Jump to content

riderofrohan8

Members
  • Posts

    16
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you so, so much for all your help! Everything's working great. Thank you!!
  2. I'm so sorry, I had a bit of a family emergency and no internet access. Thank you for your patience, here's the results from ESetScan. C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1\Application Data\4E51CD42BDB6676DED448829AB823145\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
  3. Thank you so much for your help, I can't tell you how much I appreciate this! The computer seems to be working well, is it safe to connect to the internet again? Is there anything I can do to safeguard from rootkits in the future? Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5039 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/16/2010 3:58:55 PM mbam-log-2010-11-16 (15-58-55).txt Scan type: Full scan (C:\|D:\|F:\|) Objects scanned: 212084 Time elapsed: 41 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  4. ComboFix 10-11-12.06 - Sophia 11/14/2010 9:56.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1531 [GMT -5:00] Running from: F:\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Sophia\GoToAssistDownloadHelper.exe . ((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 ))))))))))))))))))))))))))))))) . 2010-11-13 02:04 . 2010-11-13 02:04 -------- d-----w- C:\HelpAsst_backup 2010-11-08 20:20 . 2010-11-08 20:20 -------- d-----w- C:\RkUnhooker 2010-10-31 17:08 . 2010-10-31 17:09 -------- d-----w- c:\documents and settings\Sophia\Application Data\vlc 2010-10-30 01:12 . 2010-11-01 17:30 -------- d-----w- c:\windows\SxsCaPendDel 2010-10-29 19:30 . 2010-10-29 19:32 -------- d-----w- c:\documents and settings\Sophia\Local Settings\Application Data\ShippingAssistant 2010-10-24 14:59 . 2010-10-24 14:59 -------- d-----w- c:\program files\Common Files\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-03 20:41 . 2010-01-22 21:20 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-11-03 20:41 . 2010-01-22 21:20 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-10-04 12:48 . 2010-03-22 12:19 398744 ----a-r- c:\windows\system32\cpnprt2.cid 2010-09-18 16:23 . 2009-03-31 17:32 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2009-03-31 17:32 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2009-03-31 17:32 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2009-03-31 17:32 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:58 . 2009-03-31 17:33 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58 . 2009-03-31 17:32 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2009-03-31 17:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-09-01 11:51 . 2009-03-31 17:32 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42 . 2009-03-31 17:32 1852800 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02 . 2009-03-31 17:32 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:57 . 2009-03-31 17:32 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-26 13:39 . 2009-03-31 17:32 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-26 12:52 . 2010-01-23 02:22 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-23 16:12 . 2009-03-31 17:32 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-17 13:17 . 2009-03-31 17:32 58880 ----a-w- c:\windows\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VM30xSnap"="VM30xSnap.exe Vimicro USB PC Camera (ZC030x)" [X] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768] "lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-11-03 684712] "lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2008-11-03 16040] "USBestCR"="c:\program files\USIM Editor\iconcs316693406.exe" [2010-05-09 4808704] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\WINDOWS\\system32\\lxducoms.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/22/2010 4:20 PM 135336] R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?] R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [1/27/2010 7:15 PM 98984] S0 doxenb;doxenb; [x] S2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [5/9/2010 6:18 PM 65536] S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\Sophia\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\Sophia\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?] S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [5/9/2010 6:18 PM 51072] S3 VM30xx86;Vimicro USB PC Camera (ZC030x);c:\windows\system32\drivers\vm30xx86.sys [5/13/2010 2:59 PM 1294336] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - component: c:\documents and settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.dll FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll FF - plugin: c:\documents and settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\activegs@freetoolsassociation.com\platform\WINNT_x86-msvc\plugins\npActiveGS.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-14 10:00 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2010-11-14 10:02:24 ComboFix-quarantined-files.txt 2010-11-14 15:02 Pre-Run: 357,905,223,680 bytes free Post-Run: 358,979,203,072 bytes free - - End Of File - - A298F917B5C0D877FC89DB283B2DA2EF
  5. F:\HelpAsst_mebroot_fix.exe Fri 11/12/2010 at 21:04:02.62 HelpAssistant account is Active ~ attempting to de-activate Account active Yes Local Group Memberships *Administrators HelpAssistant successfully set Inactive ~~ Checking for termsrv32.dll ~~ termsrv32.dll present! ~ attempting to remove termsrv32.dll successfully removed ~~ Checking firewall ports ~~ backing up DomainProfile\GloballyOpenPorts\List registry key closing rogue ports HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list "65533:TCP"=- "52344:TCP"=- "3730:TCP"=- "5960:TCP"=- "3389:TCP"=- "7817:TCP"=- "7818:TCP"=- "8607:TCP"=- "8608:TCP"=- backing up StandardProfile\GloballyOpenPorts\List registry key closing rogue ports HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list "65533:TCP"=- "52344:TCP"=- "3730:TCP"=- "5960:TCP"=- "3389:TCP"=- "7817:TCP"=- "7818:TCP"=- "8607:TCP"=- "8608:TCP"=- ~~ Checking profile list ~~ HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-1835879850-3643569341-2082104434-1006 HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant ~ attempting to remove ~ All C:\Documents and Settings\HelpAssistant files successfully removed ~ ~~ Checking mbr ~~ mbr infection detected! ~ running mbr -f Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully copy of MBR has been found in sector 0x02E937CC1 malicious code @ sector 0x02E937CC4 ! PE file found in sector at 0x02E937CDA ! MBR rootkit infection detected ! Use: "mbr.exe -f" to fix. original MBR restored successfully ! Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 0x02E937CC1 malicious code @ sector 0x02E937CC4 ! PE file found in sector at 0x02E937CDA ! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Status check on Fri 11/12/2010 at 21:14:24.68 Account active No Local Group Memberships ~~ Checking mbr ~~ Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 0x02E937CC1 malicious code @ sector 0x02E937CC4 ! PE file found in sector at 0x02E937CDA ! ~~ Checking for termsrv32.dll ~~ termsrv32.dll not found HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll ~~ Checking profile list ~~ No HelpAssistant profile in registry ~~ Checking for HelpAssistant directories ~~ none found ~~ Checking firewall ports ~~ [HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] ~~ EOF ~~
  6. Sorry this has taken so long to post, the computer kept crashing before I could finish the scans and save the logs. I'm copying the description of the problem from my previous post. Also, I'm not sure if the logs are accurate, because they appear to have automatically saved themselves without my doing anything. Also, would it be possible (after running the scans you need) to tell if someone is actually hacking into my computer? I'm concerned it's someone I know. Thank you so much for your help, I really appreciate it. "I think my computer has been hacked? I tried to log into my bank account online, and it asked me to verify my computer. For the name, I clicked and a drop down menu came up and showed my name, but also the name of someone I know personally who has never had access to my computer but who is very likely to try to mess with me. Anyway, when I tried to google anything related to "how to tell if your computer has been hacked", the link would redirect either to Google or one of those site not found with links for shopping. This didn't happen with any other Google search. I ran a Malwarebytes scan, found 16 infected objects, and removed them. This didn't help; the computer then began freezing up and emitting a high-pitched, continuous beep. I couldn't fix it, the only thing I could do was to disconnect the power. I have to post this now from another computer. The freezing up issue has happened before with the same computer when I received help for malware earlier this year." RkUnhooker report generator v0.7 ============================================== Rootkit Unhooker kernel version: 3.8.341.552 ============================================== Windows Major Version: 5 Windows Minor Version: 1 Windows Build Number: 2600 ============================================== >Drivers Driver: C:\WINDOWS\system32\ntkrnlpa.exe Address: 0x804D7000 Size: 2150400 bytes Driver: PnpManager Address: 0x804D7000 Size: 2150400 bytes Driver: RAW Address: 0x804D7000 Size: 2150400 bytes Driver: WMIxWDM Address: 0x804D7000 Size: 2150400 bytes Driver: Win32k Address: 0xBF800000 Size: 1855488 bytes Driver: C:\WINDOWS\System32\win32k.sys Address: 0xBF800000 Size: 1855488 bytes Driver: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys Address: 0xB93E2000 Size: 1400832 bytes Driver: C:\WINDOWS\System32\ialmdd5.DLL Address: 0xBF07C000 Size: 978944 bytes Driver: Ntfs.sys Address: 0xB9E35000 Size: 577536 bytes Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Address: 0xA8EAC000 Size: 458752 bytes Driver: C:\WINDOWS\system32\DRIVERS\update.sys Address: 0xB9239000 Size: 385024 bytes Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys Address: 0xA8FDF000 Size: 364544 bytes Driver: C:\WINDOWS\system32\DRIVERS\srv.sys Address: 0xA8887000 Size: 360448 bytes Driver: C:\WINDOWS\System32\ATMFD.DLL Address: 0xBFFA0000 Size: 286720 bytes Driver: C:\WINDOWS\System32\Drivers\HTTP.sys Address: 0xA7EF8000 Size: 266240 bytes Driver: C:\WINDOWS\System32\ialmdev5.DLL Address: 0xBF043000 Size: 233472 bytes Driver: C:\WINDOWS\system32\drivers\smwdm.sys Address: 0xB934A000 Size: 221184 bytes Driver: C:\WINDOWS\system32\DRIVERS\rdpdr.sys Address: 0xB9297000 Size: 196608 bytes Driver: ACPI.sys Address: 0xB9F79000 Size: 188416 bytes Driver: C:\WINDOWS\system32\DRIVERS\mrxdav.sys Address: 0xA89CF000 Size: 184320 bytes Driver: NDIS.sys Address: 0xB9E08000 Size: 184320 bytes Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys Address: 0xA8F1C000 Size: 176128 bytes Driver: C:\WINDOWS\system32\DRIVERS\b57xp32.sys Address: 0xB9380000 Size: 172032 bytes Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys Address: 0xA8FB7000 Size: 163840 bytes Driver: dmio.sys Address: 0xB9F23000 Size: 155648 bytes Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys Address: 0xA8F69000 Size: 155648 bytes Driver: C:\WINDOWS\System32\Drivers\Fastfat.SYS Address: 0xA783E000 Size: 147456 bytes Driver: C:\WINDOWS\system32\drivers\portcls.sys Address: 0xB9326000 Size: 147456 bytes Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Address: 0xB93AA000 Size: 147456 bytes Driver: C:\WINDOWS\system32\DRIVERS\avipbb.sys Address: 0xA8E89000 Size: 143360 bytes Driver: C:\WINDOWS\system32\drivers\ks.sys Address: 0xB9303000 Size: 143360 bytes Driver: C:\WINDOWS\System32\Drivers\RDPWD.SYS Address: 0xA838C000 Size: 143360 bytes Driver: C:\WINDOWS\System32\drivers\afd.sys Address: 0xA8F47000 Size: 139264 bytes Driver: C:\WINDOWS\System32\ialmdnt5.dll Address: 0xBF021000 Size: 139264 bytes Driver: ACPI_HAL Address: 0x806E4000 