Help on Killing the Redirect Virus

Dell / Dell dm051...
April 11, 2010 at 15:15:01
Specs: Microsoft Windows XP Professional, 2.793 GHz / 1022 MB
Hello, I need help in eliminating what I believe is the Google redirect virus. About a few weeks ago, I started experiencing slower computer speed and random restarts, sometimes during startup. A few days ago, I experienced symptoms of a redirecting virus: I could go to webpages via direct URL but when I tried to click on a link from a search engine (Yahoo, Bing, Google were tried), I would get redirected to a spam site. Also, new tabs to spam sites would occassionally open. I am also concerned with the number of processes running in Task Manager. Thank you to anyone in advance who can help.

The following posts are some logs that may be helpful in diagnosing the problem.


See More: Help on Killing the Redirect Virus

Report •


#1
April 11, 2010 at 15:15:57
DDS (Ver_10-03-17.01) - NTFSx86
Run by Edmund at 13:58:28.07 on Sun 04/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.246 [GMT -7:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\BumpTop\BumpTop.exe
C:\Documents and Settings\Edmund.EDMUND-43B7521A\Desktop\dds.scr

============== Pseudo HJT Report ===============

mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
BHO: {7418E5F5-0E48-4144-8F92-5CA791C82396} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {DE713078-8012-4B75-92BA-398D4642A64B} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DeadAIM] rundll32.exe "c:\progra~1\aim\\DeadAIM.ocm",ExportedCheckODLs
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [PDUiP6220DMon] c:\program files\canon\memory card utility\ip6220d\PDUiP6220DMon.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRunOnce: [RunNarrator] Narrator.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {A573D71B-951B-4BAD-B8CC-708AE84769C9} - {32CA105A-BD6C-4AFC-B4D9-346262E9F483}
LSP: c:\windows\system32\imon.dll
Trusted Zone: aol.com\free
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\edmund~1.edm\applic~1\mozilla\firefox\profiles\rd1isj9k.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npActiveGS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-4-19 15424]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-7-6 561152]
R2 CVPNDRV;Cisco Systems Inc. IPSec Driver;c:\windows\system32\drivers\CVPNDrv.sys [2003-3-26 267335]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2007-7-16 552064]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2006-5-8 16168]
S2 gupdate1ca3b45a70bfe66;Google Update Service (gupdate1ca3b45a70bfe66);c:\program files\google\update\GoogleUpdate.exe [2009-9-21 133104]
S2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [2008-3-25 202280]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

=============== Created Last 30 ================

2010-04-09 04:42:23 0 d-----w- c:\program files\Trend Micro
2010-04-08 02:01:08 0 d-----w- c:\docume~1\edmund~1.edm\applic~1\Malwarebytes
2010-04-08 02:00:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-08 02:00:53 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-08 02:00:53 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-04-08 02:00:50 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 05:39:32 0 d-sha-r- C:\cmdcons
2010-04-07 05:36:15 98816 ----a-w- c:\windows\sed.exe
2010-04-07 05:36:15 77312 ----a-w- c:\windows\MBR.exe
2010-04-07 05:36:15 261632 ----a-w- c:\windows\PEV.exe
2010-04-07 05:36:15 161792 ----a-w- c:\windows\SWREG.exe
2010-04-06 12:27:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-04 19:11:06 11564 ----a-w- c:\windows\system32\DVCState-{00000003-00000000-00000003-00001102-00000004-20021102}.rfx
2010-04-03 08:47:34 0 d-----w- c:\docume~1\alluse~1.win\applic~1\IObit
2010-04-01 17:47:02 0 d-----w- c:\program files\common files\xing shared

==================== Find3M ====================

2010-04-11 17:40:29 54416 ----a-w- c:\windows\system32\drivers\sthdae.log
2010-04-10 13:43:37 5888 ----a-w- c:\windows\system32\drivers\dmload.sys
2010-04-07 06:43:05 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-09 11:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-25 06:24:37 916480 ------w- c:\windows\system32\wininet.dll
2010-01-14 11:52:15 36404 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-06 03:34:38 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009070520090706\index.dat

