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Musicnotes Software Suite 1.5.3
Nero Suite
NetWaiting
NOOK for PC
NVIDIA Display Driver
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PaperPort 8.0 SE
POINT
PowerDVD
QuickTime
RealPlayer
Revo Uninstaller 1.91
Score Writer 2.6
Seagate Manager Installer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975254)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
Sibelius Scorch (ActiveX Only)
Sound Blaster Live!
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
SpywareBlaster 4.6
swMSM
The Print Shop 20
The Print Shop Premium Fonts
TurboTax 2010
TurboTax 2010 wiliper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wiliper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visioneer OneTouch 9320
Walmart MP3 Music Downloads
WebFldrs XP
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip
Yahoo! Customizations
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
.
==== Event Viewer Messages From Past Week ========
.
7/12/2012 10:51:38 AM, error: Print [19] - Sharing printer failed + 1722, Printer PaperPort Color share name Printer.
7/11/2012 9:04:55 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdudf_xp Fips intelppm MpFilter
7/11/2012 9:04:55 AM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
7/11/2012 9:04:55 AM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
7/11/2012 9:04:55 AM, error: Service Control Manager [7001] - The FTP Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
7/11/2012 9:04:55 AM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
7/11/2012 7:39:11 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVIDIA Display Driver Service service to connect.
7/11/2012 7:39:11 PM, error: Service Control Manager [7000] - The RCA CDS1000 640x480 Driver service failed to start due to the following error: The system cannot find the file specified.
7/11/2012 7:39:11 PM, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/11/2012 7:38:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/11/2012 4:28:59 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/11/2012 3:49:39 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/11/2012 11:02:54 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.1379.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
7/10/2012 4:32:53 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
7/10/2012 4:01:51 PM, error: Service Control Manager [7000] - The 6282009drv service failed to start due to the following error: Access is denied.
.
==== End Of File ===========================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-16 11:33:32
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3120023A rev.3.33
Running: 5dk4i7z5.exe; Driver: C:\DOCUME~1\MARYJO~1\LOCALS~1\Temp\uxlyrpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB9B2E340, 0x121A5F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012380, 0x25BA81, 0xF8000020]
? C:\DOCUME~1\MARYJO~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)

Device \FileSystem\Fastfat \Fat B283ED20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)

---- EOF - GMER 1.0.15 ----

Thanks for your help
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,944 posts.
 
Join Date: Aug 2003
16-Jul-2012, 02:28 PM #4
Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
Ciera2455's Avatar
Ciera2455 Ciera2455 is offline
Member with 41 posts.
THREAD STARTER
 
Join Date: Oct 2002
Location: Illinois
18-Jul-2012, 04:25 PM #5
ComboFix log
ComboFix 12-07-16.01 - Mary Jo 07/18/2012 2:26.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1417 [GMT -5:00]
Running from: c:\documents and settings\Mary Jo\Desktop\ComboFix.exe
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall Pro *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DirectCDUserNameE.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Mary Jo\WINDOWS
c:\documents and settings\Rick\WINDOWS
c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin2.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin3.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin5.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin6.dll
c:\program files\QuickTime\Plugins\npqtplugin2.dll
c:\program files\QuickTime\Plugins\npqtplugin3.dll
c:\program files\QuickTime\Plugins\npqtplugin4.dll
c:\program files\QuickTime\Plugins\npqtplugin5.dll
c:\program files\QuickTime\Plugins\npqtplugin6.dll
c:\program files\Search Toolbar
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\system32\Cache
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SET8B.tmp
c:\windows\system32\SET8E.tmp
c:\windows\system32\SET91.tmp
c:\windows\system32\SET94.tmp
c:\windows\system32\SET97.tmp
c:\windows\system32\SET9A.tmp
F:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
.
.
2012-07-18 02:45 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B765DA97-88D0-4693-A9AC-DD8E16B7A417}\mpengine.dll
2012-07-17 22:08 . 2012-07-17 22:08 1409 ----a-w- c:\windows\QTFont.for
2012-07-16 23:40 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-16 16:35 . 2012-07-16 16:36 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-16 16:35 . 2012-07-16 16:35 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-16 13:32 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-12 03:45 . 2012-07-12 03:47 -------- d-----w- c:\program files\SpywareBlaster
2012-07-11 09:12 . 2012-07-11 09:12 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-07-11 08:49 . 2012-07-11 08:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-07-10 20:28 . 2012-07-10 20:28 106496 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2012-06-22 10:29 . 2012-06-22 10:28 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 06:30 . 2012-04-12 03:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 06:30 . 2011-05-15 03:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 10:28 . 2008-11-11 01:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-22 10:28 . 2010-04-25 15:23 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:19 . 2002-08-29 10:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2009-08-19 23:07 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-26 18:54 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2002-08-29 10:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2007-05-31 23:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2007-05-31 23:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2004-08-03 19:03 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2004-08-03 19:02 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2004-08-03 18:59 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2007-05-31 23:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2005-05-26 09:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2004-08-03 19:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2004-08-03 18:59 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2002-08-29 10:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2007-05-31 23:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2004-08-03 19:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2002-08-29 10:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2007-06-01 23:31 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 20:18 . 2006-09-05 00:02 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18 . 2006-02-12 09:41 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2002-09-23 20:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2005-04-27 15:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2002-08-29 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2002-08-29 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12 . 1980-01-01 05:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 1980-01-01 05:00 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2002-08-29 10:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2003-08-07 14:25 . 2003-08-07 14:25 11066953 ------w- c:\program files\Helix_Producer_Basic_9.0.1_Setup.exe
2012-07-16 16:35 . 2011-09-30 15:19 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-12-04 1622488]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-10-06 49152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-31 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-19 185872]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoa dGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creating Keepsakes Scrapbook Designer Event Reminder.lnk]
backup=c:\windows\pss\Creating Keepsakes Scrapbook Designer Event Reminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
backup=c:\windows\pss\ymetray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 23:25 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
2003-08-18 13:12 98304 ------w- c:\program files\Visioneer OneTouch\OneTouchMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-01-31 17:24 98304 ------w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-01-19 06:38 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"24726:TCP"= 24726:TCP:FlipShareServer
"24727:TCP"= 24727:TCP:FlipShareServer
.
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [3/16/2009 4:37 PM 616408]
R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [5/6/2011 12:58 PM 1085440]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/26/2009 12:32 AM 189736]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 6:53 PM 13672]
S1 areawcjv;areawcjv;\??\c:\windows\system32\drivers\areawcjv.sys --> c:\windows\system32\drivers\areawcjv.sys [?]
S2 USBDriver;RCA CDS1000 640x480 Driver;c:\windows\system32\Drivers\cds1000.sys --> c:\windows\system32\Drivers\cds1000.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [4/11/2012 10:04 PM 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/3/2012 9:03 PM 113120]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 06:30]
.
2012-07-17 c:\windows\Tasks\Backup.job
- c:\windows\SYSTEM32\ntbackup.exe [2002-08-29 00:12]
.
2012-07-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-31 23:20]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2589259409-1540086843-2969841051-1005Core.job
- c:\documents and settings\Mary Jo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-01 03:33]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2589259409-1540086843-2969841051-1005UA.job
- c:\documents and settings\Mary Jo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-01 03:33]
.
2009-05-19 c:\windows\Tasks\Initial Backup.job
- c:\windows\system32\ntbackup.exe [2002-08-29 00:12]
.
2003-05-15 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
2012-07-18 c:\windows\Tasks\User_Feed_Synchronization-{C3B178F0-672A-40FB-BCFD-2061D6CE3E75}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/a/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.yahoo.com/search?p=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: sumtotalsystems.com\allstate
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://69.129.103.82:8000/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Mary Jo\Application Data\Mozilla\Firefox\Profiles\aapazohb.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Free Window Registry Repair - c:\progra~1\FREEWI~1\UNWISE.EXE
AddRemove-Motorola USB Modem Installation - c:\program files\Motorola Inc.\Motorola USB Modem Installation\Uninst.isu
AddRemove-Score Writer 2.6 - c:\windows\unvise32.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-18 02:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2589259409-1540086843-2969841051-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(512)
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
.
Completion time: 2012-07-18 02:45:13
ComboFix-quarantined-files.txt 2012-07-18 07:44
.
Pre-Run: 66,632,929,280 bytes free
Post-Run: 67,259,162,624 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 3CC7AB5ECA67B0125EF8FCA614D9D587
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,944 posts.
 