Size: 134400 bytes Driver: C:\WINDOWS\system32\hal.dll Address: 0x806E4000 Size: 134400 bytes Driver: fltMgr.sys Address: 0xB9EEB000 Size: 131072 bytes Driver: ftdisk.sys Address: 0xB9F49000 Size: 126976 bytes Driver: Mup.sys Address: 0xB9DEE000 Size: 106496 bytes Driver: atapi.sys Address: 0xB9F0B000 Size: 98304 bytes Driver: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xA8DA9000 Size: 98304 bytes Driver: KSecDD.sys Address: 0xB9EC2000 Size: 94208 bytes Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys Address: 0xB92D8000 Size: 94208 bytes Driver: C:\WINDOWS\system32\DRIVERS\avgntflt.sys Address: 0xA8CF4000 Size: 86016 bytes Driver: C:\WINDOWS\system32\drivers\wdmaud.sys Address: 0xA8237000 Size: 86016 bytes Driver: C:\WINDOWS\system32\DRIVERS\parport.sys Address: 0xB92EF000 Size: 81920 bytes Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS Address: 0xB93CE000 Size: 81920 bytes Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys Address: 0xA9038000 Size: 77824 bytes Driver: C:\WINDOWS\System32\drivers\dxg.sys Address: 0xBF000000 Size: 73728 bytes Driver: sr.sys Address: 0xB9ED9000 Size: 73728 bytes Driver: pci.sys Address: 0xB9F68000 Size: 69632 bytes Driver: C:\WINDOWS\system32\DRIVERS\psched.sys Address: 0xB92C7000 Size: 69632 bytes Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS Address: 0xA90DB000 Size: 65536 bytes Driver: C:\WINDOWS\system32\DRIVERS\cdrom.sys Address: 0xBA148000 Size: 65536 bytes Driver: C:\WINDOWS\system32\DRIVERS\serial.sys Address: 0xBA118000 Size: 65536 bytes Driver: C:\WINDOWS\system32\drivers\drmk.sys Address: 0xBA108000 Size: 61440 bytes Driver: C:\WINDOWS\System32\ialmrnt5.dll Address: 0xBF012000 Size: 61440 bytes Driver: C:\WINDOWS\system32\DRIVERS\redbook.sys Address: 0xBA158000 Size: 61440 bytes Driver: C:\WINDOWS\system32\drivers\sysaudio.sys Address: 0xA84EF000 Size: 61440 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys Address: 0xBA1D8000 Size: 61440 bytes Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS Address: 0xBA0E8000 Size: 53248 bytes Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Address: 0xBA168000 Size: 53248 bytes Driver: VolSnap.sys Address: 0xBA0C8000 Size: 53248 bytes Driver: C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys Address: 0xBA318000 Size: 49152 bytes Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys Address: 0xBA188000 Size: 49152 bytes Driver: C:\WINDOWS\System32\Drivers\Fips.SYS Address: 0xBA278000 Size: 45056 bytes Driver: C:\WINDOWS\system32\DRIVERS\imapi.sys Address: 0xBA138000 Size: 45056 bytes Driver: MountMgr.sys Address: 0xBA0B8000 Size: 45056 bytes Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys Address: 0xBA178000 Size: 45056 bytes Driver: isapnp.sys Address: 0xBA0A8000 Size: 40960 bytes Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS Address: 0xBA1B8000 Size: 40960 bytes Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys Address: 0xBA1A8000 Size: 40960 bytes Driver: disk.sys Address: 0xBA0D8000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS Address: 0xBA2B8000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\intelppm.sys Address: 0xBA308000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys Address: 0xBA198000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys Address: 0xBA258000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys Address: 0xBA268000 Size: 36864 bytes Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS Address: 0xBA4A0000 Size: 32768 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbccgp.sys Address: 0xBA360000 Size: 32768 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys Address: 0xBA438000 Size: 32768 bytes Driver: C:\WINDOWS\system32\DRIVERS\fdc.sys Address: 0xBA440000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS Address: 0xBA488000 Size: 28672 bytes Driver: C:\WINDOWS\System32\Drivers\PCIIDEX.SYS Address: 0xBA328000 Size: 28672 bytes Driver: C:\WINDOWS\System32\Drivers\sybex38.SYS Address: 0xBA410000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS Address: 0xBA370000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys Address: 0xBA460000 Size: 24576 bytes Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys Address: 0xBA468000 Size: 24576 bytes Driver: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys Address: 0xBA4A8000 Size: 24576 bytes Driver: C:\WINDOWS\System32\Drivers\TDTCP.SYS Address: 0xBA428000 Size: 24576 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbuhci.sys Address: 0xBA430000 Size: 24576 bytes Driver: C:\WINDOWS\System32\drivers\vga.sys Address: 0xBA490000 Size: 24576 bytes Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS Address: 0xBA498000 Size: 20480 bytes Driver: PartMgr.sys Address: 0xBA330000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys Address: 0xBA450000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys Address: 0xBA458000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS Address: 0xBA448000 Size: 20480 bytes Driver: C:\WINDOWS\System32\watchdog.sys Address: 0xBA380000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\kbdhid.sys Address: 0xBA56C000 Size: 16384 bytes Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys Address: 0xBA5A4000 Size: 16384 bytes Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys Address: 0xA8D25000 Size: 16384 bytes Driver: C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys Address: 0xBA580000 Size: 16384 bytes Driver: C:\WINDOWS\system32\DRIVERS\serenum.sys Address: 0xBA574000 Size: 16384 bytes Driver: C:\WINDOWS\system32\BOOTVID.dll Address: 0xBA4B8000 Size: 12288 bytes Driver: C:\WINDOWS\System32\drivers\Dxapi.sys Address: 0xB9DB5000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\hidusb.sys Address: 0xBA548000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\mouhid.sys Address: 0xBA55C000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys Address: 0xBA588000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys Address: 0xB954C000 Size: 12288 bytes Driver: C:\Program Files\Avira\AntiVir Desktop\avgio.sys Address: 0xBA5EE000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\Beep.SYS Address: 0xBA5E2000 Size: 8192 bytes Driver: dmload.sys Address: 0xBA5AE000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBA60C000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Address: 0xBA5E0000 Size: 8192 bytes Driver: intelide.sys Address: 0xBA5AC000 Size: 8192 bytes Driver: C:\WINDOWS\system32\KDCOM.DLL Address: 0xBA5A8000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS Address: 0xBA5E4000 Size: 8192 bytes Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Address: 0xBA5E6000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys Address: 0xBA5DC000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS Address: 0xBA5DE000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS Address: 0xBA5AA000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys Address: 0xBA6FA000 Size: 4096 bytes Driver: C:\WINDOWS\System32\drivers\dxgthk.sys Address: 0xBA77E000 Size: 4096 bytes Driver: C:\WINDOWS\System32\Drivers\Null.SYS Address: 0xBA691000 Size: 4096 bytes Driver: PCIIde.sys Address: 0xBA670000 Size: 4096 bytes ============================================== >Stealth Unknown page with executable code Address: 0x89ECDA68 Size: 1432 Unknown page with executable code Address: 0x89EB9A47 Size: 1465 Unknown page with executable code Address: 0x89EA99FE Size: 1538 Unknown page with executable code Address: 0x89EAC9AF Size: 1617 Unknown page with executable code Address: 0x89ED3992 Size: 1646 Unknown page with executable code Address: 0x89E91963 Size: 1693 Unknown page with executable code Address: 0x89EC98D1 Size: 1839 Unknown page with executable code Address: 0x89FD9746 Size: 2234 Unknown page with executable code Address: 0x89EB764A Size: 2486 Unknown page with executable code Address: 0x89EDF52A Size: 2774 Unknown page with executable code Address: 0x89FD9484 Size: 2940 Unknown page with executable code Address: 0x89EDF3DE Size: 3106 Unknown page with executable code Address: 0x89ED22F1 Size: 3343 Unknown page with executable code Address: 0x89EAAEB1 Size: 335 Unknown page with executable code Address: 0x89ECA230 Size: 3536 Unknown page with executable code Address: 0x89FDA149 Size: 3767 Unknown page with executable code Address: 0x89EDEE20 Size: 480 Unknown thread object [ ETHREAD 0x8A315DA8 ] TID: 576 Address: 0x89F27589 Size: 592 Unknown thread object [ ETHREAD 0x8A32ADA8 ] TID: 640 Address: 0x89E62C86 Size: 592 Unknown page with executable code Address: 0x89E7ACAD Size: 851 OTL logfile created on: 11/8/2010 3:22:02 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = F:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 372.61 Gb Total Space | 332.69 Gb Free Space | 89.29% Space Free | Partition Type: NTFS Drive F: | 1.87 Gb Total Space | 1.80 Gb Free Space | 95.75% Space Free | Partition Type: FAT Computer Name: SOPHIA | User Name: Sophia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010/11/08 15:09:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\OTL.exe PRC - [2010/11/03 15:41:05 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010/11/03 15:41:03 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/11/03 15:41:03 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010/05/09 18:18:53 | 004,808,704 | ---- | M] () -- C:\Program Files\USIM Editor\iconcs316693406.exe PRC - [2010/05/09 18:18:52 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\afasrv32.exe PRC - [2010/01/14 20:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/01/14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2008/11/03 09:11:38 | 000,684,712 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe PRC - [2008/11/03 09:11:36 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe PRC - [2008/08/21 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/05/23 11:58:34 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxducoms.exe PRC - [2008/05/23 11:58:22 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxduserv.exe PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe PRC - [2007/02/05 05:37:28 | 000,053,248 | R--- | M] (Vimicro) -- C:\WINDOWS\VM30xSnap.exe ========== Modules (SafeList) ========== MOD - [2010/11/08 15:09:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\OTL.exe MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2010/11/03 15:41:05 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/11/03 15:41:03 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/05/09 18:18:52 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\afasrv32.exe -- (AfaService) SRV - [2010/04/28 06:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009/01/14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008/05/23 11:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxducoms.exe -- (lxdu_device) SRV - [2008/05/23 11:58:22 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService) SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Sophia\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys -- (F-Secure Standalone Minifilter) DRV - [2010/11/03 15:41:05 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010/11/03 15:41:05 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2009/05/11 10:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/05/11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008/05/27 09:52:18 | 000,051,072 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MHIKEY10.sys -- (MHIKEY10) DRV - [2007/01/29 06:21:00 | 001,294,336 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vm30xx86.sys -- (VM30xx86) Vimicro USB PC Camera (ZC030x) DRV - [2006/05/10 18:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2004/09/22 16:24:00 | 000,014,695 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio) DRV - [2001/08/17 07:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1835879850-3643569341-2082104434-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-21-1835879850-3643569341-2082104434-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-1835879850-3643569341-2082104434-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 8B 23 69 97 7B CB 01 [binary data] IE - HKU\S-1-5-21-1835879850-3643569341-2082104434-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1835879850-3643569341-2082104434-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157" FF - prefs.js..extensions.enabledItems: sidecar@amazon.com:0.7.2.0 FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.6 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.4 FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.5 FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6 FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1 FF - prefs.js..extensions.enabledItems: homo_nudus@livejournal.com:9.0.5 FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.0 FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.8.4 FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.3 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..extensions.enabledItems: activegs@freetoolsassociation.com:3.0.213 FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.5.10.