Promathia

Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 4036 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/26/2010 9:43:18 AM mbam-log-2010-04-26 (09-43-18).txt Scan type: Full scan (A:\|C:\|D:\|E:\|) Objects scanned: 213283 Time elapsed: 2 hour(s), 15 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Both reports here. All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\Software\Classes\.com\shell\open\command\\|"%1" %* /E : value set successfully! HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully! HKEY_LOCAL_MACHINE\Software\Classes\.exe\shell\open\command\\|"%1" %* /E : value set successfully! HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully! Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\Software\Classes\secfile\ deleted successfully. HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully! Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found. Registry key HKEY_USERS\S-1-5-18\Software\Classes\secfile\ not found. HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-255336526-3889853561-3648673452-1007_Classes\.exe\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-255336526-3889853561-3648673452-1007_Classes\exefile\ not found. HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temporary Internet Files folder emptied: 32768 bytes User: Administrator.DELL ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: All Users User: Daniel Briggs ->Temp folder emptied: 2141764314 bytes ->Temporary Internet Files folder emptied: 121670518 bytes ->Java cache emptied: 15365694 bytes ->FireFox cache emptied: 187929181 bytes ->Flash cache emptied: 1408159 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 21118368 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 41167 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1573266 bytes ->Java cache emptied: 1 bytes ->Flash cache emptied: 43805 bytes User: Owner %systemdrive% .tmp files removed: 2918629 bytes %systemroot% .tmp files removed: 219321 bytes %systemroot%\System32 .tmp files removed: 11078161 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 226526888 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23940876 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 370950 bytes RecycleBin emptied: 5078 bytes Total Files Cleaned = 2,628.00 mb OTL by OldTimer - Version 3.2.2.0 log created on 04262010_071533 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Daniel Briggs\Local Settings\Temp\Perflib_Perfdata_94.dat not found! Registry entries deleted on Reboot...

Things have been lots better. Here is OTL log OTL logfile created on: 4/25/2010 11:56:28 PM - Run 3 OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Daniel Briggs\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 510.00 Mb Total Physical Memory | 58.00 Mb Available Physical Memory | 11.00% Memory free 1.00 Gb Paging File | 0.00 Gb Available in Paging File | 38.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 33.70 Gb Total Space | 4.87 Gb Free Space | 14.46% Space Free | Partition Type: NTFS Drive D: | 6.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 0.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DELL Current User Name: Daniel Briggs Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/04/22 05:37:05 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Briggs\My Documents\Downloads\OTL.exe PRC - [2010/04/02 11:53:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/01/26 12:23:01 | 001,691,648 | ---- | M] (SQUARE ENIX CO., LTD.) -- C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe PRC - [2009/09/30 18:57:20 | 000,718,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe PRC - [2009/07/21 15:40:24 | 000,404,737 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\update.exe PRC - [2009/07/21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/03/02 14:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/06/09 00:23:50 | 000,208,896 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\KMWDSrv.exe PRC - [2007/06/08 11:19:22 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\KMCONFIG.exe PRC - [2007/05/25 05:38:20 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\lxdccoms.exe PRC - [2007/04/30 04:19:53 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 1300 Series\lxdcamon.exe PRC - [2007/04/04 11:30:40 | 000,327,680 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\KMProcess.exe PRC - [2007/03/06 14:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\StartAutorun.exe ========== Modules (SafeList) ========== MOD - [2010/04/22 05:37:05 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Briggs\My Documents\Downloads\OTL.exe MOD - [2008/09/13 02:01:20 | 000,061,440 | ---- | M] (SQUARE ENIX CO., LTD.) -- C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\polhook.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (Ventrilo) SRV - [2009/07/21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2007/06/09 00:23:50 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\KMWDSrv.exe -- (KMWDSERVICE) SRV - [2007/05/25 05:38:38 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe -- (lxdcCATSCustConnectService) SRV - [2007/05/25 05:38:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdccoms.exe -- (lxdc_device) SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2005/08/02 17:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) ========== Driver Services (SafeList) ========== DRV - [2009/12/07 13:29:49 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt) DRV - [2009/09/09 19:24:14 | 000,062,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\xusb21.sys -- (xusb21) DRV - [2009/05/11 11:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv) DRV - [2009/03/30 11:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb) DRV - [2009/02/13 13:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm) DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2007/09/06 06:15:22 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dvdmmg.sys -- (dvdmmg) DRV - [2007/03/29 15:00:16 | 000,017,024 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\KMWDFilter.SYS -- (KMWDFilter) DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv) DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2005/08/02 17:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF) DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4) DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3) DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4) DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3) DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1) DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0) DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0) DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1) DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2) DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x) DRV - [2004/08/04 01:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag) DRV - [2004/03/15 02:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa) DRV - [2004/03/15 02:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf) DRV - [2004/03/15 02:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs) DRV - [2004/03/15 02:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs) DRV - [2004/03/15 02:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio) DRV - [2004/03/15 02:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio) DRV - [2004/03/15 02:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool) DRV - [2004/03/15 02:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct) DRV - [2004/03/15 02:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres) DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52) DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51) DRV - [2004/03/05 23:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53) DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt) DRV - [2004/03/03 11:29:00 | 001,893,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv) DRV - [2004/02/27 03:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm) DRV - [2004/02/13 04:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb) DRV - [2004/01/14 20:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5) DRV - [2004/01/14 20:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln) DRV - [2003/05/23 13:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci) DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA) DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://music.yahoo.com/ IE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.fanfiction.net" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 11:53:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 16:10:24 | 000,000,000 | ---D | M] [2009/02/10 07:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Briggs\Application Data\Mozilla\Extensions [2010/04/25 03:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Briggs\Application Data\Mozilla\Firefox\Profiles\f4kqay7t.default\extensions [2009/09/03 06:14:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Daniel Briggs\Application Data\Mozilla\Firefox\Profiles\f4kqay7t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/02/10 07:47:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2010/04/21 18:49:22 | 000,393,698 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.163ns.com O1 - Hosts: 127.0.0.1 163ns.com O1 - Hosts: 13597 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found. O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\StartAutorun.exe KMConfig.exe File not found O4 - HKLM..\Run: [lxdcamon] C:\Program Files\Lexmark 1300 Series\lxdcamon.exe () O4 - HKLM..\Run: [lxdcmon.exe] C:\Program Files\Lexmark 1300 Series\lxdcmon.exe File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions) O4 - HKLM..\Run: [XboxStat] c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe File not found O4 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.) O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found O15 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004/08/10 08:00:00 | 000,588,800 | R--- | M] (Microsoft Corporation) - E:\autochk.exe -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = secfile] -- Reg Error: Value error. File not found O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found O37 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010/04/24 14:54:13 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Daniel Briggs\Desktop\TDSSKiller.exe [2010/04/23 04:39:26 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/04/23 04:38:32 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp [2010/04/11 15:58:35 | 000,000,000 | -HSD | C] -- C:\found.002 [2010/04/10 02:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities [2010/04/10 02:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities [2010/04/08 12:58:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/04/08 12:58:42 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/04/08 12:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2008/04/02 00:32:39 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcinpa.dll [2008/04/02 00:32:39 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDChcp.dll [2008/04/02 00:32:38 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcserv.dll [2008/04/02 00:32:38 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcusb1.dll [2008/04/02 00:32:38 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdciesc.dll [2008/04/02 00:32:37 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpmui.dll [2008/04/02 00:32:37 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdclmpm.dll [2008/04/02 00:32:37 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcprox.dll [2008/04/02 00:32:37 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpplc.dll [2008/04/02 00:32:36 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdchbn3.dll [2008/04/02 00:32:34 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomc.dll [2008/04/02 00:32:34 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomm.dll [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/04/25 20:27:07 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2010/04/25 20:27:06 | 000,003,731 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/04/25 20:26:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/04/25 20:26:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2010/04/25 20:26:21 | 534,843,392 | -HS- | M] () -- C:\hiberfil.sys [2010/04/25 20:23:23 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\Daniel Briggs\ntuser.dat [2010/04/25 20:22:49 | 004,313,256 | -H-- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\IconCache.db [2010/04/24 14:53:09 | 000,154,469 | ---- | M] () -- C:\Documents and Settings\Daniel Briggs\Desktop\tdsskiller.zip [2010/04/24 09:10:17 | 003,923,062 | R--- | M] () -- C:\Documents and Settings\Daniel Briggs\Desktop\ComboFix.exe [2010/04/24 07:13:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\NTUSER.INI [2010/04/22 05:39:03 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to OTL.exe.lnk [2010/04/22 05:38:59 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to fqd8vcj6.exe.lnk [2010/04/21 18:49:22 | 000,393,698 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS [2010/04/20 11:52:25 | 000,017,190 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4l2MhhmX3C [2010/04/17 05:14:05 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys [2010/04/16 03:33:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/04/16 03:30:27 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI [2010/04/15 19:06:52 | 000,004,726 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\21a34KM55vORW [2010/04/15 19:06:52 | 000,004,726 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\21a34KM55vORW [2010/04/15 19:04:22 | 000,004,778 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1052525308 [2010/04/15 19:04:21 | 000,004,778 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\1743246443 [2010/04/15 19:03:31 | 000,004,786 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1743246443 [2010/04/08 12:25:40 | 000,013,512 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\QsAgA3xk6 [2010/04/08 12:25:40 | 000,013,512 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\QsAgA3xk6 [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/04/24 14:52:21 | 000,154,469 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\Desktop\tdsskiller.zip [2010/04/24 09:10:17 | 003,923,062 | R--- | C] () -- C:\Documents and Settings\Daniel Briggs\Desktop\ComboFix.exe [2010/04/24 07:15:08 | 534,843,392 | -HS- | C] () -- C:\hiberfil.sys [2010/04/22 05:39:03 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to OTL.exe.lnk [2010/04/22 05:38:59 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to fqd8vcj6.exe.lnk [2010/04/20 07:51:45 | 000,017,190 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\4l2MhhmX3C [2010/04/20 07:51:45 | 000,017,190 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4l2MhhmX3C [2010/04/16 03:30:26 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010/04/15 19:03:56 | 000,004,778 | -HS- | C] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\1743246443 [2010/04/15 19:03:56 | 000,004,778 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1052525308 [2010/04/15 19:03:30 | 000,004,786 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1743246443 [2010/04/15 19:03:30 | 000,004,726 | -HS- | C] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\21a34KM55vORW [2010/04/15 19:02:12 | 000,012,714 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\21a34KM55vORW [2010/04/15 19:02:12 | 000,004,726 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\21a34KM55vORW [2010/04/08 12:23:37 | 000,013,512 | -HS- | C] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\QsAgA3xk6 [2010/04/08 12:14:55 | 000,013,512 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\QsAgA3xk6 [2010/04/08 12:14:55 | 000,002,396 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\QsAgA3xk6 [2010/04/07 09:02:21 | 006,291,456 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\ntuser.dat [2010/04/06 02:00:16 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\AttendanceApr.txt [2008/12/02 18:39:53 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2008/09/15 20:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/09/15 20:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008/09/15 20:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2008/09/15 20:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2008/04/02 00:45:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdcvs.dll [2008/04/02 00:45:26 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdccoin.dll [2008/04/02 00:33:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdcrwrd.ini [2008/04/02 00:32:39 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDCinst.dll [2008/04/02 00:32:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdcgrd.dll [2008/03/06 20:02:01 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2007/12/12 08:03:21 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2007/11/26 11:16:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Cover.INI [2007/11/26 11:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VMorpher.INI [2007/11/26 11:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VDVD.INI [2007/11/26 11:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\avvcnvrt.INI [2007/11/26 11:13:38 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AVFTP.INI [2007/09/06 06:15:22 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\dvdmmg.sys [2006/05/01 22:38:13 | 000,000,197 | ---- | C] () -- C:\WINDOWS\hpfsched.ini [2005/08/02 17:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2005/04/03 07:51:08 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2005/04/03 07:51:08 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2005/04/03 07:51:08 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2005/02/27 13:39:41 | 000,002,766 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini [2004/09/22 04:24:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/09/22 04:11:34 | 000,000,957 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004/09/22 03:58:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/09/22 03:58:41 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/09/22 03:32:50 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004/05/11 11:02:24 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI [2004/03/26 17:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2002/10/06 14:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2002/10/04 19:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2002/10/04 19:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2002/08/29 06:00:00 | 000,129,536 | ---- | C] () -- C:\WINDOWS\System32\ACLEDIT.DLL [2002/08/29 06:00:00 | 000,109,456 | ---- | C] () -- C:\WINDOWS\System32\AVIFILE.DLL [2002/08/29 06:00:00 | 000,069,584 | ---- | C] () -- C:\WINDOWS\System32\AVICAP.DLL < End of report >

GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-24 19:09:36 Windows 5.1.2600 Service Pack 3 Running: fqd8vcj6.exe; Driver: C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\pxtdapod.sys ---- System - GMER 1.0.15 ---- SSDT F8E0B026 ZwCreateKey SSDT F8E0B01C ZwCreateThread SSDT F8E0B02B ZwDeleteKey SSDT F8E0B035 ZwDeleteValueKey SSDT F8E0B03A ZwLoadKey SSDT F8E0B008 ZwOpenProcess SSDT F8E0B00D ZwOpenThread SSDT F8E0B044 ZwReplaceKey SSDT F8E0B03F ZwRestoreKey SSDT F8E0B030 ZwSetValueKey SSDT F8E0B017 ZwTerminateProcess ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[4044] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Fastfat \Fat F1A75D20 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- EOF - GMER 1.0.15 ----

Same problem with combofix. Still shows antivir as being up when not...and still same error/shutdown

14:54:40:750 2592 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04 14:54:40:750 2592 ================================================================================ 14:54:40:750 2592 SystemInfo: 14:54:40:750 2592 OS Version: 5.1.2600 ServicePack: 3.0 14:54:40:750 2592 Product type: Workstation 14:54:40:750 2592 ComputerName: DELL 14:54:40:750 2592 UserName: Daniel Briggs 14:54:40:750 2592 Windows directory: C:\WINDOWS 14:54:40:750 2592 Processor architecture: Intel x86 14:54:40:750 2592 Number of processors: 1 14:54:40:750 2592 Page size: 0x1000 14:54:40:765 2592 Boot type: Normal boot 14:54:40:765 2592 ================================================================================ 14:54:41:000 2592 UnloadDriverW: NtUnloadDriver error 2 14:54:41:000 2592 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 14:54:41:750 2592 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system 14:54:41:750 2592 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 14:54:41:750 2592 wfopen_ex: Trying to KLMD file open 14:54:41:750 2592 wfopen_ex: File opened ok (Flags 2) 14:54:41:750 2592 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software 14:54:41:750 2592 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 14:54:41:750 2592 wfopen_ex: Trying to KLMD file open 14:54:41:750 2592 wfopen_ex: File opened ok (Flags 2) 14:54:41:750 2592 Initialize success 14:54:41:750 2592 14:54:41:765 2592 Scanning Services ... 14:54:43:015 2592 Raw services enum returned 361 services 14:54:43:015 2592 14:54:43:031 2592 Scanning Kernel memory ... 14:54:43:031 2592 Devices to scan: 4 14:54:43:031 2592 14:54:43:031 2592 Driver Name: Disk 14:54:43:031 2592 IRP_MJ_CREATE : F877EBB0 14:54:43:031 2592 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E 14:54:43:031 2592 IRP_MJ_CLOSE : F877EBB0 14:54:43:031 2592 IRP_MJ_READ : F8778D1F 14:54:43:031 2592 IRP_MJ_WRITE : F8778D1F 14:54:43:031 2592 IRP_MJ_QUERY_INFORMATION : 804FA88E 14:54:43:031 2592 IRP_MJ_SET_INFORMATION : 804FA88E 14:54:43:031 2592 IRP_MJ_QUERY_EA : 804FA88E 14:54:43:031 2592 IRP_MJ_SET_EA : 804FA88E 14:54:43:031 2592 IRP_MJ_FLUSH_BUFFERS : F87792E2 14:54:43:031 2592 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E 14:54:43:031 2592 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E 14:54:43:031 2592 IRP_MJ_DIRECTORY_CONTROL : 804FA88E 14:54:43:031 2592 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E 14:54:43:031 2592 IRP_MJ_DEVICE_CONTROL : F87793BB 14:54:43:031 2592 IRP_MJ_INTERNAL_DEVICE_CONTROL : F877CF28 14:54:43:031 2592 IRP_MJ_SHUTDOWN : F87792E2 14:54:43:031 2592 IRP_MJ_LOCK_CONTROL : 804FA88E 14:54:43:031 2592 IRP_MJ_CLEANUP : 804FA88E 14:54:43:031 2592 IRP_MJ_CREATE_MAILSLOT : 804FA88E 14:54:43:031 2592 IRP_MJ_QUERY_SECURITY : 804FA88E 14:54:43:031 2592 IRP_MJ_SET_SECURITY : 804FA88E 14:54:43:031 2592 IRP_MJ_POWER : F877AC82 14:54:43:031 2592 IRP_MJ_SYSTEM_CONTROL : F877F99E 14:54:43:031 2592 IRP_MJ_DEVICE_CHANGE : 804FA88E 14:54:43:031 2592 IRP_MJ_QUERY_QUOTA : 804FA88E 14:54:43:031 2592 IRP_MJ_SET_QUOTA : 804FA88E 14:54:43:078 2592 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1 14:54:43:078 2592 14:54:43:078 2592 Driver Name: Disk 14:54:43:078 2592 IRP_MJ_CREATE : F877EBB0 14:54:43:078 2592 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E 14:54:43:078 2592 IRP_MJ_CLOSE : F877EBB0 14:54:43:078 2592 IRP_MJ_READ : F8778D1F 14:54:43:078 2592 IRP_MJ_WRITE : F8778D1F 14:54:43:078 2592 IRP_MJ_QUERY_INFORMATION : 804FA88E 14:54:43:078 2592 IRP_MJ_SET_INFORMATION : 804FA88E 14:54:43:078 2592 IRP_MJ_QUERY_EA : 804FA88E 14:54:43:078 2592 IRP_MJ_SET_EA : 804FA88E 14:54:43:078 2592 IRP_MJ_FLUSH_BUFFERS : F87792E2 14:54:43:078 2592 