============= FINISH: 14:00:06.26 ===============


Report •

#2
April 11, 2010 at 15:16:58
Attach log copied and pasted as advised from another thread:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/8/2006 8:59:47 PM
System Uptime: 4/11/2010 10:40:09 AM (4 hours ago)

Motherboard: Dell Inc. | | 0HJ054
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 146 GiB total, 75.344 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: IDT High Definition Audio CODEC
Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_102801AB&REV_1032\4&B5B2454&0&0001
Manufacturer: IDT
Name: IDT High Definition Audio CODEC
PNP Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_102801AB&REV_1032\4&B5B2454&0&0001
Service: STHDA

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01D21028&REV_01\3&172E68DD&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01D21028&REV_01\3&172E68DD&0&FB
Service:

==== System Restore Points ===================

RP1145: 1/12/2010 3:00:18 AM - Software Distribution Service 3.0
RP1146: 1/13/2010 1:57:56 AM - Software Distribution Service 3.0
RP1147: 1/13/2010 4:43:47 PM - Installed Windows KB954550-v5.
RP1148: 1/13/2010 4:44:05 PM - Printer Driver Microsoft XPS Document Writer Installed
RP1149: 1/13/2010 4:54:55 PM - Installed Windows XP KB942288-v3.
RP1150: 1/13/2010 5:10:56 PM - Printer Driver Microsoft XPS Document Writer Installed
RP1151: 1/14/2010 3:00:17 AM - Software Distribution Service 3.0
RP1152: 1/15/2010 3:00:16 AM - Software Distribution Service 3.0
RP1153: 1/15/2010 4:33:17 AM - Software Distribution Service 3.0
RP1154: 1/16/2010 3:00:17 AM - Software Distribution Service 3.0
RP1155: 1/17/2010 3:00:17 AM - Software Distribution Service 3.0
RP1156: 1/17/2010 3:32:56 AM - Software Distribution Service 3.0
RP1157: 1/18/2010 3:00:19 AM - Software Distribution Service 3.0
RP1158: 1/19/2010 12:46:32 AM - Software Distribution Service 3.0
RP1159: 1/19/2010 10:53:46 AM - Software Distribution Service 3.0
RP1160: 1/20/2010 2:35:52 AM - Software Distribution Service 3.0
RP1161: 1/20/2010 10:32:05 AM - Software Distribution Service 3.0
RP1162: 1/21/2010 2:26:12 AM - Software Distribution Service 3.0
RP1163: 1/22/2010 2:38:48 AM - System Checkpoint
RP1164: 1/22/2010 3:00:15 AM - Software Distribution Service 3.0
RP1165: 1/23/2010 3:00:15 AM - Software Distribution Service 3.0
RP1166: 1/24/2010 3:00:15 AM - Software Distribution Service 3.0
RP1167: 1/25/2010 3:00:25 AM - Software Distribution Service 3.0
RP1168: 1/26/2010 12:57:03 AM - Software Distribution Service 3.0
RP1169: 1/27/2010 3:00:21 AM - Software Distribution Service 3.0
RP1170: 1/28/2010 3:00:18 AM - Software Distribution Service 3.0
RP1171: 1/29/2010 3:00:19 AM - Software Distribution Service 3.0
RP1172: 1/30/2010 3:00:16 AM - Software Distribution Service 3.0
RP1173: 1/31/2010 3:00:16 AM - Software Distribution Service 3.0
RP1174: 2/1/2010 3:00:16 AM - Software Distribution Service 3.0
RP1175: 2/1/2010 4:58:15 AM - Software Distribution Service 3.0
RP1176: 2/2/2010 3:00:17 AM - Software Distribution Service 3.0
RP1177: 2/3/2010 3:00:19 AM - Software Distribution Service 3.0
RP1178: 2/3/2010 4:37:45 AM - Software Distribution Service 3.0