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}:5.2.4.8 FF - prefs.js..extensions.enabledItems: {15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed}:1.0.4 FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.7 FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/03 19:05:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/03 19:05:59 | 000,000,000 | ---D | M] [2010/01/22 16:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Extensions [2010/11/04 18:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions [2010/10/25 11:33:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2010/01/22 17:14:19 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3} [2010/10/31 12:08:55 | 000,000,000 | ---D | M] (TweakTube) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed} [2010/05/30 07:15:22 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2010/05/08 21:30:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/09/05 10:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2010/09/10 05:29:25 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2010/02/21 21:44:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010/09/05 10:38:06 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2010/06/23 05:54:52 | 000,000,000 | ---D | M] (ImageShack® Toolbar) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24} [2010/10/14 10:22:16 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2010/09/05 10:38:05 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010/10/18 16:26:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/06/19 10:28:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010/04/22 20:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\activegs@freetoolsassociation.com [2010/10/04 18:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\foxmarks@kei.com [2010/10/14 10:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\homo_nudus@livejournal.com [2010/04/08 09:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\isreaditlater@ideashower.com [2010/07/07 08:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\netvideohunter@netvideohunter.com [2010/06/10 07:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\sidecar@amazon.com [2010/10/31 12:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\smarterwiki@wikiatic.com [2010/06/14 15:26:50 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\searchplugins\bing.xml [2010/11/03 20:01:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/05/13 15:08:49 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll [2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll O1 HOSTS File: ([2010/05/05 22:03:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1835879850-3643569341-2082104434-1007\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe () O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe () O4 - HKLM..\Run: [uSBestCR] C:\Program Files\USIM Editor\iconcs316693406.exe () O4 - HKLM..\Run: [VM30xSnap] C:\WINDOWS\VM30xSnap.exe (Vimicro) O4 - HKU\S-1-5-21-1835879850-3643569341-2082104434-1007..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1835879850-3643569341-2082104434-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1835879850-3643569341-2082104434-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1835879850-3643569341-2082104434-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1835879850-3643569341-2082104434-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/03/31 13:53:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/11/08 15:20:03 | 000,000,000 | ---D | C] -- C:\RkUnhooker [2010/10/31 12:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sophia\Application Data\vlc [2010/10/30 14:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sophia\Desktop\The Dead Annotated Sources [2010/10/29 20:12:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel [2010/10/29 20:06:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010/10/29 14:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sophia\Local Settings\Application Data\ShippingAssistant [2010/10/26 02:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sophia\Desktop\Oct 24 2010 legal for court [2010/10/24 09:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010/01/27 19:14:07 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduserv.dll [2010/01/27 19:14:07 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduusb1.dll [2010/01/27 19:14:07 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxducomc.dll [2010/01/27 19:14:07 | 000,679,936 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduhbn3.dll [2010/01/27 19:14:07 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdupmui.dll [2010/01/27 19:14:07 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdulmpm.dll [2010/01/27 19:14:07 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDUhcp.dll [2010/01/27 19:14:07 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxducomm.dll [2010/01/27 19:14:07 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduinpa.dll [2010/01/27 19:14:07 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduiesc.dll [1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/11/08 15:18:44 | 000,512,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/11/08 15:18:44 | 000,097,352 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/11/08 15:17:35 | 000,012,684 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/11/08 15:17:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/11/03 15:41:05 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010/11/03 15:41:05 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010/11/03 14:42:35 | 000,011,564 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\Fuel company prices Nov 3 2010.docx [2010/11/03 13:54:09 | 000,020,466 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\NYCSERVMain.htm [2010/11/01 11:28:46 | 000,012,183 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\BlacknDecker brew n go.docx [2010/10/31 18:13:35 | 000,094,607 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\MyProject28371.avery [2010/10/31 18:13:14 | 000,094,606 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\Business cards MyProject28371.avery [2010/10/31 17:04:36 | 000,022,556 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\Doc19.docx [2010/10/31 12:08:01 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2010/10/30 20:45:31 | 000,051,745 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\Oct 30 2010 transfer multiple 60.00CHASE CHECKING.docx [2010/10/30 18:25:29 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Sophia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/29 14:31:25 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc [2010/10/29 10:00:40 | 000,015,693 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\Memo sent to McGuirk Fogerty Oct 29 2010.docx [2010/10/29 09:50:30 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Sophia\Desktop\~$mo sent to McGuirk Fogerty Oct 29 2010.docx [2010/10/29 09:38:07 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Sophia\Desktop\~$mo to McGuirk.docx [2010/10/29 09:36:03 | 000,014,769 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\2 Memo to McGuirk.docx [2010/10/28 21:42:04 | 000,014,254 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\REPRESENTATION 1.docx [2010/10/28 18:18:57 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\Bd of Election assignment letters Rep.doc [2010/10/28 18:18:57 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Sophia\Desktop\~$ of Election assignment letters Rep.doc [2010/10/27 16:21:05 | 000,090,590 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\Dr Carol and Scarlet Info.docx [2010/10/27 16:11:47 | 000,012,547 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\Dr.docx [2010/10/27 10:19:21 | 000,014,460 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\Memo to McGuirk.docx [2010/10/27 09:00:59 | 000,010,250 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\Katie Fin Aid.docx [2010/10/26 12:44:28 | 000,000,165 | -H-- | M] () -- C:\Documents and Settings\Sophia\Desktop\~$June 2010 exp spreadsheet.xlsx [2010/10/26 03:42:57 | 000,021,346 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\Oct 24 2010 rental n support payments spreadsheet.xlsx [2010/10/26 02:31:58 | 000,000,165 | -H-- | M] () -- C:\Documents and Settings\Sophia\Desktop\~$Oct 24 2010 rental n support payments spreadsheet.xlsx [2010/10/25 12:52:58 | 000,018,755 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\June 2010 exp spreadsheet.xlsx [2010/10/23 09:50:31 | 000,011,172 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\Oct 15th To Whom It May Concern.docx [2010/10/14 02:24:56 | 000,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/10/14 02:08:32 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/10/11 12:52:30 | 000,206,472 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\Entrepreneur Import Export.docx [2010/10/11 11:57:43 | 000,011,012 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\To Whom It May Concern.docx [1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/11/03 14:42:35 | 000,011,564 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\Fuel company prices Nov 3 2010.docx [2010/11/03 13:54:09 | 000,020,466 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\NYCSERVMain.htm [2010/10/31 18:13:44 | 000,094,607 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\MyProject28371.avery [2010/10/31 18:13:31 | 000,094,606 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\Business cards MyProject28371.avery [2010/10/31 17:04:36 | 000,022,556 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\Doc19.docx [2010/10/31 12:08:01 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2010/10/30 20:43:04 | 000,051,745 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\Oct 30 2010 transfer multiple 60.00CHASE CHECKING.docx [2010/10/29 14:31:25 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc [2010/10/29 09:50:30 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Sophia\Desktop\~$mo sent to McGuirk Fogerty Oct 29 2010.docx [2010/10/29 09:50:29 | 000,015,693 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\Memo sent to McGuirk Fogerty Oct 29 2010.docx [2010/10/29 09:38:07 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Sophia\Desktop\~$mo to McGuirk.docx [2010/10/29 09:36:03 | 000,014,769 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\2 Memo to McGuirk.docx [2010/10/28 21:42:04 | 000,014,254 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\REPRESENTATION 1.docx [2010/10/28 18:18:57 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\Bd of Election assignment letters Rep.doc [2010/10/28 18:18:57 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Sophia\Desktop\~$ of Election assignment letters Rep.doc [2010/10/27 16:21:05 | 000,090,590 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\Dr