Join Date: Aug 2003
19-Jul-2012, 01:26 PM #6
Download OTL to your Desktop.
  • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under Custom Scans/Fixes type in Netsvcs
  • Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long.
  • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy and paste the contents of both of these files here in your next reply.
Ciera2455's Avatar
Ciera2455 Ciera2455 is offline
Member with 41 posts.
THREAD STARTER
 
Join Date: Oct 2002
Location: Illinois
23-Jul-2012, 02:13 PM #7
OTL
Have downloaded OTL 4 times and keep getting an error message when trying to run.

"OTL has encountered a problem and needs to close". See attached.

Any suggestions???

Thanks for your help.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,944 posts.
 
Join Date: Aug 2003
23-Jul-2012, 06:02 PM #8
Go to Start - Run and copy and paste the following then click OK:

regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options"

You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. Please open it in Notepad and then copy and paste the report here.
Ciera2455's Avatar
Ciera2455 Ciera2455 is offline
Member with 41 posts.
THREAD STARTER
 
Join Date: Oct 2002
Location: Illinois
25-Jul-2012, 01:59 PM #9
help.txt
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,90,04,34,00,00,00, 56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00, \
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,00,00,07,00,0b,00,00,00,00, \
00,07,00,0b,00,00,00,3f,00,00,00,02,00,00,00,04,00,01,00,01,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,44,00,00,00,01,00,56,00,61,00,72,00,46,00,69, \
00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,00,00,24,00,04,00,00,00,54,00, \
72,00,61,00,6e,00,73,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00,09, \
04,e4,04,f0,03,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00, \
6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,cc,03,00,00,01,00,30,00,34,00,30, \
00,39,00,30,00,34,00,45,00,34,00,00,00,4a,00,19,00,01,00,43,00,6f,00,6d,00, \
6d,00,65,00,6e,00,74,00,73,00,00,00,43,00,72,00,79,00,73,00,74,00,61,00,6c, \
00,20,00,53,00,51,00,4c,00,20,00,44,00,65,00,73,00,69,00,67,00,6e,00,65,00, \
72,00,20,00,37,00,2e,00,30,00,00,00,00,00,88,00,34,00,01,00,43,00,6f,00,6d, \
00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,53,00,65,00, \
61,00,67,00,61,00,74,00,65,00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72, \
00,65,00,20,00,49,00,6e,00,66,00,6f,00,72,00,6d,00,61,00,74,00,69,00,6f,00, \
6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,20, \
00,47,00,72,00,6f,00,75,00,70,00,2c,00,20,00,49,00,6e,00,63,00,2e,00,00,00, \
ae,00,45,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72, \
00,69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00, \
68,00,74,00,20,00,28,00,63,00,29,00,20,00,31,00,39,00,39,00,31,00,2d,00,31, \
00,39,00,39,00,10,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE]
"DisableHeapLookAside"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe]
"ApplicationGoo"=hex:54,09,00,00,54,02,00,00,00,02,00,00,8c,03,34,00,00,00, 56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00, \
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,02,00,a8,11,2e,04,00,00,02, \
00,a8,11,2e,04,00,00,3f,00,00,00,20,00,00,00,04,00,00,00,01,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,ec,02,00,00,01,00,53,00,74,00,72,00,69,00,6e, \
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,c8,02,00,00, \
01,00,30,00,30,00,30,00,30,00,30,00,34,00,62,00,30,00,00,00,38,00,10,00,01, \
00,43,00,6f,00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4f,00,72,00,69,00, \
67,00,6e,00,61,00,6c,00,20,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00, \
00,42,00,11,00,01,00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00, \
6d,00,65,00,00,00,00,00,53,00,41,00,50,00,20,00,41,00,47,00,2c,00,20,00,57, \
00,61,00,6c,00,6c,00,64,00,6f,00,72,00,66,00,00,00,00,00,5a,00,19,00,01,00, \
46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69, \
00,6f,00,6e,00,00,00,00,00,53,00,41,00,50,00,20,00,46,00,72,00,6f,00,6e,00, \
74,00,65,00,6e,00,64,00,20,00,66,00,6f,00,72,00,20,00,57,00,69,00,6e,00,64, \
00,6f,00,77,00,73,00,00,00,00,00,3c,00,0e,00,01,00,46,00,69,00,6c,00,65,00, \
56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,34,00,35,00,32,00,30, \
00,2e,00,32,00,2e,00,30,00,2e,00,31,00,30,00,37,00,30,00,00,00,32,00,09,00, \
01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65, \
00,00,00,46,00,45,00,57,00,46,00,52,00,4f,00,4e,00,54,00,00,00,00,00,7a,00, \
2b,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69, \
00,67,00,68,00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00, \
04,00,00,00,00,00,00,00,65,05,00,00,02,00,00,00,03,00,00,00,00,00,01,00,53, \
00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00, \
33,00,00,00,23,00,54,02,00,00,00,02,00,00,8c,03,34,00,00,00,56,00,53,00,5f, \
00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00, \
00,00,00,00,bd,04,ef,fe,00,00,01,00,03,00,9e,11,26,04,00,00,03,00,9e,11,26, \
04,00,00,3f,00,00,00,20,00,00,00,04,00,00,00,01,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,ec,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46, \
00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,c8,02,00,00,01,00,30,00, \
30,00,30,00,30,00,30,00,34,00,62,00,30,00,00,00,38,00,10,00,01,00,43,00,6f, \
00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4f,00,72,00,69,00,67,00,6e,00, \
61,00,6c,00,20,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,42,00,11, \
00,01,00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00, \
00,00,00,00,53,00,41,00,50,00,20,00,41,00,47,00,2c,00,20,00,57,00,61,00,6c, \