RP1179: 2/4/2010 3:00:17 AM - Software Distribution Service 3.0
RP1180: 2/4/2010 4:05:20 AM - Software Distribution Service 3.0
RP1181: 2/4/2010 12:09:20 PM - Software Distribution Service 3.0
RP1182: 2/5/2010 1:01:10 AM - Software Distribution Service 3.0
RP1183: 2/6/2010 1:40:15 AM - System Checkpoint
RP1184: 2/6/2010 3:00:16 AM - Software Distribution Service 3.0
RP1185: 2/6/2010 4:58:13 AM - Software Distribution Service 3.0
RP1186: 2/7/2010 3:00:22 AM - Software Distribution Service 3.0
RP1187: 2/7/2010 8:10:48 AM - Software Distribution Service 3.0
RP1188: 2/7/2010 3:01:00 PM - Software Distribution Service 3.0
RP1189: 2/8/2010 3:00:17 AM - Software Distribution Service 3.0
RP1190: 2/9/2010 2:59:15 AM - Software Distribution Service 3.0
RP1191: 2/10/2010 3:00:16 AM - Software Distribution Service 3.0
RP1192: 2/11/2010 3:00:20 AM - Software Distribution Service 3.0
RP1193: 2/11/2010 4:06:37 AM - Software Distribution Service 3.0
RP1194: 2/12/2010 3:00:17 AM - Software Distribution Service 3.0
RP1195: 2/13/2010 3:00:18 AM - Software Distribution Service 3.0
RP1196: 2/13/2010 3:58:41 AM - Software Distribution Service 3.0
RP1197: 2/14/2010 3:00:19 AM - Software Distribution Service 3.0
RP1198: 2/14/2010 3:02:15 AM - Software Distribution Service 3.0
RP1199: 2/14/2010 2:39:20 PM - Software Distribution Service 3.0
RP1200: 2/15/2010 2:08:20 AM - Software Distribution Service 3.0
RP1201: 2/15/2010 8:09:45 AM - Software Distribution Service 3.0
RP1202: 2/15/2010 5:02:38 PM - Software Distribution Service 3.0
RP1203: 2/16/2010 1:43:22 AM - Software Distribution Service 3.0
RP1204: 2/16/2010 10:11:21 AM - Software Distribution Service 3.0
RP1205: 2/16/2010 11:33:04 PM - Software Distribution Service 3.0
RP1206: 2/17/2010 3:00:16 AM - Software Distribution Service 3.0
RP1207: 2/18/2010 3:00:15 AM - Software Distribution Service 3.0
RP1208: 2/19/2010 3:00:22 AM - Software Distribution Service 3.0
RP1209: 2/20/2010 3:00:21 AM - Software Distribution Service 3.0
RP1210: 2/21/2010 12:51:03 AM - Software Distribution Service 3.0
RP1211: 2/22/2010 3:00:22 AM - Software Distribution Service 3.0
RP1212: 2/23/2010 2:14:26 AM - Software Distribution Service 3.0
RP1213: 2/24/2010 3:00:24 AM - Software Distribution Service 3.0
RP1214: 2/24/2010 4:30:06 AM - Software Distribution Service 3.0
RP1215: 2/25/2010 3:00:41 AM - Software Distribution Service 3.0
RP1216: 2/25/2010 6:47:56 PM - Software Distribution Service 3.0
RP1217: 2/26/2010 3:00:17 AM - Software Distribution Service 3.0
RP1218: 2/27/2010 3:00:20 AM - Software Distribution Service 3.0
RP1219: 2/28/2010 3:00:15 AM - Software Distribution Service 3.0
RP1220: 2/28/2010 4:48:00 AM - Software Distribution Service 3.0
RP1221: 3/1/2010 3:00:20 AM - Software Distribution Service 3.0
RP1222: 3/2/2010 3:00:25 AM - Software Distribution Service 3.0
RP1223: 3/3/2010 3:00:21 AM - Software Distribution Service 3.0
RP1224: 3/4/2010 3:00:25 AM - Software Distribution Service 3.0
RP1225: 3/4/2010 6:27:28 PM - Printer Driver PDFCreator Installed
RP1226: 3/5/2010 3:00:18 AM - Software Distribution Service 3.0
RP1227: 3/5/2010 3:13:33 AM - Software Distribution Service 3.0
RP1228: 3/6/2010 3:00:19 AM - Software Distribution Service 3.0