Carol and Scarlet Info.docx [2010/10/27 16:11:46 | 000,012,547 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\Dr.docx [2010/10/27 08:59:52 | 000,010,250 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\Katie Fin Aid.docx [2010/10/26 12:44:28 | 000,000,165 | -H-- | C] () -- C:\Documents and Settings\Sophia\Desktop\~$June 2010 exp spreadsheet.xlsx [2010/10/26 02:31:58 | 000,000,165 | -H-- | C] () -- C:\Documents and Settings\Sophia\Desktop\~$Oct 24 2010 rental n support payments spreadsheet.xlsx [2010/10/26 02:31:57 | 000,021,346 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\Oct 24 2010 rental n support payments spreadsheet.xlsx [2010/10/25 22:40:29 | 000,014,460 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\Memo to McGuirk.docx [2010/10/18 07:04:41 | 000,011,172 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\Oct 15th To Whom It May Concern.docx [2010/10/11 12:52:30 | 000,206,472 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\Entrepreneur Import Export.docx [2010/05/09 18:27:57 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Sophia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/30 21:00:50 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010/01/27 19:15:25 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\lxducoin.dll [2010/01/27 19:15:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxduvs.dll [2010/01/27 19:14:51 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\lxdudrs.dll [2010/01/27 19:14:51 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxducaps.dll [2010/01/27 19:14:51 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxducnv4.dll [2010/01/27 19:14:07 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\LXDUinst.dll [2010/01/27 19:14:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdugrd.dll [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/03/31 13:10:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009/03/31 12:33:17 | 000,000,131 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini [2009/03/31 05:46:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini ========== LOP Check ========== [2010/06/24 11:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications [2010/04/30 23:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure [2010/09/23 23:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 5600-6600 Series [2010/02/06 17:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5 [2010/11/05 20:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/04/14 14:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R [2009/03/31 14:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [2010/02/22 11:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010/04/01 14:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Amazon [2010/04/30 20:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Apowersoft [2010/04/14 14:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Lexmark Productivity Studio [2010/01/22 16:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\OpenOffice.org [2010/02/06 16:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\River Past G5 [2010/10/29 20:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\uTorrent [2010/06/14 14:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Windows Desktop Search [2010/06/24 11:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Windows Search ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 < End of report > OTL Extras logfile created on: 11/8/2010 3:22:02 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = F:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 372.61 Gb Total Space | 332.69 Gb Free Space | 89.29% Space Free | Partition Type: NTFS Drive F: | 1.87 Gb Total Space | 1.80 Gb Free Space | 95.75% Space Free | Partition Type: FAT Computer Name: SOPHIA | User Name: Sophia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-1835879850-3643569341-2082104434-1007\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services "3730:TCP" = 3730:TCP:*:Enabled:Services "5960:TCP" = 5960:TCP:*:Enabled:Services "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop "7817:TCP" = 7817:TCP:*:Enabled:Services "7818:TCP" = 7818:TCP:*:Enabled:Services "8607:TCP" = 8607:TCP:*:Enabled:Services "8608:TCP" = 8608:TCP:*:Enabled:Services [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services "3730:TCP" = 3730:TCP:*:Enabled:Services "5960:TCP" = 5960:TCP:*:Enabled:Services "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop "7817:TCP" = 7817:TCP:*:Enabled:Services "7818:TCP" = 7818:TCP:*:Enabled:Services "8607:TCP" = 8607:TCP:*:Enabled:Services "8608:TCP" = 8608:TCP:*:Enabled:Services ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- () "C:\WINDOWS\system32\lxducoms.exe" = C:\WINDOWS\system32\lxducoms.exe:*:Enabled:5600-6600 Series Server -- ( ) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{133EE96D-DBA6-4644-84A4-B2794505D669}" = Vimicro USB PC Camera "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 17 "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0 "{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2 "{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007 "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2 "{B5408C28-8D1F-4D65-AA49-02FBD56136FF}" = WolfQuest "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype
  7. I posted a query in another section, was asked to post my logs here. Please help! I posted the second MBAM log that I ran; if you need the first log (in which 16 files were removed) please let me know so I can post that as well. DDS (Ver_10-11-05.01) - NTFSx86 Run by Sophia at 21:41:51.87 on Fri 11/05/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1534 [GMT -4:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\system32\afasrv32.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\lxducoms.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe C:\Program Files\USIM Editor\iconcs316693406.exe C:\WINDOWS\VM30xSnap.exe C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe C:\Program Files\RocketDock\RocketDock.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe F:\dds.scr ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = <local> BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe" mRun: [lxduamon] "c:\program files\lexmark 5600-6600 series\lxduamon.exe" mRun: [uSBestCR] c:\program files\usim editor\iconcs316693406.exe RunFromReg mRun: [VM30xSnap] VM30xSnap.exe Vimicro USB PC Camera (ZC030x) mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\sophia\applic~1\mozilla\firefox\profiles\1h3g02mt.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - component: c:\documents and settings\sophia\application data\mozilla\firefox\profiles\1h3g02mt.default\extensions\{7378b8c2-fc38-41b8-a8c9-875d1f5b0a24}\components\NativeComponent.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\sophia\application data\mozilla\firefox\profiles\1h3g02mt.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll FF - plugin: c:\documents and settings\sophia\application data\mozilla\firefox\profiles\1h3g02mt.default\extensions\activegs@freetoolsassociation.com\platform\winnt_x86-msvc\plugins\npActiveGS.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-22 11608] R2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [2010-5-9 65536] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-22 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-22 267944] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-22 60936] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-6-14 54760] R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?] R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2010-1-27 98984] S0 doxenb;doxenb; [x] S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\sophia\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\sophia\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-1 38224] S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2010-5-9 51072] S3 VM30xx86;Vimicro USB PC Camera (ZC030x);c:\windows\system32\drivers\vm30xx86.sys [2010-5-13 1294336] =============== Created Last 30 ================ 2010-10-30 01:12:46 -------- d-----w- c:\windows\SxsCaPendDel 2010-10-29 19:30:58 -------- d-----w- c:\docume~1\sophia\locals~1\applic~1\ShippingAssistant ==================== Find3M ==================== 2010-10-04 12:48:03 398744 ----a-r- c:\windows\system32\cpnprt2.cid 2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll ============= FINISH: 21:42:49.10 =============== Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4057 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/3/2010 10:29:28 PM mbam-log-2010-11-03 (22-29-28).txt Scan type: Quick scan Objects scanned: 145958 Time elapsed: 14 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Attach.zip ark.zip
  8. I'm not sure if this is a malware issue or not, so I'm sorry if this is posted in the wrong category. I think my computer has been hacked? I tried to log into my bank account online, and it asked me to verify my computer. For the name, I clicked and a drop down menu came up and showed my name, but also the name of someone I know personally who has never had access to my computer but who is very likely to try to mess with me. Anyway, when I tried to google anything related to "how to tell if your computer has been hacked", the link would redirect either to Google or one of those site not found with links for shopping. This didn't happen with any other Google search. I ran a Malwarebytes scan, found 16 infected objects, and removed them. This didn't help; the computer then began freezing up and emitting a high-pitched, continuous beep. I couldn't fix it, the only thing I could do was to disconnect the power. I have to post this now from another computer. The freezing up issue has happened before with the same computer when I received help for malware earlier this year. If someone could please help me figure out what's wrong and what I can do to fix this and prevent it from happening again, I'm appreciate it! Thank you!
  9. Thanks so much for all your help! I really appreciate it. The only thing is that I can't seem to uninstall ComboFix. It says "Windows cannot find "Combo-Fix.exe/uninstall" and to try again. Is there another way to uninstall?
  10. Thanks for being so patient. The computer seems to working normally again. Here's the report: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Thursday, May 6, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, May 06, 2010 13:22:20 Records in database: 4065738 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ F:\ G:\ Scan statistics: Objects scanned: 208548 Threats found: 5 Infected objects found: 11 Suspicious objects found: 0 Scan duration: 04:02:44 File name / Threat / Threats count C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\gxndllyfi\ixjfetetssd.exe Infected: Trojan.Win32.FraudPack.auiv 1 C:\Documents and Settings\HelpAssistant\Local Settings\Temp\plugtmp-24\plugin-data Infected: Exploit.JS.Pdfka.bzh 1 C:\Documents and Settings\HelpAssistant\Local Settings\Temp\plugtmp-24\plugin-data-1 Infected: Exploit.JS.Pdfka.bzh 1 C:\Documents and Settings\HelpAssistant\Local Settings\Temp\Tr0.exe Infected: Packed.Win32.Katusha.l 1 C:\Documents and Settings\HelpAssistant\Local Settings\Temp\Tr2.exe Infected: Packed.Win32.Katusha.l 1 C:\Documents and Settings\HelpAssistant\Local Settings\Temp\Trz.exe Infected: Packed.Win32.Katusha.l 1 C:\Documents and Settings\HelpAssistant\Local Settings\Temp\tyysqcc.exe Infected: Trojan.Win32.FraudPack.auiv 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\dmio.sys.vir Infected: Rootkit.Win32.TDSS.ap 1 C:\Qoobox\Quarantine\C\WINDOWS\Tkatua.exe.vir Infected: Packed.Win32.Katusha.l 1 C:\Qoobox\Quarantine\C\WINDOWS\Tkatub.exe.vir Infected: Packed.Win32.Katusha.l 1 F:\Users\kat\AppData\Local\Netscape\Navigator\Profiles\5ytija3a.default\Cache\D82BA810d01 Infected: not-a-virus:AdWare.Win32.Coupons 1 Selected area has been scanned.