00,6c,00,64,00,6f,00,72,00,66,00,00,00,00,00,5a,00,19,00,01,00,46,00,69,00, \
6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e, \
00,00,00,00,00,53,00,41,00,50,00,20,00,46,00,72,00,6f,00,6e,00,74,00,65,00, \
6e,00,64,00,20,00,66,00,6f,00,72,00,20,00,57,00,69,00,6e,00,64,00,6f,00,77, \
00,73,00,00,00,00,00,3c,00,0e,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00, \
72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,34,00,35,00,31,00,30,00,2e,00,33, \
00,2e,00,30,00,2e,00,31,00,30,00,36,00,32,00,00,00,32,00,09,00,01,00,49,00, \
6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,00,46, \
00,45,00,57,00,46,00,52,00,4f,00,4e,00,54,00,00,00,00,00,7a,00,2b,00,01,00, \
4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68, \
00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,04,00,00,00, \
00,00,00,00,65,05,00,00,02,00,00,00,03,00,00,00,00,00,01,00,53,00,65,00,72, \
00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00, \
23,00,54,02,00,00,00,02,00,00,20,03,34,00,00,00,56,00,53,00,5f,00,56,00,45, \
00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,00,00,00,00, \
bd,04,ef,fe,00,00,01,00,00,00,04,00,f0,03,00,00,00,00,04,00,f0,03,00,00,3f, \
00,00,00,00,00,00,00,04,00,01,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,7e,02,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,6c, \
00,65,00,49,00,6e,00,66,00,6f,00,00,00,5a,02,00,00,01,00,30,00,34,00,30,00, \
39,00,30,00,34,00,45,00,34,00,00,00,2e,00,07,00,01,00,43,00,6f,00,6d,00,70, \
00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,53,00,41,00,50,00, \
20,00,41,00,47,00,00,00,00,00,5a,00,19,00,01,00,46,00,69,00,6c,00,65,00,44, \
00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,00,00,00, \
53,00,41,00,50,00,20,00,46,00,72,00,6f,00,6e,00,74,00,65,00,6e,00,64,00,20, \
00,66,00,6f,00,72,00,20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,00,00, \
00,00,36,00,0b,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69, \
00,6f,00,6e,00,00,00,00,00,34,00,2e,00,30,00,2e,00,30,00,2e,00,31,00,30,00, \
30,00,38,00,00,00,00,00,2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e, \
00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,00,46,00,52,00,4f,00,4e,00,54,00, \
00,00,5e,00,1d,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79, \
00,72,00,69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00, \
67,00,68,00,74,00,20,00,a9,00,20,00,31,00,39,00,39,00,33,00,2d,00,31,00,39, \
00,39,00,37,00,20,00,53,00,41,00,50,00,20,00,41,00,47,00,00,00,00,00,28,00, \
00,00,01,00,4c,00,65,00,67,00,61,00,6c,00,54,00,72,00,61,00,64,00,02,00,00, \
00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,04,00,00,00,00,00,00,00, \
65,05,00,00,02,00,00,00,03,00,00,00,00,00,01,00,53,00,65,00,72,00,76,00,69, \
00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,23,00,54,02, \
00,00,00,02,00,00,18,03,34,00,00,00,56,00,53,00,5f,00,56,00,45,00,52,00,53, \
00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,00,00,00,00,bd,04,ef,fe, \
00,00,01,00,00,00,04,00,dd,03,00,00,00,00,04,00,dd,03,00,00,3f,00,00,00,00, \
00,00,00,04,00,01,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,78,02, \
00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,6c,00,65,00,49, \
00,6e,00,66,00,6f,00,00,00,54,02,00,00,01,00,30,00,34,00,30,00,39,00,30,00, \
34,00,45,00,34,00,00,00,2e,00,07,00,01,00,43,00,6f,00,6d,00,70,00,61,00,6e, \
00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,53,00,41,00,50,00,20,00,41,00, \
47,00,00,00,00,00,5a,00,19,00,01,00,46,00,69,00,6c,00,65,00,44,00,65,00,73, \
00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,00,00,00,53,00,41,00, \
50,00,20,00,46,00,72,00,6f,00,6e,00,74,00,65,00,6e,00,64,00,20,00,66,00,6f, \
00,72,00,20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,00,00,00,00,34,00, \
0a,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e, \
00,00,00,00,00,34,00,2e,00,30,00,2e,00,30,00,2e,00,39,00,38,00,39,00,00,00, \
2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61, \
00,6d,00,65,00,00,00,46,00,52,00,4f,00,4e,00,54,00,00,00,5e,00,1d,00,01,00, \
4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68, \
00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,20,00, \
a9,00,20,00,31,00,39,00,39,00,33,00,2d,00,31,00,39,00,39,00,37,00,20,00,53, \
00,41,00,50,00,20,00,41,00,47,00,00,00,00,00,28,00,00,00,01,00,4c,00,65,00, \
67,00,61,00,6c,00,54,00,72,00,61,00,64,00,65,00,6d,00,02,00,00,00,00,00,00, \
00,01,00,00,00,4c,00,00,00,3c,fd,06,00,04,00,00,00,00,00,00,00,65,05,00,00, \
02,00,00,00,03,00,00,00,00,00,01,00,53,00,65,00,72,00,76,00,69,00,63,00,65, \
00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,23,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe]
"ApplicationGoo"=hex:58,02,00,00,54,02,00,00,00,02,00,00,6c,07,34,00,00,00, 56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00, \
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,05,00,05,00,07,00,a8,07,05, \
00,05,00,07,00,a8,07,3f,00,00,00,00,00,00,00,04,00,04,00,01,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,cc,06,00,00,01,00,53,00,74,00,72,00,69,00,6e, \
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,54,03,00,00, \
01,00,30,00,34,00,30,00,39,00,30,00,34,00,42,00,30,00,00,00,18,00,00,00,01, \
00,43,00,6f,00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4c,00,16,00,01,00, \
43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00, \
00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,43,00,6f,00, \
72,00,70,00,6f,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,68,00,20,00,01, \
00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00, \
69,00,6f,00,6e,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66, \
00,74,00,20,00,45,00,78,00,63,00,68,00,61,00,6e,00,67,00,65,00,20,00,53,00, \