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E 14:54:43:078 2592 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E 14:54:43:078 2592 IRP_MJ_DIRECTORY_CONTROL : 804FA88E 14:54:43:078 2592 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E 14:54:43:078 2592 IRP_MJ_DEVICE_CONTROL : F87793BB 14:54:43:078 2592 IRP_MJ_INTERNAL_DEVICE_CONTROL : F877CF28 14:54:43:078 2592 IRP_MJ_SHUTDOWN : F87792E2 14:54:43:078 2592 IRP_MJ_LOCK_CONTROL : 804FA88E 14:54:43:078 2592 IRP_MJ_CLEANUP : 804FA88E 14:54:43:078 2592 IRP_MJ_CREATE_MAILSLOT : 804FA88E 14:54:43:078 2592 IRP_MJ_QUERY_SECURITY : 804FA88E 14:54:43:078 2592 IRP_MJ_SET_SECURITY : 804FA88E 14:54:43:078 2592 IRP_MJ_POWER : F877AC82 14:54:43:078 2592 IRP_MJ_SYSTEM_CONTROL : F877F99E 14:54:43:078 2592 IRP_MJ_DEVICE_CHANGE : 804FA88E 14:54:43:078 2592 IRP_MJ_QUERY_QUOTA : 804FA88E 14:54:43:078 2592 IRP_MJ_SET_QUOTA : 804FA88E 14:54:43:250 2592 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1 14:54:43:250 2592 14:54:43:250 2592 Driver Name: Disk 14:54:43:250 2592 IRP_MJ_CREATE : F877EBB0 14:54:43:250 2592 IRP_MJ_CREATE_NAMED_PIPE : 804FA88E 14:54:43:250 2592 IRP_MJ_CLOSE : F877EBB0 14:54:43:250 2592 IRP_MJ_READ : F8778D1F 14:54:43:250 2592 IRP_MJ_WRITE : F8778D1F 14:54:43:250 2592 IRP_MJ_QUERY_INFORMATION : 804FA88E 14:54:43:250 2592 IRP_MJ_SET_INFORMATION : 804FA88E 14:54:43:250 2592 IRP_MJ_QUERY_EA : 804FA88E 14:54:43:250 2592 IRP_MJ_SET_EA : 804FA88E 14:54:43:250 2592 IRP_MJ_FLUSH_BUFFERS : F87792E2 14:54:43:250 2592 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA88E 14:54:43:250 2592 IRP_MJ_SET_VOLUME_INFORMATION : 804FA88E 14:54:43:250 2592 IRP_MJ_DIRECTORY_CONTROL : 804FA88E 14:54:43:250 2592 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA88E 14:54:43:250 2592 IRP_MJ_DEVICE_CONTROL : F87793BB 14:54:43:250 2592 IRP_MJ_INTERNAL_DEVICE_CONTROL : F877CF28 14:54:43:250 2592 IRP_MJ_SHUTDOWN : F87792E2 14:54:43:250 2592 IRP_MJ_LOCK_CONTROL : 804FA88E 14:54:43:250 2592 IRP_MJ_CLEANUP : 804FA88E 14:54:43:250 2592 IRP_MJ_CREATE_MAILSLOT : 804FA88E 14:54:43:250 2592 IRP_MJ_QUERY_SECURITY : 804FA88E 14:54:43:250 2592 IRP_MJ_SET_SECURITY : 804FA88E 14:54:43:250 2592 IRP_MJ_POWER : F877AC82 14:54:43:250 2592 IRP_MJ_SYSTEM_CONTROL : F877F99E 14:54:43:250 2592 IRP_MJ_DEVICE_CHANGE : 804FA88E 14:54:43:250 2592 IRP_MJ_QUERY_QUOTA : 804FA88E 14:54:43:250 2592 IRP_MJ_SET_QUOTA : 804FA88E 14:54:43:265 2592 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1 14:54:43:265 2592 14:54:43:265 2592 Driver Name: atapi 14:54:43:265 2592 IRP_MJ_CREATE : 832EEB4C 14:54:43:265 2592 IRP_MJ_CREATE_NAMED_PIPE : 832EEB4C 14:54:43:265 2592 IRP_MJ_CLOSE : 832EEB4C 14:54:43:265 2592 IRP_MJ_READ : 832EEB4C 14:54:43:265 2592 IRP_MJ_WRITE : 832EEB4C 14:54:43:265 2592 IRP_MJ_QUERY_INFORMATION : 832EEB4C 14:54:43:265 2592 IRP_MJ_SET_INFORMATION : 832EEB4C 14:54:43:265 2592 IRP_MJ_QUERY_EA : 832EEB4C 14:54:43:265 2592 IRP_MJ_SET_EA : 832EEB4C 14:54:43:265 2592 IRP_MJ_FLUSH_BUFFERS : 832EEB4C 14:54:43:265 2592 IRP_MJ_QUERY_VOLUME_INFORMATION : 832EEB4C 14:54:43:265 2592 IRP_MJ_SET_VOLUME_INFORMATION : 832EEB4C 14:54:43:265 2592 IRP_MJ_DIRECTORY_CONTROL : 832EEB4C 14:54:43:265 2592 IRP_MJ_FILE_SYSTEM_CONTROL : 832EEB4C 14:54:43:265 2592 IRP_MJ_DEVICE_CONTROL : 832EEB4C 14:54:43:265 2592 IRP_MJ_INTERNAL_DEVICE_CONTROL : 832EEB4C 14:54:43:265 2592 IRP_MJ_SHUTDOWN : 832EEB4C 14:54:43:265 2592 IRP_MJ_LOCK_CONTROL : 832EEB4C 14:54:43:265 2592 IRP_MJ_CLEANUP : 832EEB4C 14:54:43:265 2592 IRP_MJ_CREATE_MAILSLOT : 832EEB4C 14:54:43:265 2592 IRP_MJ_QUERY_SECURITY : 832EEB4C 14:54:43:265 2592 IRP_MJ_SET_SECURITY : 832EEB4C 14:54:43:265 2592 IRP_MJ_POWER : 832EEB4C 14:54:43:265 2592 IRP_MJ_SYSTEM_CONTROL : 832EEB4C 14:54:43:265 2592 IRP_MJ_DEVICE_CHANGE : 832EEB4C 14:54:43:265 2592 IRP_MJ_QUERY_QUOTA : 832EEB4C 14:54:43:265 2592 IRP_MJ_SET_QUOTA : 832EEB4C 14:54:43:265 2592 Driver "atapi" infected by TDSS rootkit! 14:54:43:265 2592 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1 14:54:43:265 2592 File "C:\WINDOWS\system32\DRIVERS\atapi.sys" infected by TDSS rootkit ... 14:54:43:281 2592 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys 14:54:43:281 2592 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3 14:54:43:640 2592 vfvi6 14:54:43:859 2592 !dsvbh1 14:54:47:093 2592 dsvbh2 14:54:47:093 2592 fdfb2 14:54:47:093 2592 Backup copy found, using it.. 14:54:47:328 2592 will be cured on next reboot 14:54:47:343 2592 Reboot required for cure complete.. 14:54:47:406 2592 Cure on reboot scheduled successfully 14:54:47:406 2592 14:54:47:406 2592 Completed 14:54:47:406 2592 14:54:47:406 2592 Results: 14:54:47:406 2592 Memory objects infected / cured / cured on reboot: 1 / 0 / 0 14:54:47:406 2592 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 14:54:47:406 2592 File objects infected / cured / cured on reboot: 1 / 0 / 1 14:54:47:406 2592 14:54:47:406 2592 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system 14:54:47:406 2592 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software 14:54:47:406 2592 UnloadDriverW: NtUnloadDriver error 1 14:54:47:406 2592 KLMD(ARK) unloaded successfully

Same Deal...Deleted and Redownloaded, Tried in regular and safe mode and get same error...says can't run because of antivir then when I try to just hit ok and go by gives that error then shuts down

Same problem in safe mode. Says Antivir is running when it doesn't seem to be then same not in correct place error.

When I tried to run ComboFix Would say that I had my antivirus up even when I'd closed the umbrella as it were...when I then tried to run got an error stating C:\32788r~1 not in correct place inform sUBs now.

OTL Extras logfile created on: 4/22/2010 5:38:00 AM - Run 1 OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Daniel Briggs\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 510.00 Mb Total Physical Memory | 140.00 Mb Available Physical Memory | 27.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 33.70 Gb Total Space | 4.90 Gb Free Space | 14.55% Space Free | Partition Type: NTFS Drive D: | 6.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 0.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DELL Current User Name: Daniel Briggs Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .exe [@ = secfile] -- Reg Error: Value error. File not found [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>] .exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>] .exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found [HKEY_USERS\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusOverride" = 1 "FirewallOverride" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found "C:\Program Files\Lexmark 1300 Series\app4r.exe" = C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:Lexmark Imaging Studio -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found "C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found "C:\Program Files\Warcraft III\war3.exe" = C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III -- File not found "C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- File not found "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- File not found "C:\Program Files\Warcraft III1.20Replay\Warcraft III.exe" = C:\Program Files\Warcraft III1.20Replay\Warcraft III.exe:*:Enabled:Warcraft III -- File not found "C:\Program Files\Warcraft III 1.21\Warcraft III.exe" = C:\Program Files\Warcraft III 1.21\Warcraft III.exe:*:Enabled:Warcraft III -- File not found "C:\Program Files\Warcraft IIIOldVersion\Warcraft III.exe" = C:\Program Files\Warcraft IIIOldVersion\Warcraft III.exe:*:Enabled:Warcraft III -- File not found "C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe" = C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe:*:Enabled:PlayOnline Viewer -- (SQUARE ENIX CO., LTD.) "C:\Program Files\Teamspeak2_RC2\server_windows.exe" = C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server -- File not found "C:\WINDOWS\SYSTEM32\lxdccoms.exe" = C:\WINDOWS\SYSTEM32\lxdccoms.exe:*:Enabled:Lexmark Communications System -- ( ) "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" = C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Enabled:Lexmark Device Monitor -- () "C:\Program Files\Lexmark 1300 Series\App4R.exe" = C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- () "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- () "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcpswx.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcpswx.exe:*:Enabled: -- () "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcjswx.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcjswx.exe:*:Enabled: -- () "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdctime.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdctime.exe:*:Enabled: -- (Lexmark International, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004 "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9 "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold "{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer and Tetra Master "{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess "{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI "{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide "{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition "{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack "{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}" = EarthLink Setup Files "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan "{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2 "{F3851216-07F7-4D04-9820-660C889F4C33}" = Multimedia Keyboard Driver "{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AV DVD Player Morpher" = AV DVD Player Morpher "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver "ffdshow" = ffdshow (remove only) "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia "InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer and Tetra Master "InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess "InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI "InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart "InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs "InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan "InstallShield_{F3851216-07F7-4D04-9820-660C889F4C33}" = Multimedia Keyboard Driver "Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem "Lexmark 1300 Series" = Lexmark 1300 Series "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSN Music Assistant" = MSN Music Assistant "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Display Driver" = NVIDIA Display Driver "OggDS" = Direct Show Ogg Vorbis Filter (remove only) "QuickTime" = QuickTime "Shockwave" = Shockwave "SimCity2000CDv1" = SimCity 2000

I don't think I gave you both OTL files... Here's Extra.txt again OTL Extras logfile created on: 4/22/2010 5:38:00 AM - Run 1 OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Daniel Briggs\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 510.00 Mb Total Physical Memory | 140.00 Mb Available Physical Memory | 27.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 33.70 Gb Total Space | 4.90 Gb Free Space | 14.55% Space Free | Partition Type: NTFS Drive D: | 6.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 0.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DELL Current User Name: Daniel Briggs Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .exe [@ = secfile] -- Reg Error: Value error. File not found [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>] .exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>] .exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found [HKEY_USERS\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusOverride" = 1 "FirewallOverride" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found "C:\Program Files\Lexmark 1300 Series\app4r.exe" = C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:Lexmark Imaging Studio -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found "C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found "C:\Program Files\Warcraft III\war3.exe" = C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III -- File not found "C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- File not found "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- File not found "C:\Program Files\Warcraft III1.20Replay\Warcraft III.exe" = C:\Program Files\Warcraft III1.20Replay\Warcraft III.exe:*:Enabled:Warcraft III -- File not found "C:\Program Files\Warcraft III 1.21\Warcraft III.exe" = C:\Program Files\Warcraft III 1.21\Warcraft III.exe:*:Enabled:Warcraft III -- File not found "C:\Program Files\Warcraft IIIOldVersion\Warcraft III.exe" = C:\Program Files\Warcraft IIIOldVersion\Warcraft III.exe:*:Enabled:Warcraft III -- File not found "C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe" = C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe:*:Enabled:PlayOnline Viewer -- (SQUARE ENIX CO., LTD.) "C:\Program Files\Teamspeak2_RC2\server_windows.exe" = C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server -- File not found "C:\WINDOWS\SYSTEM32\lxdccoms.exe" = C:\WINDOWS\SYSTEM32\lxdccoms.exe:*:Enabled:Lexmark Communications System -- ( ) "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" = C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Enabled:Lexmark Device Monitor -- () "C:\Program Files\Lexmark 1300 Series\App4R.exe" = C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- () "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- () "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcpswx.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcpswx.exe:*:Enabled: -- () "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcjswx.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcjswx.exe:*:Enabled: -- () "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdctime.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdctime.exe:*:Enabled: -- (Lexmark International, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004 "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9 "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold "{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer and Tetra Master "{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess "{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI "{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide "{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition "{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack "{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}" = EarthLink Setup Files "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan "{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2 "{F3851216-07F7-4D04-9820-660C889F4C33}" = Multimedia Keyboard Driver "{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AV DVD Player Morpher" = AV DVD Player Morpher "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver "ffdshow" = ffdshow (remove only) "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia "InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer and Tetra Master "InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess "InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI "InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart "InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs "InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan "InstallShield_{F3851216-07F7-4D04-9820-660C889F4C33}" = Multimedia Keyboard Driver "Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem "Lexmark 1300 Series" = Lexmark 1300 Series "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSN Music Assistant" = MSN Music Assistant "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Display Driver" = NVIDIA Display Driver "OggDS" = Direct Show Ogg Vorbis Filter (remove only) "QuickTime" = QuickTime "Shockwave" = Shockwave "SimCity2000CDv1" = SimCity 2000