  11. All processes killed ========== FILES ========== C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 212992 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 213126 bytes User: HelpAssistant ->Temp folder emptied: 180923948 bytes ->Temporary Internet Files folder emptied: 2395636 bytes ->Java cache emptied: 8111832 bytes ->FireFox cache emptied: 23507549 bytes ->Flash cache emptied: 191831 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 4288680 bytes User: NetworkService ->Temp folder emptied: 524288 bytes ->Temporary Internet Files folder emptied: 5357708 bytes ->Java cache emptied: 25336 bytes ->Flash cache emptied: 261 bytes User: Sophia ->Temp folder emptied: 618942246 bytes ->Temporary Internet Files folder emptied: 2645174 bytes ->Java cache emptied: 19860235 bytes ->FireFox cache emptied: 44178388 bytes ->Flash cache emptied: 191761 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1160 bytes %systemroot%\System32 .tmp files removed: 3770897 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 20899816 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12988554 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 2114703104 bytes Total Files Cleaned = 2,922.00 mb Restore point Set: OTL Restore Point (0) OTL by OldTimer - Version 3.2.4.1 log created on 05042010_210218 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\HelpAssistant\Local Settings\Temp\plugtmp-15\plugin-AppDisclosurePDF.aspx not found! C:\Documents and Settings\HelpAssistant\Local Settings\Temp\setup_wm.exe moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_e08.dat moved successfully. File move failed. C:\WINDOWS\temp\$$$dq3e scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\$67we.$ scheduled to be moved on reboot. Registry entries deleted on Reboot... Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4057 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/5/2010 10:48:07 PM mbam-log-2010-05-05 (22-48-07).txt Scan type: Full scan (C:\|D:\|G:\|) Objects scanned: 193547 Time elapsed: 27 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix 10-05-05.04 - Sophia 05/05/2010 22:57:43.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1647 [GMT -4:00] Running from: c:\documents and settings\Sophia\Desktop\Combo-Fix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Sophia\Application Data\4E51CD42BDB6676DED448829AB823145 c:\documents and settings\Sophia\Application Data\4E51CD42BDB6676DED448829AB823145\enemies-names.txt c:\program files\WindowsUpdate c:\windows\system32\Packet.dll c:\windows\system32\wpcap.dll c:\windows\Tkatua.exe c:\windows\Tkatub.exe Infected copy of c:\windows\system32\drivers\dmio.sys was found and disinfected Restored copy from - Kitty had a snack . original MBR restored successfully ! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 ))))))))))))))))))))))))))))))) . 2010-05-05 01:02 . 2010-05-05 01:02 -------- d-----w- C:\_OTL 2010-05-04 22:07 . 2010-05-04 22:07 -------- d-----w- C:\rsit 2010-05-04 22:07 . 2010-05-04 22:07 -------- d-----w- c:\program files\trend micro 2010-05-02 15:57 . 2010-05-02 16:01 -------- dc-h--w- c:\windows\ie8 2010-05-02 15:07 . 2010-03-17 15:35 309248 ----a-w- c:\documents and settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll 2010-05-01 23:13 . 2010-05-01 23:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-05-01 17:29 . 2010-05-01 17:29 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-05-01 15:54 . 2010-05-01 15:54 -------- d-----w- c:\documents and settings\Sophia\Application Data\Malwarebytes 2010-05-01 15:54 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-01 15:54 . 2010-05-01 20:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-01 15:54 . 2010-05-01 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-01 15:54 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-01 15:42 . 2010-05-01 15:42 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE 2010-05-01 05:09 . 2010-05-01 05:09 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache 2010-05-01 04:53 . 2010-05-01 04:53 -------- d-sh--w- c:\documents and settings\Sophia\IECompatCache 2010-05-01 04:52 . 2010-05-01 04:52 -------- d-sh--w- c:\documents and settings\Sophia\PrivacIE 2010-05-01 04:48 . 2010-05-01 04:48 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache 2010-05-01 04:48 . 2010-05-01 04:48 -------- d-----w- c:\documents and settings\HelpAssistant\dwhelper 2010-05-01 04:34 . 2010-05-01 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2010-05-01 02:46 . 2010-05-01 02:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-05-01 02:45 . 2010-05-01 02:45 -------- d-sh--w- c:\documents and settings\Sophia\IETldCache 2010-05-01 02:39 . 2010-05-01 02:39 -------- d-----w- c:\documents and settings\Sophia\Application Data\Avira 2010-05-01 02:39 . 2010-05-01 20:54 -------- d-----w- c:\documents and settings\Sophia\Local Settings\Application Data\gxndllyfi 2010-05-01 02:00 . 2010-02-10 17:13 165376 ----a-w- c:\windows\system32\unrar.dll 2010-05-01 02:00 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2010-05-01 02:00 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll 2010-05-01 02:00 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2010-05-01 02:00 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll 2010-05-01 02:00 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll 2010-05-01 02:00 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll 2010-05-01 02:00 . 2010-05-01 02:01 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-05-01 01:58 . 2010-05-01 01:58 -------- d-----w- c:\program files\FLVCodec 2010-05-01 01:52 . 2010-05-01 01:52 -------- d-----w- c:\documents and settings\Sophia\Application Data\Apowersoft 2010-04-30 01:29 . 2010-05-06 01:18 -------- d-----w- c:\windows\ie8updates 2010-04-30 01:25 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-04-30 01:25 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-04-30 01:25 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-04-30 01:25 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-04-30 01:25 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-04-30 01:25 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-04-29 22:20 . 2008-11-10 15:41 32656 ----a-w- c:\windows\system32\msonpmon.dll 2010-04-29 22:20 . 2006-10-26 23:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll 2010-04-26 03:01 . 2010-04-26 03:01 -------- d-----w- c:\program files\Windows Media Connect 2 2010-04-26 03:00 . 2010-04-26 03:01 -------- d-----w- c:\windows\system32\drivers\UMDF 2010-04-26 03:00 . 2010-04-26 03:00 -------- d-----w- c:\windows\system32\LogFiles 2010-04-23 01:46 . 2010-04-15 12:31 898560 ----a-w- c:\documents and settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\activegs@freetoolsassociation.com\platform\WINNT_x86-msvc\plugins\npActiveGS.dll 2010-04-14 19:36 . 2010-04-14 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ThumbnailCache4R 2010-04-14 19:33 . 2010-04-14 19:33 -------- d-----w- c:\documents and settings\Sophia\Application Data\Lexmark Productivity Studio 2010-04-06 16:00 . 2010-05-02 03:29 -------- d-----w- c:\windows\system32\NtmsData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-03 21:03 . 2010-01-22 21:31 1 ----a-w- c:\documents and settings\Sophia\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-05-02 15:04 . 2009-03-31 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-05-01 21:00 . 2010-02-06 21:59 -------- d-----w- c:\program files\Common Files\Apple 2010-05-01 01:52 . 2009-03-31 19:12 72632 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-30 02:10 . 2010-04-30 02:10 103070 ----a-w- c:\documents and settings\All Users\SPL760.tmp 2010-04-29 17:18 . 2010-01-22 21:36 -------- d-----w- c:\program files\MSECache 2010-04-26 03:00 . 2010-01-22 21:46 -------- d-----w- c:\documents and settings\Sophia\Application Data\vlc 2010-04-01 19:46 . 2010-04-01 19:46 -------- d-----w- c:\documents and settings\Sophia\Application Data\Amazon 2010-04-01 19:46 . 2010-04-01 19:46 -------- d-----w- c:\program files\Amazon 2010-03-27 16:28 . 2010-03-27 16:28 -------- d-----w- c:\program files\Veoh Networks 2010-03-22 12:19 . 2010-03-22 12:19 -------- d-----w- c:\program files\Coupons 2010-03-10 06:15 . 2009-03-31 17:32 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-08 22:28 . 2010-03-08 22:28 -------- d-----w- c:\program files\DivX 2010-03-08 22:28 . 2010-03-08 22:28 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-03-01 13:05 . 2010-01-22 21:20 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-02-24 13:11 . 2009-03-31 17:32 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 17:24 . 2010-01-22 21:20 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-02-16 14:08 . 2008-04-14 00:54 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:33 . 2009-03-31 17:32 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2009-03-31 17:32 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-11-03 684712] "lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2008-11-03 16040] c:\documents and settings\Sophia\Start Menu\Programs\Startup\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\WINDOWS\\system32\\lxducoms.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "3730:TCP"= 3730:TCP:Services "5960:TCP"= 5960:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop "7817:TCP"= 7817:TCP:Services "7818:TCP"= 7818:TCP:Services R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/22/2010 5:20 PM 135336] R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?] R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [1/27/2010 8:15 PM 98984] S0 doxenb;doxenb; [x] S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\Sophia\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\Sophia\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5555 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.addthis.com/search?pco=fxe-3.0.1&locale=en-US&sl=ub&q= FF - plugin: c:\documents and settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll FF - plugin: c:\documents and settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\activegs@freetoolsassociation.com\platform\WINNT_x86-msvc\plugins\npActiveGS.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-05 23:04 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(348) c:\program files\RocketDock\RocketDock.dll c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Lexmark 5600-6600 Series\lxduMsdMon.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\windows\system32\lxducoms.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe . ************************************************************************** . Completion time: 2010-05-05 23:07:24 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-06 03:07 Pre-Run: 379,852,615,680 bytes free Post-Run: 379,675,586,560 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - BBCE793637E452D2C86158D046BFF423