65,00,72,00,76,00,65,00,72,00,20,00,53,00,65,00,74,00,75,00,70,00,00,00,36, \
00,0b,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00, \
6e,00,00,00,00,00,35,00,2e,00,35,00,2e,00,31,00,39,00,36,00,30,00,2e,00,37, \
00,00,00,00,00,2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00, \
6c,00,4e,00,61,00,6d,00,65,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,9c, \
00,3c,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00, \
69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68, \
00,74,00,20,00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00, \
05,00,00,00,00,00,00,00,65,05,00,00,02,00,00,00,03,00,00,00,02,00,00,00,53, \
00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00, \
34,00,00,00,23,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe]
"ApplicationGoo"=hex:58,02,00,00,54,02,00,00,00,02,00,00,44,02,34,00,00,00, 56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00, \
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,01,00,01,00,0c,00,00,00,01, \
00,01,00,0c,00,00,00,00,00,00,00,00,00,00,00,04,00,00,00,01,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,44,00,00,00,00,00,56,00,61,00,72,00,46,00,69, \
00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,00,00,24,00,04,00,00,00,54,00, \
72,00,61,00,6e,00,73,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00,09, \
04,b0,04,a4,01,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00, \
6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,80,01,00,00,01,00,30,00,34,00,30, \
00,39,00,30,00,34,00,42,00,30,00,00,00,40,00,20,00,01,00,43,00,6f,00,6d,00, \
70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,44,00,65,00,4c, \
00,6f,00,72,00,6d,00,65,00,20,00,4d,00,61,00,70,00,70,00,69,00,6e,00,67,00, \
00,00,44,00,22,00,01,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,4e,00,61, \
00,6d,00,65,00,00,00,00,00,52,00,65,00,67,00,20,00,28,00,44,00,4c,00,69,00, \
62,00,62,00,79,00,5c,00,6d,00,73,00,66,00,29,00,00,00,00,00,34,00,14,00,01, \
00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00, \
00,00,31,00,2e,00,30,00,31,00,2e,00,30,00,30,00,31,00,32,00,00,00,38,00,14, \
00,01,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,56,00,65,00,72,00,73,00, \
69,00,6f,00,6e,00,00,00,31,00,2e,00,30,00,31,00,2e,00,30,00,30,00,31,00,32, \
00,00,00,34,00,12,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00, \
4e,00,61,00,6d,00,65,00,00,00,4d,00,4e,00,47,00,52,00,45,00,47,00,33,00,32, \
00,00,00,00,00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00, \
04,00,00,00,00,00,00,00,65,05,00,00,02,00,00,00,03,00,00,00,00,00,01,00,53, \
00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00, \
33,00,00,00,23,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE]
"GlobalFlag"="0x00200000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE]
"GlobalFlag"="0x00200000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE]
"DisableHeapLookAside"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE]
"DisableHeapLookAside"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,b4,02,34,00,00,00, 56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00, \
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,35,00,07,00,00,00,00,00,35, \
00,07,00,00,00,00,00,3f,00,00,00,00,00,00,00,04,00,00,00,01,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,12,02,00,00,01,00,53,00,74,00,72,00,69,00,6e, \
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,ee,01,00,00, \
01,00,30,00,34,00,30,00,39,00,30,00,34,00,62,00,30,00,00,00,42,00,11,00,01, \
00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00, \
00,00,50,00,65,00,6f,00,70,00,6c,00,65,00,53,00,6f,00,66,00,74,00,2c,00,20, \
00,49,00,6e,00,63,00,2e,00,00,00,00,00,28,00,00,00,01,00,46,00,69,00,6c,00, \
65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00, \
00,00,00,2a,00,05,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00, \
69,00,6f,00,6e,00,00,00,00,00,37,00,2e,00,35,00,33,00,00,00,00,00,9c,00,3c, \
00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00, \
67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74, \
00,20,00,a9,00,20,00,31,00,39,00,38,00,38,00,2d,00,31,00,39,00,39,00,38,00, \
20,00,50,00,65,00,6f,00,70,00,6c,00,65,00,53,00,6f,00,66,00,74,00,2c,00,20, \
00,49,00,6e,00,63,00,2e,00,20,00,20,00,41,00,6c,00,6c,00,20,00,52,00,69,00, \
67,00,68,00,74,00,73,00,20,00,52,00,65,00,73,00,65,00,72,00,76,00,65,00,64, \
00,00,00,3c,00,0a,00,01,00,4f,00,72,00,69,00,67,00,69,00,6e,00,61,00,6c,00, \
46,00,69,00,6c,00,65,00,6e,00,61,00,6d,00,65,00,00,00,70,00,73,00,64,00,6d, \
00,74,00,2e,00,10,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE]
"DisableHeapLookAside"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE]
"DisableHeapLookAside"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe]
"ApplicationGoo"=hex:00,07,00,00,54,02,00,00,00,02,00,00,84,07,34,00,00,00, 56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00, \
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,05,00,05,00,07,00,a8,07,05, \
00,05,00,07,00,a8,07,3f,00,00,00,00,00,00,00,04,00,04,00,01,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,e4,06,00,00,01,00,53,00,74,00,72,00,69,00,6e, \
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,60,03,00,00, \
01,00,30,00,34,00,30,00,39,00,30,00,34,00,42,00,30,00,00,00,18,00,00,00,01, \
00,43,00,6f,00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4c,00,16,00,01,00, \
43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00, \
00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,43,00,6f,00, \
72,00,70,00,6f,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,68,00,20,00,01, \
00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00, \
69,00,6f,00,6e,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66, \