GMER File next GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-22 08:07:50 Windows 5.1.2600 Service Pack 3 Running: fqd8vcj6.exe; Driver: C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\pxtdapod.sys ---- System - GMER 1.0.15 ---- SSDT F8DED1FE ZwCreateKey SSDT F8DED1F4 ZwCreateThread SSDT F8DED203 ZwDeleteKey SSDT F8DED20D ZwDeleteValueKey SSDT F8DED212 ZwLoadKey SSDT F8DED1E0 ZwOpenProcess SSDT F8DED1E5 ZwOpenThread SSDT F8DED21C ZwReplaceKey SSDT F8DED217 ZwRestoreKey SSDT F8DED208 ZwSetValueKey SSDT F8DED1EF ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF86B7794] ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C .text C:\WINDOWS\System32\svchost.exe[1120] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0595000A .text C:\WINDOWS\System32\svchost.exe[1120] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0594000A .text C:\WINDOWS\Explorer.EXE[1860] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A .text C:\WINDOWS\Explorer.EXE[1860] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A .text C:\WINDOWS\Explorer.EXE[1860] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C .text C:\Program Files\Mozilla Firefox\firefox.exe[3076] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0131000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3076] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0132000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3076] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0130000C ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device -> \Driver\atapi \Device\Harddisk0\DR0 832EEB4C ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ----

Alright here We go First the logs from OTL OTL logfile created on: 4/22/2010 5:38:00 AM - Run 1 OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Daniel Briggs\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 510.00 Mb Total Physical Memory | 140.00 Mb Available Physical Memory | 27.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 33.70 Gb Total Space | 4.90 Gb Free Space | 14.55% Space Free | Partition Type: NTFS Drive D: | 6.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 0.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DELL Current User Name: Daniel Briggs Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/04/22 05:37:05 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Briggs\My Documents\Downloads\OTL.exe PRC - [2010/04/02 11:53:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/01/26 12:23:01 | 001,691,648 | ---- | M] (SQUARE ENIX CO., LTD.) -- C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe PRC - [2009/07/21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009/03/02 14:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2009/02/03 11:32:28 | 003,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Daniel Briggs\Desktop\procexp.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/05/25 05:38:20 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\lxdccoms.exe ========== Modules (SafeList) ========== MOD - [2010/04/22 05:37:05 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Briggs\My Documents\Downloads\OTL.exe MOD - [2008/09/13 02:01:20 | 000,061,440 | ---- | M] (SQUARE ENIX CO., LTD.) -- C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\polhook.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (Ventrilo) SRV - [2009/07/21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2007/06/09 00:23:50 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Stopped] -- C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\KMWDSrv.exe -- (KMWDSERVICE) SRV - [2007/05/25 05:38:38 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe -- (lxdcCATSCustConnectService) SRV - [2007/05/25 05:38:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdccoms.exe -- (lxdc_device) SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2005/08/02 17:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) ========== Driver Services (SafeList) ========== DRV - [2009/12/07 13:29:49 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt) DRV - [2009/09/09 19:24:14 | 000,062,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\xusb21.sys -- (xusb21) DRV - [2009/05/11 11:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv) DRV - [2009/03/30 11:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb) DRV - [2009/02/13 13:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys -- (nm) DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2007/09/06 06:15:22 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dvdmmg.sys -- (dvdmmg) DRV - [2007/03/29 15:00:16 | 000,017,024 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\KMWDFilter.SYS -- (KMWDFilter) DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv) DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2005/08/02 17:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF) DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4) DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3) DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4) DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3) DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1) DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0) DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0) DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1) DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2) DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x) DRV - [2004/08/04 01:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag) DRV - [2004/03/15 02:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa) DRV - [2004/03/15 02:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf) DRV - [2004/03/15 02:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs) DRV - [2004/03/15 02:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs) DRV - [2004/03/15 02:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio) DRV - [2004/03/15 02:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio) DRV - [2004/03/15 02:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool) DRV - [2004/03/15 02:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct) DRV - [2004/03/15 02:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres) DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52) DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51) DRV - [2004/03/05 23:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53) DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt) DRV - [2004/03/03 11:29:00 | 001,893,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv) DRV - [2004/02/27 03:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm) DRV - [2004/02/13 04:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb) DRV - [2004/01/14 20:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5) DRV - [2004/01/14 20:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln) DRV - [2003/05/23 13:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci) DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA) DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://music.yahoo.com/ IE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.fanfiction.net" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 11:53:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 16:10:24 | 000,000,000 | ---D | M] [2009/02/10 07:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Briggs\Application Data\Mozilla\Extensions [2010/04/22 03:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Briggs\Application Data\Mozilla\Firefox\Profiles\f4kqay7t.default\extensions [2009/09/03 06:14:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Daniel Briggs\Application Data\Mozilla\Firefox\Profiles\f4kqay7t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/02/10 07:47:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2010/04/21 18:49:22 | 000,393,698 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.163ns.com O1 - Hosts: 127.0.0.1 163ns.com O1 - Hosts: 13597 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Micro Innovations\Multimedia Keyboard Driver\StartAutorun.exe KMConfig.exe File not found O4 - HKLM..