RP1229: 3/7/2010 3:00:16 AM - Software Distribution Service 3.0
RP1230: 3/8/2010 3:00:17 AM - Software Distribution Service 3.0
RP1231: 3/9/2010 1:33:45 AM - Software Distribution Service 3.0
RP1232: 3/9/2010 1:38:34 AM - Software Distribution Service 3.0
RP1233: 3/10/2010 3:00:18 AM - Software Distribution Service 3.0
RP1234: 3/11/2010 3:42:46 AM - System Checkpoint
RP1235: 3/12/2010 3:00:15 AM - Software Distribution Service 3.0
RP1236: 3/13/2010 3:00:16 AM - Software Distribution Service 3.0
RP1237: 3/14/2010 4:00:24 AM - Software Distribution Service 3.0
RP1238: 3/14/2010 4:43:22 AM - Software Distribution Service 3.0
RP1239: 3/15/2010 3:00:20 AM - Software Distribution Service 3.0
RP1240: 3/16/2010 2:52:27 AM - Software Distribution Service 3.0
RP1241: 3/17/2010 3:00:16 AM - Software Distribution Service 3.0
RP1242: 3/17/2010 4:22:35 AM - Software Distribution Service 3.0
RP1243: 3/18/2010 3:00:16 AM - Software Distribution Service 3.0
RP1244: 3/18/2010 4:02:37 AM - Software Distribution Service 3.0
RP1245: 3/18/2010 3:05:27 PM - Software Distribution Service 3.0
RP1246: 3/19/2010 3:00:16 AM - Software Distribution Service 3.0
RP1247: 3/19/2010 6:35:57 PM - Software Distribution Service 3.0
RP1248: 3/22/2010 3:31:55 PM - Software Distribution Service 3.0
RP1249: 3/23/2010 3:00:25 AM - Software Distribution Service 3.0
RP1250: 3/23/2010 5:36:00 AM - Software Distribution Service 3.0
RP1251: 3/24/2010 3:00:18 AM - Software Distribution Service 3.0
RP1252: 3/25/2010 3:00:19 AM - Software Distribution Service 3.0
RP1253: 3/26/2010 3:00:20 AM - Software Distribution Service 3.0
RP1254: 3/27/2010 3:00:23 AM - Software Distribution Service 3.0
RP1255: 3/28/2010 3:00:21 AM - Software Distribution Service 3.0
RP1256: 3/29/2010 3:00:20 AM - Software Distribution Service 3.0
RP1257: 3/30/2010 3:00:24 AM - Software Distribution Service 3.0
RP1258: 3/30/2010 11:57:51 PM - Software Distribution Service 3.0
RP1259: 4/1/2010 12:43:55 AM - System Checkpoint
RP1260: 4/1/2010 3:00:15 AM - Software Distribution Service 3.0
RP1261: 4/2/2010 3:00:21 AM - Software Distribution Service 3.0
RP1262: 4/3/2010 3:00:17 AM - Software Distribution Service 3.0
RP1263: 4/4/2010 3:00:16 AM - Software Distribution Service 3.0
RP1264: 4/4/2010 11:51:34 AM - Software Distribution Service 3.0
RP1265: 4/4/2010 11:57:17 AM - Software Distribution Service 3.0
RP1266: 4/4/2010 11:19:29 PM - Software Distribution Service 3.0
RP1267: 4/4/2010 11:59:31 PM - Software Distribution Service 3.0
RP1268: 4/6/2010 12:20:55 AM - Software Distribution Service 3.0
RP1269: 4/6/2010 1:40:45 AM - Installed Java(TM) 6 Update 19
RP1270: 4/6/2010 3:01:18 AM - Software Distribution Service 3.0
RP1271: 4/7/2010 12:29:07 AM - Software Distribution Service 3.0
RP1272: 4/7/2010 6:52:53 PM - Software Distribution Service 3.0
RP1273: 4/7/2010 8:51:07 PM - Software Distribution Service 3.0
RP1274: 4/9/2010 3:00:15 AM - Software Distribution Service 3.0
RP1275: 4/9/2010 7:31:07 AM - Software Distribution Service 3.0
RP1276: 4/10/2010 1:09:35 AM - Software Distribution Service 3.0
RP1277: 4/11/2010 1:52:51 AM - Software Distribution Service 3.0
RP1278: 4/11/2010 10:42:52 AM - Software Distribution Service 3.0