00,74,00,20,00,45,00,78,00,63,00,68,00,61,00,6e,00,67,00,65,00,20,00,53,00, \
65,00,72,00,76,00,65,00,72,00,20,00,53,00,65,00,74,00,75,00,70,00,00,00,36, \
00,0b,00,01,00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00, \
6e,00,00,00,00,00,35,00,2e,00,35,00,2e,00,31,00,39,00,36,00,30,00,2e,00,37, \
00,00,00,00,00,2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00, \
6c,00,4e,00,61,00,6d,00,65,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,9e, \
00,3d,00,01,00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00, \
69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68, \
00,74,00,20,00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00, \
05,00,00,00,00,00,00,00,65,05,00,00,02,00,00,00,00,00,00,00,00,00,00,00,53, \
00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00, \
33,00,00,00,24,00,54,02,00,00,00,02,00,00,a4,08,34,00,00,00,56,00,53,00,5f, \
00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00, \
00,00,00,00,bd,04,ef,fe,00,00,01,00,05,00,05,00,07,00,a8,07,05,00,05,00,07, \
00,a8,07,3f,00,00,00,00,00,00,00,04,00,04,00,01,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,04,08,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46, \
00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,f0,03,00,00,01,00,30,00, \
34,00,30,00,39,00,30,00,34,00,42,00,30,00,00,00,18,00,00,00,01,00,43,00,6f, \
00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,4c,00,16,00,01,00,43,00,6f,00, \
6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,4d,00,69, \
00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,43,00,6f,00,72,00,70,00, \
6f,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,68,00,20,00,01,00,46,00,69, \
00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00, \
6e,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20, \
00,45,00,78,00,63,00,68,00,61,00,6e,00,67,00,65,00,20,00,53,00,65,00,72,00, \
76,00,65,00,72,00,20,00,53,00,65,00,74,00,75,00,70,00,00,00,36,00,0b,00,01, \
00,46,00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00, \
00,00,35,00,2e,00,35,00,2e,00,31,00,39,00,36,00,30,00,2e,00,37,00,00,00,00, \
00,2c,00,06,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00, \
61,00,6d,00,65,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,a6,00,41,00,01, \
00,4c,00,65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00, \
68,00,74,00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,20, \
00,02,00,00,00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,05,00,00,00, \
00,00,00,00,65,05,00,00,02,00,00,00,00,00,00,00,00,00,00,00,53,00,65,00,72, \
00,76,00,69,00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00, \
24,00,54,02,00,00,00,02,00,00,18,04,34,00,00,00,56,00,53,00,5f,00,56,00,45, \
00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00,46,00,4f,00,00,00,00,00, \
bd,04,ef,fe,00,00,01,00,05,00,05,00,07,00,a8,07,05,00,05,00,07,00,a8,07,3f, \
00,00,00,00,00,00,00,04,00,04,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,78,03,00,00,01,00,53,00,74,00,72,00,69,00,6e,00,67,00,46,00,69,00,6c, \
00,65,00,49,00,6e,00,66,00,6f,00,00,00,54,03,00,00,01,00,30,00,34,00,30,00, \
39,00,30,00,34,00,42,00,30,00,00,00,18,00,00,00,01,00,43,00,6f,00,6d,00,6d, \
00,65,00,6e,00,74,00,73,00,00,00,4c,00,16,00,01,00,43,00,6f,00,6d,00,70,00, \
61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00,00,00,4d,00,69,00,63,00,72, \
00,6f,00,73,00,6f,00,66,00,74,00,20,00,43,00,6f,00,72,00,70,00,6f,00,72,00, \
61,00,74,00,69,00,6f,00,6e,00,00,00,68,00,20,00,01,00,46,00,69,00,6c,00,65, \
00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,00, \
00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,45,00,78, \
00,63,00,68,00,61,00,6e,00,67,00,65,00,20,00,53,00,65,00,72,00,76,00,65,00, \
72,00,20,00,53,00,65,00,74,00,75,00,70,00,00,00,36,00,0b,00,01,00,46,00,69, \
00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,35,00, \
2e,00,35,00,2e,00,31,00,39,00,36,00,30,00,2e,00,37,00,00,00,00,00,2c,00,06, \
00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00, \
65,00,00,00,53,00,65,00,74,00,75,00,70,00,00,00,9a,00,3b,00,01,00,4c,00,65, \
00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00, \
00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,20,00,02,00,00, \
00,00,00,00,00,01,00,00,00,4c,00,00,00,3c,fd,06,00,05,00,00,00,00,00,00,00, \
65,05,00,00,02,00,00,00,00,00,00,00,00,00,00,00,53,00,65,00,72,00,76,00,69, \
00,63,00,65,00,20,00,50,00,61,00,63,00,6b,00,20,00,33,00,00,00,24,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,04,03,34,00,00,00, 56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00, \
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,1c,00,08,00,00,00,00,00,00, \
00,08,00,00,00,00,00,3f,00,00,00,00,00,00,00,04,00,00,00,01,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,64,02,00,00,01,00,53,00,74,00,72,00,69,00,6e, \
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,40,02,00,00, \
01,00,30,00,34,00,30,00,39,00,30,00,34,00,62,00,30,00,00,00,44,00,12,00,01, \
00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00, \
00,00,43,00,6f,00,72,00,65,00,6c,00,20,00,43,00,6f,00,72,00,70,00,6f,00,72, \
00,61,00,74,00,69,00,6f,00,6e,00,00,00,4e,00,13,00,01,00,46,00,69,00,6c,00, \
65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74,00,69,00,6f,00,6e,00,00, \
00,00,00,43,00,6f,00,72,00,65,00,6c,00,20,00,53,00,65,00,74,00,75,00,70,00, \
20,00,57,00,69,00,7a,00,61,00,72,00,64,00,00,00,00,00,2c,00,06,00,01,00,46, \
00,69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00, \
38,00,2e,00,30,00,32,00,38,00,00,00,46,00,13,00,01,00,49,00,6e,00,74,00,65, \
00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,00,43,00,6f,00,72,00, \