\Run: [lxdcamon] C:\Program Files\Lexmark 1300 Series\lxdcamon.exe () O4 - HKLM..\Run: [lxdcmon.exe] C:\Program Files\Lexmark 1300 Series\lxdcmon.exe File not found O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions) O4 - HKLM..\Run: [XboxStat] c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe File not found O4 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.) O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O15 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004/08/10 08:00:00 | 000,588,800 | R--- | M] (Microsoft Corporation) - E:\autochk.exe -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = secfile] -- Reg Error: Value error. File not found O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found O37 - HKU\S-1-5-21-255336526-3889853561-3648673452-1007\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010/04/22 03:01:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2010/04/11 15:58:35 | 000,000,000 | -HSD | C] -- C:\found.002 [2010/04/10 02:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities [2010/04/10 02:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities [2010/04/08 12:58:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/04/08 12:58:42 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/04/08 12:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/03/25 14:15:40 | 008,351,672 | ---- | C] (Mozilla) -- C:\Documents and Settings\Daniel Briggs\Desktop\Firefox Setup 3.6.2.exe [2008/04/02 00:32:39 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcinpa.dll [2008/04/02 00:32:39 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDChcp.dll [2008/04/02 00:32:38 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcserv.dll [2008/04/02 00:32:38 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcusb1.dll [2008/04/02 00:32:38 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdciesc.dll [2008/04/02 00:32:37 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpmui.dll [2008/04/02 00:32:37 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdclmpm.dll [2008/04/02 00:32:37 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcprox.dll [2008/04/02 00:32:37 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdcpplc.dll [2008/04/02 00:32:36 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdchbn3.dll [2008/04/02 00:32:34 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomc.dll [2008/04/02 00:32:34 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdccomm.dll [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/04/22 05:39:03 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to OTL.exe.lnk [2010/04/22 05:38:59 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to fqd8vcj6.exe.lnk [2010/04/22 02:56:32 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2010/04/22 02:54:07 | 000,003,731 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/04/22 02:53:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/04/22 02:53:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2010/04/22 02:53:47 | 534,843,392 | -HS- | M] () -- C:\hiberfil.sys [2010/04/22 02:52:33 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\Daniel Briggs\ntuser.dat [2010/04/21 18:49:22 | 000,393,698 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS [2010/04/21 17:21:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\NTUSER.INI [2010/04/21 17:21:25 | 004,240,656 | -H-- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\IconCache.db [2010/04/20 11:52:25 | 000,017,190 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4l2MhhmX3C [2010/04/17 05:14:05 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys [2010/04/16 03:33:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/04/16 03:30:27 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI [2010/04/15 19:06:52 | 000,004,726 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\21a34KM55vORW [2010/04/15 19:06:52 | 000,004,726 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\21a34KM55vORW [2010/04/15 19:04:22 | 000,004,778 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1052525308 [2010/04/15 19:04:21 | 000,004,778 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\1743246443 [2010/04/15 19:03:31 | 000,004,786 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1743246443 [2010/04/08 12:25:40 | 000,013,512 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\QsAgA3xk6 [2010/04/08 12:25:40 | 000,013,512 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\QsAgA3xk6 [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/03/25 14:17:06 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/03/25 14:16:26 | 008,351,672 | ---- | M] (Mozilla) -- C:\Documents and Settings\Daniel Briggs\Desktop\Firefox Setup 3.6.2.exe [2010/03/25 12:33:57 | 000,017,170 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2Q757bFxJ7S [2010/03/25 12:33:56 | 000,017,170 | -HS- | M] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\2Q757bFxJ7S [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/04/22 05:39:03 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to OTL.exe.lnk [2010/04/22 05:38:59 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\Desktop\Shortcut to fqd8vcj6.exe.lnk [2010/04/21 18:38:56 | 534,843,392 | -HS- | C] () -- C:\hiberfil.sys [2010/04/20 07:51:45 | 000,017,190 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\4l2MhhmX3C [2010/04/20 07:51:45 | 000,017,190 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4l2MhhmX3C [2010/04/16 03:30:26 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010/04/15 19:03:56 | 000,004,778 | -HS- | C] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\1743246443 [2010/04/15 19:03:56 | 000,004,778 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1052525308 [2010/04/15 19:03:30 | 000,004,786 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1743246443 [2010/04/15 19:03:30 | 000,004,726 | -HS- | C] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\21a34KM55vORW [2010/04/15 19:02:12 | 000,012,714 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\21a34KM55vORW [2010/04/15 19:02:12 | 000,004,726 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\21a34KM55vORW [2010/04/08 12:23:37 | 000,013,512 | -HS- | C] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\QsAgA3xk6 [2010/04/08 12:14:55 | 000,013,512 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\QsAgA3xk6 [2010/04/08 12:14:55 | 000,002,396 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\QsAgA3xk6 [2010/04/07 09:02:21 | 006,291,456 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\ntuser.dat [2010/04/06 02:00:16 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\Daniel Briggs\AttendanceApr.txt [2010/03/25 14:17:06 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/03/25 12:21:47 | 000,017,170 | -HS- | C] () -- C:\Documents and Settings\Daniel Briggs\Local Settings\Application Data\2Q757bFxJ7S [2010/03/25 12:11:11 | 000,017,230 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\2Q757bFxJ7S [2010/03/25 12:11:11 | 000,017,170 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2Q757bFxJ7S [2008/12/02 18:39:53 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2008/09/15 20:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/09/15 20:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008/09/15 20:12:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2008/09/15 20:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2008/04/02 00:45:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdcvs.dll [2008/04/02 00:45:26 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdccoin.dll [2008/04/02 00:33:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdcrwrd.ini [2008/04/02 00:32:39 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDCinst.dll [2008/04/02 00:32:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdcgrd.dll [2008/03/06 20:02:01 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2007/12/12 08:03:21 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2007/11/26 11:16:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Cover.INI [2007/11/26 11:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VMorpher.INI [2007/11/26 11:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VDVD.INI [2007/11/26 11:16:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\avvcnvrt.INI [2007/11/26 11:13:38 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AVFTP.INI [2007/09/06 06:15:22 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\dvdmmg.sys [2006/05/01 22:38:13 | 000,000,197 | ---- | C] () -- C:\WINDOWS\hpfsched.ini [2005/08/02 17:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2005/04/03 07:51:08 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2005/04/03 07:51:08 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2005/04/03 07:51:08 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2005/02/27 13:39:41 | 000,002,766 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini [2004/09/22 04:24:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/09/22 04:11:34 | 000,000,957 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004/09/22 03:58:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/09/22 03:58:41 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/09/22 03:32:50 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004/05/11 11:02:24 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI [2004/03/26 17:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2002/10/06 14:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2002/10/04 19:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2002/10/04 19:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2002/08/29 06:00:00 | 000,129,536 | ---- | C] () -- C:\WINDOWS\System32\ACLEDIT.DLL [2002/08/29 06:00:00 | 000,109,456 | ---- | C] () -- C:\WINDOWS\System32\AVIFILE.DLL [2002/08/29 06:00:00 | 000,069,584 | ---- | C] () -- C:\WINDOWS\System32\AVICAP.DLL < End of report > OTL Extras logfile created on: 4/22/2010 5:38:00 AM - Run 1 OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Daniel Briggs\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 510.00 Mb Total Physical Memory | 140.00 Mb Available Physical Memory | 27.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 33.70 Gb Total Space | 4.90 Gb Free Space | 14.55% Space Free | Partition Type: NTFS Drive D: | 6.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 0.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DELL Current User Name: Daniel Briggs Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .exe [@ = secfile] -- Reg Error: Value error. File not found [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>] .exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>] .exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found [HKEY_USERS\S-1-5-21-255336526-3889853561-3648673452-1007\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusOverride" = 1 "FirewallOverride" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found "C:\Program Files\Lexmark 1300 Series\app4r.exe" = C:\Program Files\Lexmark 1300 Series\app4r.exe:*:Enabled:Lexmark Imaging Studio -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found "C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found "C:\Program Files\Warcraft III\war3.exe" = C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III -- File not found "C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- File not found "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- File not found "C:\Program Files\Warcraft III1.20Replay\Warcraft III.exe" = C:\Program Files\Warcraft III1.20Replay\Warcraft III.exe:*:Enabled:Warcraft III -- File not found "C:\Program Files\Warcraft III 1.21\Warcraft III.exe" = C:\Program Files\Warcraft III 1.21\Warcraft III.exe:*:Enabled:Warcraft III -- File not found "C:\Program Files\Warcraft IIIOldVersion\Warcraft III.exe" = C:\Program Files\Warcraft IIIOldVersion\Warcraft III.exe:*:Enabled:Warcraft III -- File not found "C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe" = C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe:*:Enabled:PlayOnline Viewer -- (SQUARE ENIX CO., LTD.) "C:\Program Files\Teamspeak2_RC2\server_windows.exe" = C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server -- File not found "C:\WINDOWS\SYSTEM32\lxdccoms.exe" = C:\WINDOWS\SYSTEM32\lxdccoms.exe:*:Enabled:Lexmark Communications System -- ( ) "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" = C:\Program Files\Lexmark 1300 Series\lxdcamon.exe:*:Enabled:Lexmark Device Monitor -- () "C:\Program Files\Lexmark 1300 Series\App4R.exe" = C:\Program Files\Lexmark 1300 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- () "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- () "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcpswx.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcpswx.exe:*:Enabled: -- () "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcjswx.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdcjswx.exe:*:Enabled: -- () "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdctime.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdctime.exe:*:Enabled: -- (Lexmark International, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004 "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9 "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold "{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer and Tetra Master "{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess "{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI "{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide "{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition "{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack "{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}" = EarthLink Setup Files "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan "{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2 "{F3851216-07F7-4D04-9820-660C889F4C33}" = Multimedia Keyboard Driver "{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AV DVD Player Morpher" = AV DVD Player Morpher "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver "ffdshow" = ffdshow (remove only) "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia "InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer and Tetra Master "InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess "InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI "InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart "InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs "InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan "InstallShield_{F3851216-07F7-4D04-9820-660C889F4C33}" = Multimedia Keyboard Driver "Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem "Lexmark 1300 Series" = Lexmark 1300 Series "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSN Music Assistant" = MSN Music Assistant "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Display Driver" = NVIDIA Display Driver "OggDS" = Direct Show Ogg Vorbis Filter (remove only) "QuickTime" = QuickTime "Shockwave" = Shockwave "SimCity2000CDv1" = SimCity 2000

XP Security Virus been on my PC for a week or two...can't seem to get rid of it. Every time I remove it with malwarebytes seems to come back in a few weeks. Help