  12. Sorry this took so long to post; I had trouble getting MBAM to complete a scan. Here are the logs. File Tkatua.exe received on 2010.05.05 00:43:56 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 21/41 (51.22%) Loading server information... Your file is queued in position: 1. Estimated start time is between 42 and 60 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.50 2010.05.05 Packed.Win32.Katusha.l!A2 AhnLab-V3 2010.05.05.00 2010.05.05 Win-Trojan/Fakeav.165376.M AntiVir 8.2.1.224 2010.05.04 TR/Fakealert.MA.212 Antiy-AVL 2.0.3.7 2010.04.30 - Authentium 5.2.0.5 2010.05.05 - Avast 4.8.1351.0 2010.05.04 Win32:Renos-OI Avast5 5.0.332.0 2010.05.04 Win32:Renos-OI AVG 9.0.0.787 2010.05.04 FakeAV.BKA BitDefender 7.2 2010.05.05 - CAT-QuickHeal 10.00 2010.05.04 - ClamAV 0.96.0.3-git 2010.05.04 - Comodo 4766 2010.05.05 - DrWeb 5.0.2.03300 2010.05.05 Trojan.DownLoad1.55745 eSafe 7.0.17.0 2010.05.03 - eTrust-Vet 35.2.7468 2010.05.04 Win32/FakeCodec.D!generic F-Prot 4.5.1.85 2010.05.05 - F-Secure 9.0.15370.0 2010.05.05 Suspicious:W32/Malware!Gemini Fortinet 4.0.14.0 2010.05.03 - GData 21 2010.05.05 Win32:Renos-OI Ikarus T3.1.1.84.0 2010.05.05 - Jiangmin 13.0.900 2010.05.04 Packed.Katusha.ija Kaspersky 7.0.0.125 2010.05.05 Packed.Win32.Katusha.l McAfee 5.400.0.1158 2010.05.05 - McAfee-GW-Edition 2010.1 2010.05.04 Heuristic.LooksLike.Win32.NewMalware.I Microsoft 1.5703 2010.05.04 TrojanDownloader:Win32/Renos.LL NOD32 5086 2010.05.04 Win32/TrojanDownloader.FakeAlert.AQI Norman 6.04.12 2010.05.04 - nProtect 2010-05-04.01 2010.05.04 - Panda 10.0.2.7 2010.05.04 Suspicious file PCTools 7.0.3.5 2010.05.04 - Prevx 3.0 2010.05.05 High Risk Cloaked Malware Rising 22.46.01.01 2010.05.04 Trojan.Win32.Generic.5201D4D9 Sophos 4.53.0 2010.05.04 Mal/FakeAV-DH Sunbelt 6261 2010.05.04 Trojan.Win32.Bredolab.Gen.pac (v) Symantec 20091.2.0.41 2010.05.05 - TheHacker 6.5.2.0.275 2010.05.03 - TrendMicro 9.120.0.1004 2010.05.04 - TrendMicro-HouseCall 9.120.0.1004 2010.05.05 - VBA32 3.12.12.4 2010.05.04 - ViRobot 2010.5.4.2303 2010.05.04 - VirusBuster 5.0.27.0 2010.05.04 Trojan.DL.FakeAlert.CJS Additional information File size: 165376 bytes MD5...: 814e3aee752a386d65da87dfbddff221 SHA1..: 401060273ae327a63119f0ec9ae5d55f928b5174 SHA256: 82507a55f7349a147124947893891ff5953f792b48ef4bff0da89f365e01d17f ssdeep: 3072:eBZ6DmLYdtA3C1t6dSZNR0Bk0C1sDLutS6V:e34A3Q6dS50k0C1OUS6 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x37f9 timedatestamp.....: 0x4bd9c323 (Thu Apr 29 17:34:27 2010) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x24d08 0x24e00 7.05 61b7c774b85868ae5106cd9550d59415 .data 0x26000 0x18200 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110 .bss 0x3f000 0x1a5c 0x1c00 4.97 a4a20628b5dbf7cc33a1a752dfc993ba .idata 0x41000 0x37a 0x400 4.42 d59cdbb6dc7e473515fb1a1b5aa27114 .rsrc 0x42000 0x388 0x400 3.57 f61ab3f32515bafe725a2c544b0b1058 ( 2 imports ) > KERNEL32.DLL: GetCurrentProcess, GetCurrentThread, GetCurrentThreadId, GetLastError, GetModuleFileNameA, GetProcAddress, GetProcessHeap, GetSystemTimeAsFileTime, InterlockedIncrement, UnhandledExceptionFilter, VirtualAlloc, lstrlenA > ADVAPI32.DLL: AdjustTokenPrivileges, AllocateAndInitializeSid, ChangeServiceConfig2A, ControlService, CreateServiceA, DeleteService, LookupPrivilegeValueA, QueryServiceStatus, RegCreateKeyExA, RegDeleteKeyA, RegQueryInfoKeyA, RegSetValueExA, SetSecurityDescriptorDacl, StartServiceCtrlDispatcherA, UnlockServiceDatabase ( 0 exports ) RDS...: NSRL Reference Data Set - trid..: Win32 Executable Generic (58.2%) Win16/32 Executable Delphi generic (14.1%) Generic Win/DOS Executable (13.6%) DOS Executable Generic (13.6%) VXD Driver (0.2%) <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=7D3F61F2001FE35986FA02E2810FEF00E9192FB6' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=7D3F61F2001FE35986FA02E2810FEF00E9192FB6</a> Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/...-021223-0550-99 sigcheck: publisher....: n/a copyright....: xvomxn Y139RO EcNcH0p product......: n/a description..: Azap9xf 2LuLOY original name: 6y2y2Rk.exe internal name: n/a file version.: 5.2.0.16 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned pdfid.: - File Tkatub.exe received on 2010.05.05 00:45:59 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 21/41 (51.22%) Loading server information... Your file is queued in position: 2. Estimated start time is between 49 and 70 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.50 2010.05.05 Packed.Win32.Katusha.l!A2 AhnLab-V3 2010.05.05.00 2010.05.05 Win-Trojan/Fakeav.165376.M AntiVir 8.2.1.224 2010.05.04 TR/Fakealert.MA.212 Antiy-AVL 2.0.3.7 2010.04.30 - Authentium 5.2.0.5 2010.05.05 - Avast 4.8.1351.0 2010.05.04 Win32:Renos-OI Avast5 5.0.332.0 2010.05.04 Win32:Renos-OI AVG 9.0.0.787 2010.05.04 FakeAV.BKA BitDefender 7.2 2010.05.05 - CAT-QuickHeal 10.00 2010.05.04 - ClamAV 0.96.0.3-git 2010.05.04 - Comodo 4766 2010.05.05 - DrWeb 5.0.2.03300 2010.05.05 Trojan.DownLoad1.55745 eSafe 7.0.17.0 2010.05.03 - eTrust-Vet 35.2.7468 2010.05.04 Win32/FakeCodec.D!generic F-Prot 4.5.1.85 2010.05.05 - F-Secure 9.0.15370.0 2010.05.05 Suspicious:W32/Malware!Gemini Fortinet 4.0.14.0 2010.05.03 - GData 21 2010.05.05 Win32:Renos-OI Ikarus T3.1.1.84.0 2010.05.05 - Jiangmin 13.0.900 2010.05.04 Packed.Katusha.ija Kaspersky 7.0.0.125 2010.05.05 Packed.Win32.Katusha.l McAfee 5.400.0.1158 2010.05.05 - McAfee-GW-Edition 2010.1 2010.05.04 Heuristic.LooksLike.Win32.NewMalware.I Microsoft 1.5703 2010.05.04 TrojanDownloader:Win32/Renos.LL NOD32 5086 2010.05.04 Win32/TrojanDownloader.FakeAlert.AQI Norman 6.04.12 2010.05.04 - nProtect 2010-05-04.01 2010.05.04 - Panda 10.0.2.7 2010.05.04 Suspicious file PCTools 7.0.3.5 2010.05.04 - Prevx 3.0 2010.05.05 High Risk Cloaked Malware Rising 22.46.01.01 2010.05.04 Trojan.Win32.Generic.5201D4D9 Sophos 4.53.0 2010.05.04 Mal/FakeAV-DH Sunbelt 6261 2010.05.04 Trojan.Win32.Bredolab.Gen.pac (v) Symantec 20091.2.0.41 2010.05.05 - TheHacker 6.5.2.0.275 2010.05.03 - TrendMicro 9.120.0.1004 2010.05.04 - TrendMicro-HouseCall 9.120.0.1004 2010.05.05 - VBA32 3.12.12.4 2010.05.04 - ViRobot 2010.5.4.2303 2010.05.04 - VirusBuster 5.0.27.0 2010.05.04 Trojan.DL.FakeAlert.CJS Additional information File size: 165376 bytes MD5...: 09e7545b91f6a2477befac23bd1778e9 SHA1..: 55f1fab5991718590f7b6e14858a06fe2c93cc2b SHA256: 558eac64e9947bc099784bc8e612496492af313a1f9fa7ff891785a7d7aea991 ssdeep: 3072:eBZ6DmLYdtA3C1t6dSZNR0Bk0C1sDLutM6V:e34A3Q6dS50k0C1OUM6 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x37f9 timedatestamp.....: 0x4bd9c323 (Thu Apr 29 17:34:27 2010) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x24d08 0x24e00 7.05 61b7c774b85868ae5106cd9550d59415 .data 0x26000 0x18200 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110 .bss 0x3f000 0x1a5c 0x1c00 4.97 99f5ed768e58dbd1ff1dc952a041775d .idata 0x41000 0x37a 0x400 4.42 d59cdbb6dc7e473515fb1a1b5aa27114 .rsrc 0x42000 0x388 0x400 3.57 f61ab3f32515bafe725a2c544b0b1058 ( 2 imports ) > KERNEL32.DLL: GetCurrentProcess, GetCurrentThread, GetCurrentThreadId, GetLastError, GetModuleFileNameA, GetProcAddress, GetProcessHeap, GetSystemTimeAsFileTime, InterlockedIncrement, UnhandledExceptionFilter, VirtualAlloc, lstrlenA > ADVAPI32.DLL: AdjustTokenPrivileges, AllocateAndInitializeSid, ChangeServiceConfig2A, ControlService, CreateServiceA, DeleteService, LookupPrivilegeValueA, QueryServiceStatus, RegCreateKeyExA, RegDeleteKeyA, RegQueryInfoKeyA, RegSetValueExA, SetSecurityDescriptorDacl, StartServiceCtrlDispatcherA, UnlockServiceDatabase ( 0 exports ) RDS...: NSRL Reference Data Set - trid..: Win32 Executable Generic (58.2%) Win16/32 Executable Delphi generic (14.1%) Generic Win/DOS Executable (13.6%) DOS Executable Generic (13.6%) VXD Driver (0.2%) <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=7D3F61F2001FE35986FA02E2810FEF00DC44AC35' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=7D3F61F2001FE35986FA02E2810FEF00DC44AC35</a> Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/...-021223-0550-99 sigcheck: publisher....: n/a copyright....: xvomxn Y139RO EcNcH0p product......: n/a description..: Azap9xf 2LuLOY original name: 6y2y2Rk.exe internal name: n/a file version.: 5.2.0.16 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned pdfid.: - a-squared 4.5.0.8 20100505070509 2010-05-05 - 9.190 AhnLab V3 2010.05.05.00 2010.05.05 2010-05-05 Win-Trojan/Fakeav.165376.M 10.551 AntiVir 8.2.1.224 7.10.7.39 2010-05-04 TR/Fakealert.MA.212 0.259 Antiy 2.0.18 20100429.4301541 2010-04-29 - 0.121 Arcavir 2009 201005041742 2010-05-04 Heur.W32 0.091 Authentium 5.1.1 201005042056 2010-05-04 - 1.816 AVAST! 4.7.4 100504-2 2010-05-04 Win32:Renos-OI [Trj] 0.007 AVG 8.5.793 271.1.1/2854 2010-05-05 FakeAV.BKA 0.243 BitDefender 7.81008.5745528 7.31507 2010-05-05 - 4.224 ClamAV 0.95.3 10914 2010-05-05 - 0.040 Comodo 3.13.579 4766 2010-05-04 - 1.317 CP Secure 1.3.0.5 2010.05.04 2010-05-04 - 0.058 Dr.Web 5.0.2.3300 2010.05.05 2010-05-05 Trojan.DownLoad1.55745 7.052 F-Prot 4.4.4.56 20100504 2010-05-04 - 1.808 F-Secure 7.02.73807 2010.05.04.15 2010-05-04 Packed.Win32.Katusha.l [AVP] 0.143 Fortinet 4.0.14 11.773 2010-05-04 - 0.339 GData 21.93/21.31 20100505 2010-05-05 Packed.Win32.Katusha.l [Engine:A] 9.009 Ikarus T3.1.01.84 2010.05.04.75781 2010-05-04 - 6.856 JiangMin 13.0.900 2010.05.04 2010-05-04 Packed.Katusha.ija 1.269 Kaspersky 5.5.10 2010.05.04 2010-05-04 Packed.Win32.Katusha.l 0.078 KingSoft 2009.2.5.15 2010.5.4.14 2010-05-04 - 1.304 McAfee 5400.1158 5972 2010-05-04 - 0.019 Microsoft 1.5703 2010.05.04 2010-05-04 TrojanDownloader:Win32/Renos.LL 9.356 Norman 6.04.12 6.04.00 2010-05-04 - 4.005 nProtect 20100503.01 8108502 2010-05-03 - 12.490 Panda 9.05.01 2010.05.04 2010-05-04 - 5.076 Quick Heal 10.00 2010.05.03 2010-05-03 - 1.707 Rising 20.0 22.46.01.01 2010-05-04 Trojan.Win32.Generic.5201D4D9 0.537 Sophos 3.06.0 4.52 2010-05-05 Mal/FakeAV-DH 3.663 Sunbelt 3.9.2421.2 6261 2010-05-04 Trojan.Win32.Bredolab.Gen.pac (v) 18.379 Symantec 1.3.0.24 20100504.004 2010-05-04 - 0.055 The Hacker 6.5.2.0 v00275 2010-05-03 - 0.438 Trend Micro 9.120-1004 7.146.15 2010-05-04 - 0.350 VBA32 3.12.12.4 20100504.0938 2010-05-04 - 11.539 ViRobot 20100503 2010.05.03 2010-05-03 - 0.424 VirusBuster 4.5.11.10 10.126.15/2004541 2010-05-05 Trojan.DL.FakeAlert.CJS 2.303 VirSCAN.org Scanned Report : Scanned time : 2010/05/04 20:59:41 (EDT) Scanner results: 42% Scanner(s) (15/36) found malware! File Name : Tkatub.exe File Size : 165376 byte File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5 : 09e7545b91f6a2477befac23bd1778e9 SHA1 : 55f1fab5991718590f7b6e14858a06fe2c93cc2b Online report : http://virscan.org/report/736bc1afa5e6222b...b60aeaaaf8.html Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 4.5.0.8 20100505070509 2010-05-05 5.20 - AhnLab V3 2010.05.05.00 2010.05.05 2010-05-05 1.34 Win-Trojan/Fakeav.165376.M AntiVir 8.2.1.224 7.10.7.39 2010-05-04 0.25 TR/Fakealert.MA.212 Antiy 2.0.18 20100429.4301541 2010-04-29 0.12 - Arcavir 2009 201005041742 2010-05-04 0.09 Heur.W32 Authentium 5.1.1 201005042056 2010-05-04 1.78 - AVAST! 4.7.4 100504-2 2010-05-04 0.01 Win32:Renos-OI [Trj] AVG 8.5.793 271.1.1/2854 2010-05-05 0.22 FakeAV.BKA BitDefender 7.81008.5745528 7.31507 2010-05-05 4.16 - ClamAV 0.95.3 10914 2010-05-05 0.04 - Comodo 3.13.579 4766 2010-05-04 0.94 - CP Secure 1.3.0.5 2010.05.04 2010-05-04 0.06 - Dr.Web 5.0.2.3300 2010.05.05 2010-05-05 6.84 Trojan.DownLoad1.55745 F-Prot 4.4.4.56 20100504 2010-05-04 1.73 - F-Secure 7.02.73807 2010.05.04.15 2010-05-04 0.14 Packed.Win32.Katusha.l [AVP] Fortinet 4.0.14 11.773 2010-05-04 0.22 - GData 21.93/21.31 20100505 2010-05-05 6.84 Packed.Win32.Katusha.l [Engine:A] ViRobot 20100503 2010.05.03 2010-05-03 0.41 - Ikarus T3.1.01.84 2010.05.04.75781 2010-05-04 6.86 - JiangMin 13.0.900 2010.05.04 2010-05-04 1.22 Packed.Katusha.ija Kaspersky 5.5.10 2010.05.04 2010-05-04 0.08 Packed.Win32.Katusha.l KingSoft 2009.2.5.15 2010.5.4.14 2010-05-04 0.69 - McAfee 5400.1158 5972 2010-05-04 0.02 - Microsoft 1.5703 2010.05.04 2010-05-04 6.34 TrojanDownloader:Win32/Renos.LL Norman 6.04.12 6.04.00 2010-05-04 6.01 - Panda 9.05.01 2010.05.04 2010-05-04 3.07 - Trend Micro 9.120-1004 7.146.15 2010-05-04 0.35 - Quick Heal 10.00 2010.05.03 2010-05-03 1.57 - Rising 20.0 22.46.01.01 2010-05-04 0.64 Trojan.Win32.Generic.5201D4D9 Sophos 3.06.0 4.52 2010-05-05 3.67 Mal/FakeAV-DH Sunbelt 3.9.2421.2 6261 2010-05-04 14.95 Trojan.Win32.Bredolab.Gen.pac (v) Symantec 1.3.0.24 20100504.004 2010-05-04 0.10 - nProtect 20100503.01 8108502 2010-05-03 8.79 - The Hacker 6.5.2.0 v00275 2010-05-03 0.51 - VBA32 3.12.12.4 20100504.0938 2010-05-04 11.42 - VirusBuster 4.5.11.10 10.126.15/2004541 2010-05-05 2.31 Trojan.DL.FakeAlert.CJS