65,00,6c,00,20,00,53,00,65,00,74,00,75,00,70,00,20,00,57,00,69,00,7a,00,61, \
00,72,00,64,00,00,00,00,00,6c,00,24,00,01,00,4c,00,65,00,67,00,61,00,6c,00, \
43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,00,00,43,00,6f,00,70, \
00,79,00,72,00,69,00,67,00,68,00,74,00,20,00,a9,00,20,00,31,00,39,00,39,00, \
37,00,2c,00,20,00,43,00,6f,00,72,00,65,00,6c,00,20,00,43,00,6f,00,72,00,70, \
00,6f,00,72,00,08,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,38,03,34,00,00,00, 56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00, \
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,02,00,0a,00,01,00,0a,00,02, \
00,0a,00,01,00,0a,00,00,00,00,00,00,00,00,00,04,00,01,00,01,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,98,02,00,00,01,00,53,00,74,00,72,00,69,00,6e, \
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,74,02,00,00, \
01,00,30,00,34,00,30,00,39,00,30,00,34,00,45,00,34,00,00,00,4a,00,15,00,01, \
00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00, \
00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,43,00,6f,00,72, \
00,70,00,6f,00,72,00,61,00,74,00,69,00,6f,00,6e,00,00,00,00,00,60,00,1c,00, \
01,00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74, \
00,69,00,6f,00,6e,00,00,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00, \
63,00,20,00,53,00,79,00,6d,00,65,00,76,00,65,00,6e,00,74,00,20,00,49,00,6e, \
00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,34,00,0a,00,01,00,46,00, \
69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,31, \
00,30,00,2e,00,32,00,2e,00,31,00,30,00,2e,00,31,00,00,00,30,00,08,00,01,00, \
49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00, \
00,53,00,45,00,56,00,49,00,4e,00,53,00,54,00,00,00,7e,00,2d,00,01,00,4c,00, \
65,00,67,00,61,00,6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74, \
00,00,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,20,00,28,00, \
43,00,29,00,20,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,43, \
00,6f,00,72,00,01,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE]
"DisableHeapLookAside"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE]
"DisableHeapLookAside"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll]
"CheckAppHelp"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,7c,03,34,00,00,00, 56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00, \
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,00,00,01,00,09,00,26,00,00, \
00,01,00,09,00,26,00,3f,00,00,00,00,00,00,00,04,00,00,00,01,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,dc,02,00,00,01,00,53,00,74,00,72,00,69,00,6e, \
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,b8,02,00,00, \
01,00,30,00,34,00,30,00,39,00,30,00,34,00,62,00,30,00,00,00,66,00,27,00,01, \
00,43,00,6f,00,6d,00,6d,00,65,00,6e,00,74,00,73,00,00,00,42,00,75,00,73,00, \
69,00,6e,00,65,00,73,00,73,00,20,00,49,00,6e,00,74,00,65,00,6c,00,6c,00,69, \
00,67,00,65,00,6e,00,63,00,65,00,20,00,6f,00,6e,00,20,00,45,00,76,00,65,00, \
72,00,79,00,20,00,44,00,65,00,73,00,6b,00,74,00,6f,00,70,00,00,00,00,00,48, \
00,14,00,01,00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00, \
65,00,00,00,00,00,43,00,6f,00,67,00,6e,00,6f,00,73,00,20,00,49,00,6e,00,63, \
00,6f,00,72,00,70,00,6f,00,72,00,61,00,74,00,65,00,64,00,00,00,60,00,1c,00, \
01,00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72,00,69,00,70,00,74, \
00,69,00,6f,00,6e,00,00,00,00,00,43,00,6f,00,67,00,6e,00,6f,00,73,00,20,00, \
47,00,65,00,6e,00,65,00,72,00,69,00,63,00,20,00,49,00,6e,00,73,00,74,00,61, \
00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,38,00,0c,00,01,00,46,00, \
69,00,6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,31, \
00,2c,00,20,00,30,00,2c,00,20,00,33,00,38,00,2c,00,20,00,39,00,00,00,30,00, \
08,00,01,00,49,00,6e,00,74,00,65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d, \
00,65,00,00,00,01,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"
"GlobalFlag"="0x000010F0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE]
"ApplicationGoo"=hex:14,02,00,00,10,02,00,00,00,02,00,00,a4,02,34,00,00,00, 56,\
00,53,00,5f,00,56,00,45,00,52,00,53,00,49,00,4f,00,4e,00,5f,00,49,00,4e,00, \
46,00,4f,00,00,00,00,00,bd,04,ef,fe,00,00,01,00,00,00,01,00,01,00,00,00,00, \
00,01,00,01,00,00,00,3f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,04,02,00,00,01,00,53,00,74,00,72,00,69,00,6e, \
00,67,00,46,00,69,00,6c,00,65,00,49,00,6e,00,66,00,6f,00,00,00,e0,01,00,00, \
01,00,30,00,34,00,30,00,39,00,30,00,34,00,45,00,34,00,00,00,20,00,00,00,01, \
00,43,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,4e,00,61,00,6d,00,65,00,00,00, \
00,00,58,00,18,00,01,00,46,00,69,00,6c,00,65,00,44,00,65,00,73,00,63,00,72, \
00,69,00,70,00,74,00,69,00,6f,00,6e,00,00,00,00,00,49,00,4e,00,53,00,54,00, \
41,00,4c,00,4c,00,20,00,4d,00,46,00,43,00,20,00,41,00,70,00,70,00,6c,00,69, \
00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,30,00,08,00,01,00,46,00,69,00, \
6c,00,65,00,56,00,65,00,72,00,73,00,69,00,6f,00,6e,00,00,00,00,00,31,00,2e, \
00,30,00,2e,00,30,00,30,00,31,00,00,00,30,00,08,00,01,00,49,00,6e,00,74,00, \
65,00,72,00,6e,00,61,00,6c,00,4e,00,61,00,6d,00,65,00,00,00,49,00,4e,00,53, \
00,54,00,41,00,4c,00,4c,00,00,00,24,00,00,00,01,00,4c,00,65,00,67,00,61,00, \
6c,00,43,00,6f,00,70,00,79,00,72,00,69,00,67,00,68,00,74,00,00,00,28,00,00, \
00,01,00,4c,00,65,00,67,00,61,00,6c,00,54,00,72,00,61,00,64,00,65,00,6d,00, \
61,00,72,00,6b,00,73,00,00,00,00,00,40,00,0c,00,01,00,4f,00,72,00,69,00,67, \
00,69,00,6e,00,61,00,6c,00,46,00,69,00,6c,00,65,00,6e,00,61,00,6d,00,65,00, \
00,00,49,00,4e,00,53,00,54,00,41,00,4c,00,4c,00,2e,00,45,00,58,00,45,00,00, \
00,30,00,08,00,08,00,00,00,00,00,00,00
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,944 posts.
 