==== Installed Programs ======================

7-Zip 4.44 beta
Ad-Aware 2007
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.1.0
Adobe Shockwave Player
Adobe Stock Photos 1.0
Advanced SystemCare 3
Advanced Video FX Utility
AiO_Scan_CDA
Amazon MP3 Downloader 1.0.3
AOL Instant Messenger
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVOne 3GP Video Converter
AVS DVDMenu Editor 1.0.0.5
AVS Video Tools 5.5
BitTorrent
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Broadcom Wireless Utility
BumpTop
Cakewalk Pro Audio 9
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon iP6220D
Canon iP6220D Memory Card Utility
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Catan - Cities and Knights
Cisco Systems VPN Client 3.6.4 (Rel)
Comcast High-Speed Internet Install Wizard
Comcast Toolbar
Continuum 0.38
Creative MediaSource
Creative Photo Manager
Creative System Information
Creative WebCam Center
Creative WebCam Instant Driver (1.03.02.0425)
Creative WebCam Instant User's Guide (English)
DeadAIM
DivX Web Player
DNA
Easy-WebPrint
Film Factory Lite
Fruity Loops 3 Full Final
Get Yahoo! Messenger
Google Chrome
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Photosmart, Officejet and Deskjet 7.0.A
Intel(R) PRO Network Connections Drivers
InterActual Player
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java(TM) 6 Update 19
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Linksys Wireless-G PCI Network Adapter with SpeedBooster
Magic Suitcase
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Mozilla Firefox (3.6.3)
MSN Music Assistant
MSXML 6.0 Parser (KB933579)
Nero 6 Ultra Edition
NOD32 Antivirus System
NOD32 FiX v2.1
NSIS Mixxx
NVIDIA Drivers
PCFriendly
PDFCreator
PokerStars
PokerStove version 1.21
Post-it® Software Notes Lite
PowerDVD
QFolder
QuickTime
RealPlayer
RealUpgrade 1.0
Road Runner Medic 6.1
Sage Blackjack Shareware
Samsung USB Driver (MCCI 4.34) WHQL v3.0
Scan
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SightSpeed (remove only)
Skype Toolbars
Skype™ 4.1
Sonic Foundry Sound Forge 6.0
Sound Blaster Audigy 2 ZS
Sportsbook.com Poker
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Starcraft
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
Viewpoint Media Player
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows System Scanner
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