  13. OTL logfile created on: 5/4/2010 6:30:09 PM - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Sophia\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 372.61 Gb Total Space | 351.38 Gb Free Space | 94.30% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 113.20 Gb Total Space | 80.39 Gb Free Space | 71.02% Space Free | Partition Type: NTFS Drive G: | 112.85 Gb Total Space | 112.59 Gb Free Space | 99.77% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SOPHIA Current User Name: Sophia Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/05/04 18:28:40 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sophia\Desktop\OTL.com PRC - [2010/04/19 18:14:18 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/08/19 14:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2009/08/19 14:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2008/11/03 10:11:38 | 000,684,712 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe PRC - [2008/11/03 10:11:36 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe PRC - [2008/08/21 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/05/23 12:58:34 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxducoms.exe PRC - [2008/05/23 12:58:22 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxduserv.exe PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe ========== Modules (SafeList) ========== MOD - [2010/05/04 18:28:40 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sophia\Desktop\OTL.com MOD - [2008/08/21 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2010/04/19 18:14:18 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008/05/23 12:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxducoms.exe -- (lxdu_device) SRV - [2008/05/23 12:58:22 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService) SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) ========== Driver Services (SafeList) ========== DRV - [2010/05/01 00:28:50 | 000,070,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Sophia\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk.sys -- (F-Secure Standalone Minifilter) DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2006/05/10 19:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2004/09/22 17:24:00 | 000,014,695 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio) DRV - [2001/08/17 08:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AddThis" FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: sidecar@amazon.com:0.7.1.0 FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.072 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2 FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.6.14 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.3 FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.5 FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6 FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2 FF - prefs.js..extensions.enabledItems: homo_nudus@livejournal.com:9.0.1 FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.0.1 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.8.1 FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:0.4.3 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: activegs@freetoolsassociation.com:3.0.213 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2 FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.4.14.1 FF - prefs.js..keyword.URL: "http://search.addthis.com/search?pco=fxe-3.0.1&locale=en-US&sl=ub&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/01 16:36:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/30 22:00:56 | 000,000,000 | ---D | M] [2010/01/22 17:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Extensions [2010/05/04 17:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions [2010/03/08 16:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2010/01/22 18:14:19 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3} [2010/05/02 11:07:26 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2010/01/26 16:40:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/01/22 17:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2010/03/27 12:29:45 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2010/02/21 22:44:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010/02/21 22:44:40 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2010/04/22 21:46:29 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2010/01/22 18:14:19 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010/04/22 21:46:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/01/22 18:14:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010/04/22 21:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\activegs@freetoolsassociation.com [2010/04/22 21:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\foxmarks@kei.com [2010/04/08 22:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\homo_nudus@livejournal.com [2010/04/08 10:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\isreaditlater@ideashower.com [2010/02/06 17:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\netvideohunter@netvideohunter.com [2010/05/01 00:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\searchrecs@veoh.com [2010/04/26 13:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Mozilla\Firefox\Profiles\1h3g02mt.default\extensions\sidecar@amazon.com [2010/05/04 17:23:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll [2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll O1 HOSTS File: ([2008/08/21 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe () O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe () O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - Startup: C:\Documents and Settings\Sophia\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sophia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/03/31 14:53:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/05/04 18:28:43 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sophia\Desktop\OTL.com [2010/05/04 18:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010/05/04 18:07:33 | 000,000,000 | ---D | C] -- C:\rsit [2010/05/04 18:06:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sophia\Desktop\system restore programs [2010/05/04 17:53:16 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Sophia\Desktop\HiJackThis.exe [2010/05/02 11:57:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010/05/01 19:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2010/05/01 19:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/05/01 11:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sophia\Application Data\Malwarebytes [2010/05/01 11:54:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/05/01 11:54:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/05/01 11:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/05/01 11:54:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/05/01 00:53:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sophia\IECompatCache [2010/05/01 00:52:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sophia\PrivacIE [2010/05/01 00:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure [2010/04/30 23:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/04/30 23:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2010/04/30 22:45:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sophia\IETldCache [2010/04/30 22:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sophia\Application Data\Avira [2010/04/30 22:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sophia\Local Settings\Application Data\gxndllyfi [2010/04/30 22:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sophia\Application Data\4E51CD42BDB6676DED448829AB823145 [2010/04/30 22:00:51 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll [2010/04/30 22:00:51 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2010/04/30 22:00:51 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2010/04/30 22:00:51 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2010/04/30 22:00:47 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm [2010/04/30 22:00:46 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2010/04/30 22:00:45 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll [2010/04/30 22:00:44 | 000,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll [2010/04/30 22:00:43 | 000,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll [2010/04/30 22:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2010/04/30 21:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\FLVCodec [2010/04/30 21:52:13 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll [2010/04/30 21:52:13 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll [2010/04/30 21:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sophia\Application Data\Apowersoft [2010/04/29 21:29:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010/04/29 21:28:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2010/04/29 21:25:59 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2010/04/29 21:25:59 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2010/04/29 21:25:58 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2010/04/29 18:20:36 | 000,032,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll [2010/04/28 03:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sophia\Desktop\CHASE SUPPORT [2010/04/25 23:02:00 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2010/04/25 23:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2 [2010/04/25 23:00:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2010/04/25 23:00:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2010/04/19 09:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sophia\Desktop\Estate [2010/04/14 15:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R [2010/04/14 15:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sophia\Application Data\Lexmark Productivity Studio [2010/04/06 12:00:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010/01/27 20:14:07 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduserv.dll [2010/01/27 20:14:07 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduusb1.dll [2010/01/27 20:14:07 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxducomc.dll [2010/01/27 20:14:07 | 000,679,936 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduhbn3.dll [2010/01/27 20:14:07 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdupmui.dll [2010/01/27 20:14:07 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdulmpm.dll [2010/01/27 20:14:07 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDUhcp.dll [2010/01/27 20:14:07 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxducomm.dll [2010/01/27 20:14:07 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduinpa.dll [2010/01/27 20:14:07 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduiesc.dll [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/05/04 18:18:15 | 000,012,684 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/05/04 18:17:40 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010/05/04 18:17:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/05/04 18:17:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/05/04 16:37:41 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\Mozilla Firefox.lnk [2010/05/03 