Join Date: Aug 2003
26-Jul-2012, 03:57 PM #10
Please run DDS again and post both logs.
Ciera2455's Avatar
Ciera2455 Ciera2455 is offline
Member with 41 posts.
THREAD STARTER
 
Join Date: Oct 2002
Location: Illinois
30-Jul-2012, 07:57 PM #11
DDS Logs Rerun 20120730
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33
Run by Mary Jo at 13:08:53 on 2012-07-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1203 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: COMODO Firewall Pro *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mary Jo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/a/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.yahoo.com/search?p=%s
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0411.dll
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mPolicies-explorer: <NO NAME> =
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: sumtotalsystems.com\allstate
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Yahoo! Backgammon - hxxp://download.games.yahoo.com/games/clients/y/at1_x.cab
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst0401.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} - hxxp://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://69.129.103.82:8000/activex/AMC.cab
DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} - hxxp://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{99B2922A-F756-441F-AD63-68DAAE86535E} : DhcpNameServer = 75.75.75.75 75.75.76.76
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mary jo\application data\mozilla\firefox\profiles\aapazohb.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - plugin: c:\documents and settings\mary jo\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\mary jo\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\mary jo\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\NPPLG90N.DLL
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 171064]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-3-16 616408]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
S1 areawcjv;areawcjv;\??\c:\windows\system32\drivers\areawcjv.sys --> c:\windows\system32\drivers\areawcjv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 USBDriver;RCA CDS1000 640x480 Driver;c:\windows\system32\drivers\cds1000.sys --> c:\windows\system32\drivers\cds1000.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-3 113120]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
.
=============== Created Last 30 ================
.
2012-07-29 15:21:49 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e03009aa-b72c-42c9-8db6-54cc8fa091a9}\mpengine.dll
2012-07-27 18:07:45 6891424 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-27 05:30:08 9821896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-07-18 07:22:04 -------- d-sha-r- C:\cmdcons
2012-07-18 07:18:18 98816 ----a-w- c:\windows\sed.exe
2012-07-18 07:18:18 518144 ----a-w- c:\windows\SWREG.exe
2012-07-18 07:18:18 256000 ----a-w- c:\windows\PEV.exe
2012-07-18 07:18:18 208896 ----a-w- c:\windows\MBR.exe
2012-07-17 22:08:27 1409 ----a-w- c:\windows\QTFont.for
2012-07-16 16:35:59 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-07-16 16:35:59 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-07-16 13:32:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-12 03:45:09 -------- d-----w- c:\program files\SpywareBlaster
2012-07-10 20:28:00 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-07-27 05:30:56 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 05:30:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 10:28:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-22 10:28:32 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-22 10:28:31 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2003-08-07 14:25:26 11066953 ------w- c:\program files\Helix_Producer_Basic_9.0.1_Setup.exe
.
============= FINISH: 13:11:49.12 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/14/2003 8:58:21 PM
System Uptime: 7/30/2012 8:44:12 AM (5 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G0728
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2660/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 61.999 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 447.667 GiB free.
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2254: 7/16/2012 10:45:50 PM - Software Distribution Service 3.0
RP2255: 7/17/2012 9:45:15 PM - Software Distribution Service 3.0
RP2256: 7/18/2012 11:17:17 PM - Software Distribution Service 3.0
RP2257: 7/20/2012 9:44:14 AM - Software Distribution Service 3.0
RP2258: 7/21/2012 10:07:34 AM - Software Distribution Service 3.0
RP2259: 7/22/2012 2:43:04 PM - System Checkpoint
RP2260: 7/22/2012 8:38:53 PM - Software Distribution Service 3.0
RP2261: 7/24/2012 1:49:14 PM - System Checkpoint
RP2262: 7/25/2012 12:24:39 AM - Software Distribution Service 3.0
RP2263: 7/26/2012 9:56:41 AM - Software Distribution Service 3.0
RP2264: 7/27/2012 1:07:22 PM - Software Distribution Service 3.0
RP2265: 7/28/2012 5:14:22 PM - System Checkpoint
RP2266: 7/29/2012 10:21:14 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
Sansa Media Converter
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Amazon MP3 Downloader 1.0.10
AnswerWorks 4.0 Runtime - English
ArcSoft PhotoImpression 5
ArcSoft PhotoStudio 5.5
Banctec Service Agreement
CA Pest Patrol Realtime Protection
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner
CDDRV_Installer
CK McCormick Creative Clips & fonts
ClickArtŪ Fonts 2
Comcast High-Speed Internet Install Wizard
Comcast Toolbar 3.0
Compatibility Pack for the 2007 Office system
Conexant SmartHSFi V92 56K DF PCI Modem
Creating Keepsakes Scrapbook Designer
Critical Update for Windows Media Player 11 (KB959772)
DAO
Dell Digital Jukebox Driver
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support 5.0.0 (766)
DesignPro 5.0 Media Edition
Digital Line Detect
DVDSentry
EarthLink Free Trial
Easy CD Creator 5 Basic
EPSON Print CD
EPSON Printer Software
EPSON Stylus Photo R380 User's Guide
erLT
Excel 2000 Quattro Pro 7.0 Converter
exPressit S.E. 2.2
Facebook Plug-In
FlipShare
Google Chrome
Google Earth
Google Updater
Helix Producer Basic 9
Help and Support Customization
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Image Resizer Powertoy for Windows XP
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet
Internet Explorer Q903235
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 8
Java Auto Updater
Java Web Start
Java(TM) 6 Update 33
Java(TM) 6 Update 7
Learn2 Player (Uninstall Only)
Lizardtech DjVu Control (autoinstall)
Logitech Desktop Messenger
Logitech MouseWare 9.79.1
Logitech Resource Center
Malwarebytes Anti-Malware version 1.62.0.1300
MapSource - Americas BlueChart v4.00
MediaFACE 4.0
MediaFACE 4.0 Business Image Library
MediaFACE 4.0 General Image Library
MediaFACE 4.0 Lifestyle Image Library
MediaFACE 4.0 Music Image Library
MediaFACE 4.0 Special Occasion Image Library
MediaFACE 4.0 Spiritual Image Library
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft FrontPage 2002
Microsoft Image Composer 1.5
Microsoft Interactive Training
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Converter Pack
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office XP Media Content
Microsoft Office XP Web Components
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Modem Helper
Move Networks Media Player for Internet Explorer
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Musicnotes Software Suite 1.5.3
Nero Suite
NetWaiting
NOOK for PC
NVIDIA Display Driver
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PaperPort 8.0 SE
POINT
PowerDVD
QuickTime
RealPlayer
Revo Uninstaller 1.91
Seagate Manager Installer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975254)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
Sibelius Scorch (ActiveX Only)
Sound Blaster Live!
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
SpywareBlaster 4.6
swMSM
The Print Shop 20
The Print Shop Premium Fonts
TurboTax 2010
TurboTax 2010 wiliper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wiliper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visioneer OneTouch 9320
Walmart MP3 Music Downloads
WebFldrs XP
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip
Yahoo! Customizations
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
.
==== Event Viewer Messages From Past Week ========
.
7/25/2012 12:10:35 AM, error: Print [19] - Sharing printer failed + 1722, Printer PaperPort Color share name Printer.
7/24/2012 10:40:23 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.445.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80072efd Error description: A connection with the server could not be established
7/24/2012 10:32:15 AM, error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
7/24/2012 10:32:15 AM, error: Service Control Manager [7022] - The FlipShare Service service hung on starting.
7/24/2012 10:30:45 AM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The executable program that this service is configured to run in does not implement the service.
7/24/2012 10:30:45 AM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The executable program that this service is configured to run in does not implement the service.
7/24/2012 10:30:45 AM, error: Service Control Manager [7001] - The FTP Publishing service depends on the IIS Admin service which failed to start because of the following error: The executable program that this service is configured to run in does not implement the service.
7/24/2012 10:30:45 AM, error: Service Control Manager [7000] - The RCA CDS1000 640x480 Driver service failed to start due to the following error: The system cannot find the file specified.
7/24/2012 10:30:45 AM, error: Service Control Manager [7000] - The IIS Admin service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
.
==== End Of File ===========================
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,944 posts.
 