4/6/2010 11:44:05 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/6/2010 11:35:35 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
4/6/2010 11:35:35 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
4/6/2010 11:35:34 PM, error: Service Control Manager [7034] - The WMP54GSSVC service terminated unexpectedly. It has done this 1 time(s).
4/6/2010 11:35:34 PM, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
4/6/2010 11:35:34 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
4/6/2010 11:35:34 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
4/6/2010 11:35:34 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
4/6/2010 11:35:34 PM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s).
4/6/2010 11:35:34 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
4/6/2010 11:35:34 PM, error: Service Control Manager [7034] - The Ad-Aware 2007 Service service terminated unexpectedly. It has done this 1 time(s).
4/6/2010 11:35:34 PM, error: Service Control Manager [7031] - The NOD32 Kernel Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
4/6/2010 11:35:34 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/6/2010 10:41:17 PM, error: Service Control Manager [7034] - The Broadcom Wireless LAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
4/6/2010 1:34:23 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
4/6/2010 1:34:23 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
4/6/2010 1:34:22 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/6/2010 1:34:22 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
4/6/2010 1:32:54 AM, error: nv [108] - The driver nv4_disp for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates.
4/6/2010 1:30:27 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/5/2010 7:19:41 PM, error: Service Control Manager [7000] - The ASCTRM service failed to start due to the following error: The system cannot find the file specified.
4/5/2010 7:19:40 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
4/5/2010 7:19:40 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
4/5/2010 7:16:46 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
4/4/2010 11:48:18 AM, error: System Error [1003] - Error code 100000ea, parameter1 868c2c10, parameter2 86caef60, parameter3 f7a49cbc, parameter4 00000001.
4/4/2010 11:48:03 AM, error: System Error [1003] - Error code 100000ea, parameter1 86a258e0, parameter2 869878d8, parameter3 f7a51cbc, parameter4 00000001.
4/4/2010 11:47:59 AM, error: System Error [1003] - Error code 100000ea, parameter1 8688b320, parameter2 86cb28f8, parameter3 f7a4dcbc, parameter4 00000001.
4/4/2010 11:47:44 AM, error: System Error [1003] - Error code 100000ea, parameter1 85b4e468, parameter2 85acbec0, parameter3 f7a45cbc, parameter4 00000001.

==== End Of File ===========================


Report •

#3
April 11, 2010 at 15:20:32
ComboFix 10-04-10.02 - Edmund 04/11/2010 14:11:39.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.314 [GMT -7:00]
Running from: c:\documents and settings\Edmund.EDMUND-43B7521A\Desktop\Combo-Fix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
PEV Error: AppFolder

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Favorites\_favdata.dat
c:\windows\system32\cthelper.exe

.
((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-11 20:50 . 2010-04-11 20:50 195584 ----a-w- c:\documents and settings\Edmund.EDMUND-43B7521A\Application Data\Sun\Java\Deployment\cache\6.0\5\27706285-7797bbc4-n\WMINative.dll
2010-04-09 04:42 . 2010-04-09 04:42 -------- d-----w- c:\program files\Trend Micro
2010-04-08 02:01 . 2010-04-08 02:01 -------- d-----w- c:\documents and settings\Edmund.EDMUND-43B7521A\Application Data\Malwarebytes
2010-04-08 02:00 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-08 02:00 . 2010-04-08 02:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-04-08 02:00 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-08 02:00 . 2010-04-08 02:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 05:33 . 2010-04-07 05:33 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\PrivacIE
2010-04-06 15:12 . 2010-04-06 15:12 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple Computer
2010-04-06 12:27 . 2010-04-06 12:27 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-06 08:42 . 2010-04-06 08:42 503808 ----a-w- c:\documents and settings\Edmund.EDMUND-43B7521A\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1a19c91e-n\msvcp71.dll
2010-04-06 08:42 . 2010-04-06 08:42 499712 ----a-w- c:\documents and settings\Edmund.EDMUND-43B7521A\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1a19c91e-n\jmc.dll
2010-04-06 08:42 . 2010-04-06 08:42 348160 ----a-w- c:\documents and settings\Edmund.EDMUND-43B7521A\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1a19c91e-n\msvcr71.dll
2010-04-06 08:42 . 2010-04-06 08:42 61440 ----a-w- c:\documents and settings\Edmund.EDMUND-43B7521A\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-63597708-n\decora-sse.dll
2010-04-06 08:42 . 2010-04-06 08:42 12800 ----a-w- c:\documents and settings\Edmund.EDMUND-43B7521A\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-63597708-n\decora-d3d.dll
2010-04-06 02:30 . 2010-04-06 02:30 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-04-05 06:07 . 2010-04-05 06:07 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2010-04-03 08:47 . 2010-04-03 08:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\IObit
2010-04-01 17:48 . 2010-04-01 17:48 49152 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-01 17:48 . 2010-04-01 17:48 45056 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-01 17:48 . 2010-04-01 17:48 45056 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-01 17:48 . 2010-04-01 17:48 45056 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-01 17:48 . 2010-04-01 17:48 45056 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-01 17:48 . 2010-04-01 17:48 308808 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-01 17:48 . 2010-04-01 17:48 14848 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-01 17:48 . 2010-04-01 17:48 40960 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-01 17:48 . 2010-04-01 17:48 341600 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-04-01 17:47 . 2010-04-01 17:47 -------- d-----w- c:\program files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 17:40 . 2009-07-06 03:38 54416 ----a-w- c:\windows\system32\drivers\sthdae.log
2010-04-10 13:43 . 2004-08-07 00:15 5888 ----a-w- c:\windows\system32\drivers\dmload.sys
2010-04-07 06:43 . 2004-08-04 02:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-07 04:59 . 2006-05-09 04:44 -------- d-----w- c:\program files\ESET
2010-04-06 08:42 . 2006-04-17 22:26 -------- d-----w- c:\program files\Common Files\Java
2010-04-06 08:41 . 2006-08-25 07:11 -------- d-----w- c:\program files\Java
2010-04-04 18:59 . 2006-05-09 05:03 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000003-00000000-00000003-00001102-00000004-20021102}.dat
2010-04-04 18:59 . 2006-05-09 05:03 384 ----a-w- c:\windows\system32\DVCState-{00000003-00000000-00000003-00001102-00000004-20021102}.dat
2010-04-01 17:47 . 2006-09-17 07:13 -------- d-----w- c:\program files\Real
2010-03-28 23:17 . 2006-05-21 08:11 -------- d-----w- c:\program files\PokerStars
2010-03-25 18:37 . 2009-11-23 08:14 79488 ----a-w- c:\documents and settings\Edmund.EDMUND-43B7521A\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-14 11:42 . 2010-02-15 01:29 -------- d-----w- c:\documents and settings\Edmund.EDMUND-43B7521A\Application Data\Skype
2010-03-14 08:03 . 2010-02-15 01:33 -------- d-----w- c:\documents and settings\Edmund.EDMUND-43B7521A\Application Data\skypePM
2010-03-09 11:28 . 2009-02-28 00:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-05 02:27 . 2010-03-05 02:26 -------- d-----w- c:\program files\PDFCreator
2010-02-25 06:24 . 2004-08-04 04:56 916480 ------w- c:\windows\system32\wininet.dll
2010-02-15 03:41 . 2009-02-08 08:49 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-15 02:54 . 2010-02-15 02:54 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PopCap
2010-02-15 01:33 . 2010-02-15 01:33 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-15 01:28 . 2010-02-15 01:28 -------- d-----r- c:\program files\Skype
2010-02-15 01:28 . 2010-02-15 01:28 -------- d-----w- c:\program files\Common Files\Skype
2010-02-15 01:28 . 2010-02-15 01:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2010-01-14 11:52 . 2009-11-23 19:18 36404 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-14 01:22 . 2006-05-21 06:57 43336 ----a-w- c:\documents and settings\Edmund.EDMUND-43B7521A\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-14 00:51 . 2010-01-14 00:51 193824 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2010-01-14 00:50 . 2010-01-14 00:50 416 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-04-07_05.54.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-11 17:41 . 2010-04-11 17:41 16384 c:\windows\Temp\Perflib_Perfdata_610.dat
- 2004-08-07 00:17 . 2010-04-06 15:59 91714 c:\windows\system32\perfc009.dat
+ 2004-08-07 00:17 . 2010-04-11 17:45 91714 c:\windows\system32\perfc009.dat
+ 2004-08-07 00:15 . 2010-04-10 13:43 5888 c:\windows\system32\dllcache\dmload.sys
- 2004-08-07 00:15 . 2004-08-07 00:15 5888 c:\windows\system32\dllcache\dmload.sys
+ 2004-08-07 00:17 . 2010-04-11 17:45 497668 c:\windows\system32\perfh009.dat
- 2004-08-07 00:17 . 2010-04-06 15:59 497668 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2004-04-27 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeadAIM"="c:\progra~1\AIM\\DeadAIM.ocm" [2004-02-28 144896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"PDUiP6220DMon"="c:\program files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe" [2005-05-07 69632]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-04-20 949376]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 36864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-01 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^BumpTop.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\BumpTop.lnk
backup=c:\windows\pss\BumpTop.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^VPN Dialer (OnStartup).lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\VPN Dialer (OnStartup).lnk
backup=c:\windows\pss\VPN Dialer (OnStartup).lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Edmund.EDMUND-43B7521A^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Edmund.EDMUND-43B7521A\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 08:00 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-09-17 17:43 57344 ----a-w- c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDTSysTrayApp]
2007-09-06 04:24 405504 ----a-w- c:\windows\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\medicsp2]
2008-02-01 21:47 198184 ----a-w- c:\program files\twc\medicsp2\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-03-09 22:29 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 08:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
2003-10-08 23:35 139264 ----a-w- c:\program files\Creative\MediaSource\RemoteControl\RcMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 03:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
2002-12-04 01:06 45056 ----a-w- c:\program files\Creative\SB Drive Det\SBDrvDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Creative Service for CDROM Access"=2 (0x2)
"CCALib8"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [4/19/2009 5:12 PM 15424]
R2 CVPNDRV;Cisco Systems Inc. IPSec Driver;c:\windows\system32\drivers\CVPNDrv.sys [3/26/2003 3:57 PM 267335]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [5/8/2006 9:52 PM 16168]
S2 gupdate1ca3b45a70bfe66;Google Update Service (gupdate1ca3b45a70bfe66);c:\program files\Google\Update\GoogleUpdate.exe [9/21/2009 10:29 PM 133104]
S2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [3/25/2008 7:35 PM 202280]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 5:28 PM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 3:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 5:28 PM 369688]
.
Contents of the 'Scheduled Tasks' folder