Join Date: Aug 2003
31-Jul-2012, 04:24 PM #12
Go to Control Panel - Add or Remove Programs and remove these older versions of Java:

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 8
Java(TM) 6 Update 7

and the following as well:
Viewpoint Manager (Remove Only)
Viewpoint Media Player


Open Notepad and copy and paste the text in the code box below into it:

Code:
File::
c:\windows\system32\drivers\areawcjv.sys

Driver::
areawcjv

DDS::
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe




This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.
Ciera2455's Avatar
Ciera2455 Ciera2455 is offline
Member with 41 posts.
THREAD STARTER
 
Join Date: Oct 2002
Location: Illinois
11-Aug-2012, 05:06 PM #13
Re-run ComboFix 08.11.12
Sorry for the delay, busy week.

ComboFix 12-07-16.01 - Mary Jo 08/11/2012 14:51:42.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1450 [GMT -5:00]
Running from: c:\documents and settings\Mary Jo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mary Jo\Desktop\CFScript.txt
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall Pro *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
FILE ::
"c:\windows\system32\drivers\areawcjv.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\INSTALL.LOG
c:\windows\help\wmplayer.bak
c:\windows\MailSwitch.ocx
c:\windows\patch.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\rnaph.dll
F:\autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_areawcjv
.
.
((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
.
.
2012-08-11 11:25 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C9F4BF13-C1E1-4E9E-B543-981B726850BF}\mpengine.dll
2012-08-10 10:40 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-31 16:58 . 2012-07-31 16:58 -------- d-----w- c:\program files\Wondershare
2012-07-31 07:07 . 2012-07-31 07:07 -------- d-----w- c:\documents and settings\Mary Jo\Local Settings\Application Data\Wondershare
2012-07-31 07:07 . 2012-07-31 07:07 -------- d-----w- c:\program files\Common Files\Wondershare
2012-07-17 22:08 . 2012-07-17 22:08 1409 ----a-w- c:\windows\QTFont.for
2012-07-16 16:35 . 2012-07-16 16:36 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-16 16:35 . 2012-07-16 16:35 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-16 13:32 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 17:30 . 2012-04-12 03:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 17:30 . 2011-05-15 03:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 10:28 . 2008-11-11 01:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-22 10:28 . 2012-06-22 10:29 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-22 10:28 . 2010-04-25 15:23 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:19 . 2002-08-29 10:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2009-08-19 23:07 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-26 18:54 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2002-08-29 10:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2007-05-31 23:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2007-05-31 23:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2004-08-03 19:03 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2004-08-03 19:02 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2004-08-03 18:59 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2007-05-31 23:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2005-05-26 09:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2004-08-03 19:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2004-08-03 18:59 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2002-08-29 10:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2007-05-31 23:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2004-08-03 19:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2002-08-29 10:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2007-06-01 23:31 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 20:18 . 2006-09-05 00:02 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18 . 2006-02-12 09:41 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2002-09-23 20:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2005-04-27 15:54 916992 ----a-w- c:\windows\system32\wininet.dll
2003-08-07 14:25 . 2003-08-07 14:25 11066953 ------w- c:\program files\Helix_Producer_Basic_9.0.1_Setup.exe
2012-08-06 03:35 . 2011-09-30 15:19 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-12-04 1622488]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-10-06 49152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-31 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-19 185872]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-20 1679360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoa dGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creating Keepsakes Scrapbook Designer Event Reminder.lnk]
backup=c:\windows\pss\Creating Keepsakes Scrapbook Designer Event Reminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
backup=c:\windows\pss\ymetray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 23:25 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
2003-08-18 13:12 98304 ------w- c:\program files\Visioneer OneTouch\OneTouchMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-01-31 17:24 98304 ------w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-01-19 06:38 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"24726:TCP"= 24726:TCP:FlipShareServer
"24727:TCP"= 24727:TCP:FlipShareServer
.
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [3/16/2009 4:37 PM 616408]
R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [5/6/2011 12:58 PM 1085440]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/26/2009 12:32 AM 189736]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 6:53 PM 13672]
S1 MpKsl85cb5d01;MpKsl85cb5d01;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C9F4BF13-C1E1-4E9E-B543-981B726850BF}\MpKsl85cb5d01.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C9F4BF13-C1E1-4E9E-B543-981B726850BF}\MpKsl85cb5d01.sys [?]
S2 USBDriver;RCA CDS1000 640x480 Driver;c:\windows\system32\Drivers\cds1000.sys --> c:\windows\system32\Drivers\cds1000.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [4/11/2012 10:04 PM 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/3/2012 9:03 PM 113120]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 17:30]
.
2012-08-11 c:\windows\Tasks\Backup.job
- c:\windows\SYSTEM32\ntbackup.exe [2002-08-29 00:12]
.
2012-08-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-31 23:20]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2589259409-1540086843-2969841051-1005Core.job
- c:\documents and settings\Mary Jo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-01 03:33]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2589259409-1540086843-2969841051-1005UA.job
- c:\documents and settings\Mary Jo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-01 03:33]
.
2009-05-19 c:\windows\Tasks\Initial Backup.job
- c:\windows\system32\ntbackup.exe [2002-08-29 00:12]
.
2003-05-15 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
2012-08-11 c:\windows\Tasks\User_Feed_Synchronization-{C3B178F0-672A-40FB-BCFD-2061D6CE3E75}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.yahoo.com/search?p=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: sumtotalsystems.com\allstate
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://69.129.103.82:8000/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Mary Jo\Application Data\Mozilla\Firefox\Profiles\aapazohb.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-11 15:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2589259409-1540086843-2969841051-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2932)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\System32\CTsvcCDA.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\windows\System32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\fxssvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\Logi_MwX.Exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2012-08-11 15:32:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-11 20:32
ComboFix2.txt 2012-07-18 07:45
.
Pre-Run: 52,091,936,768 bytes free
Post-Run: 51,931,934,720 bytes free
.
- - End Of File - - D021A0A22FD9F21D8A6E77BD412F41F7
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,944 posts.
 
Join Date: Aug 2003
11-Aug-2012, 06:07 PM #14
Can you update MalwareBytes and get it to run now? If so please do a quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Ciera2455's Avatar
Ciera2455 Ciera2455 is offline
Member with 41 posts.
THREAD STARTER
 
Join Date: Oct 2002
Location: Illinois
18-Aug-2012, 05:39 PM #15
MBAM Log 08.18.12
Nothing Found!!!


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.03.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mary Jo :: PHUNKYTOWN [administrator]

8/18/2012 3:54:58 PM
mbam-log-2012-08-18 (15-54-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251383
Time elapsed: 33 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