2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 19:34]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac6d1509cebea.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-22 05:29]

2010-04-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-412668190-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-04-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-412668190-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-04-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 05:18]
.
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
LSP: c:\windows\system32\imon.dll
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\Edmund.EDMUND-43B7521A\Application Data\Mozilla\Firefox\Profiles\rd1isj9k.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npActiveGS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 14:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x870FBAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7676f28
\Driver\ACPI -> ACPI.sys @ 0xf74e9cb8
\Driver\atapi -> atapi.sys @ 0xf747b852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Linksys Wireless-G PCI Network Adapter with SpeedBooster -> SendCompleteHandler -> NDIS.sys @ 0xf7374bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7363a0d
SendHandler -> NDIS.sys @ 0xf7377b40
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1284)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(1344)
c:\windows\system32\WININET.dll
.
Completion time: 2010-04-11 14:30:18
ComboFix-quarantined-files.txt 2010-04-11 21:30
ComboFix2.txt 2010-04-07 06:00

Pre-Run: 80,888,246,272 bytes free
Post-Run: 81,097,113,600 bytes free

- - End Of File - - 19BCAC71FC001B85AFE10AA69846B29C


Report •

Related Solutions

#4
April 11, 2010 at 15:22:23
HijackThis log also available if needed. My apologies if I was supposed to wait for you to ask before posting the attach log.

A scan with NOD32 found variants of the Win32/Kryptik.DPQ trojan. A previous scan a few days ago found variants of Win32/Kryptik.DMR


Report •


Ask Question