17:10:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Sophia\defogger_reenable [2010/05/02 12:01:23 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Sophia\ntuser.ini [2010/05/01 22:39:06 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Sophia\NTUSER.DAT [2010/05/01 11:40:54 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/04/30 22:44:41 | 000,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/04/30 22:38:26 | 000,165,376 | ---- | M] () -- C:\WINDOWS\Tkatub.exe [2010/04/30 22:37:58 | 000,165,376 | ---- | M] () -- C:\WINDOWS\Tkatua.exe [2010/04/30 08:57:00 | 000,010,882 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\Chase statement of support payments spreadsheet.xlsx [2010/04/30 08:57:00 | 000,000,165 | -H-- | M] () -- C:\Documents and Settings\Sophia\Desktop\~$Chase statement of support payments spreadsheet.xlsx [2010/04/29 22:12:57 | 000,016,495 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\Blank Trust.docx [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/04/29 13:22:09 | 000,000,969 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\Shortcut to Mount Saint Mary Summer 2010.lnk [2010/04/26 03:16:37 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2010/04/26 03:16:37 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2010/04/25 23:01:53 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini [2010/04/25 23:01:52 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\Windows Media Player.lnk [2010/04/25 23:01:05 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2010/04/25 23:00:21 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2010/04/21 12:31:21 | 000,006,448 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\email to JT for files 07.htm [2010/04/20 17:09:31 | 000,038,958 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\celebrating home logo [2010/04/14 18:10:38 | 005,823,176 | -H-- | M] () -- C:\Documents and Settings\Sophia\Local Settings\Application Data\IconCache.db [2010/04/05 19:00:18 | 000,021,314 | ---- | M] () -- C:\Documents and Settings\Sophia\Desktop\mercury broker of record.pdf [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/05/04 18:05:16 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\RSIT.exe [2010/05/04 18:03:56 | 000,867,892 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\SecurityCheck.exe [2010/05/04 16:37:41 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\Mozilla Firefox.lnk [2010/05/03 17:15:23 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\jl662uer.exe [2010/05/03 17:10:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sophia\defogger_reenable [2010/05/03 17:10:01 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\Shortcut to Defogger.lnk [2010/04/30 22:38:52 | 000,165,376 | ---- | C] () -- C:\WINDOWS\Tkatub.exe [2010/04/30 22:38:29 | 000,165,376 | ---- | C] () -- C:\WINDOWS\Tkatua.exe [2010/04/30 22:38:10 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010/04/30 22:00:50 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010/04/30 22:00:49 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010/04/30 22:00:47 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml [2010/04/30 22:00:45 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010/04/30 22:00:45 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010/04/30 22:00:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2010/04/30 08:57:00 | 000,010,882 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\Chase statement of support payments spreadsheet.xlsx [2010/04/30 08:57:00 | 000,000,165 | -H-- | C] () -- C:\Documents and Settings\Sophia\Desktop\~$Chase statement of support payments spreadsheet.xlsx [2010/04/29 22:12:57 | 000,016,495 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\Blank Trust.docx [2010/04/29 13:22:09 | 000,000,969 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\Shortcut to Mount Saint Mary Summer 2010.lnk [2010/04/27 13:20:04 | 000,005,612 | ---- | C] () -- C:\Documents and Settings\All Users\lxduJSW.log [2010/04/25 23:01:52 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\Windows Media Player.lnk [2010/04/25 23:00:21 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2010/04/21 12:31:20 | 000,006,448 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\email to JT for files 07.htm [2010/04/20 17:09:28 | 000,038,958 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\celebrating home logo [2010/04/05 19:00:18 | 000,021,314 | ---- | C] () -- C:\Documents and Settings\Sophia\Desktop\mercury broker of record.pdf [2010/01/27 20:15:25 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\lxducoin.dll [2010/01/27 20:15:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxduvs.dll [2010/01/27 20:14:51 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\lxdudrs.dll [2010/01/27 20:14:51 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxducaps.dll [2010/01/27 20:14:51 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxducnv4.dll [2010/01/27 20:14:07 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\LXDUinst.dll [2010/01/27 20:14:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdugrd.dll [2009/03/31 14:10:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009/03/31 13:33:17 | 000,000,131 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini ========== LOP Check ========== [2010/05/01 00:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure [2010/02/06 18:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5 [2010/04/14 15:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R [2009/03/31 15:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [2010/02/22 12:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010/05/01 16:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\4E51CD42BDB6676DED448829AB823145 [2010/04/01 15:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Amazon [2010/04/30 21:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Apowersoft [2010/04/14 15:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\Lexmark Productivity Studio [2010/01/22 17:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\OpenOffice.org [2010/02/06 17:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sophia\Application Data\River Past G5 [2010/05/04 18:17:40 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job ========== Purity Check ========== < End of report > OTL Extras logfile created on: 5/4/2010 6:30:09 PM - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Sophia\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 372.61 Gb Total Space | 351.38 Gb Free Space | 94.30% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 113.20 Gb Total Space | 80.39 Gb Free Space | 71.02% Space Free | Partition Type: NTFS Drive G: | 112.85 Gb Total Space | 112.59 Gb Free Space | 99.77% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SOPHIA Current User Name: Sophia Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services "3730:TCP" = 3730:TCP:*:Enabled:Services "5960:TCP" = 5960:TCP:*:Enabled:Services "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services "3730:TCP" = 3730:TCP:*:Enabled:Services "5960:TCP" = 5960:TCP:*:Enabled:Services "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- () "C:\WINDOWS\system32\lxducoms.exe" = C:\WINDOWS\system32\lxducoms.exe:*:Enabled:5600-6600 Series Server -- ( ) "C:\Program Files\Video Cleaner\VideoCleaner.exe" = C:\Program Files\Video Cleaner\VideoCleaner.exe:*:Enabled:River Past Video Cleaner -- File not found "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 17 "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin "{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver "{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2 "{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007 "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Amazon Kindle For PC" = Amazon Kindle For PC v1.0 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2 "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "Digital Editions" = Adobe Digital Editions "FLVCodec" = PlayFLV "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "ie8" = Windows Internet Explorer 8 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.8.3 "Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007 "Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin "Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "PROHYBRIDR" = 2007 Microsoft Office system "RocketDock_is1" = RocketDock 1.3.5 "VLC media player" = VLC media player 1.0.3 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "WMV9_VCM" = Microsoft Windows Media Video 9 VCM "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 5/3/2010 9:23:58 PM | Computer Name = SOPHIA | Source = ESENT | ID = 455 Description = wuaueng.dll (1892) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Error - 5/3/2010 9:29:09 PM | Computer Name = SOPHIA | Source = ESENT | ID = 489 Description = wuauclt (2888) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error - 5/3/2010 9:29:09 PM | Computer Name = SOPHIA | Source = ESENT | ID = 455 Description = wuaueng.dll (2888) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Error - 5/3/2010 9:29:20 PM | Computer Name = SOPHIA | Source = ESENT | ID = 489 Description = wuauclt (2888) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error - 5/3/2010 9:29:20 PM | Computer Name = SOPHIA | Source = ESENT | ID = 455 Description = wuaueng.dll (2888) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Error - 5/3/2010 9:35:32 PM | Computer Name = SOPHIA | Source = ESENT | ID = 489 Description = wuauclt (532) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error - 5/3/2010 9:35:32 PM | Computer Name = SOPHIA | Source = ESENT | ID = 455 Description = wuaueng.dll (532) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Error - 5/3/2010 10:16:57 PM | Computer Name = SOPHIA | Source = Userenv | ID = 1007 Description = Windows cannot determine the associated site for this computer. (The RPC server is too busy to complete this operation. ). Group Policy processing aborted. Error - 5/3/2010 11:33:06 PM | Computer Name = SOPHIA | Source = ESENT | ID = 455 Description = wuaueng.dll (1084) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Error - 5/4/2010 1:43:08 AM | Computer Name = SOPHIA | Source = Userenv | ID = 1007 Description = Windows cannot determine the associated site for this computer. (The RPC server is too busy to complete this operation. ). Group Policy processing aborted. [ Application Events ] Error - 5/3/2010 9:23:58 PM | Computer Name = SOPHIA | Source = ESENT | ID = 455 Description = wuaueng.dll (1892) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Error - 5/3/2010 9:29:09 PM | Computer Name = SOPHIA | Source = ESENT | ID = 489 Description = wuauclt (2888) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error - 5/3/2010 9:29:09 PM | Computer Name = SOPHIA | Source = ESENT | ID = 455 Description = wuaueng.dll (2888) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Error - 5/3/2010 9:29:20 PM | Computer Name = SOPHIA | Source = ESENT | ID = 489 Description = wuauclt (2888) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error - 5/3/2010 9:29:20 PM | Computer Name = SOPHIA | Source = ESENT | ID = 455 Description = wuaueng.dll (2888) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Error - 5/3/2010 9:35:32 PM | Computer Name = SOPHIA | Source = ESENT | ID = 489 Description = wuauclt (532) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error - 5/3/2010 9:35:32 PM | Computer Name = SOPHIA | Source = ESENT | ID = 455 Description = wuaueng.dll (532) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Error - 5/3/2010 10:16:57 PM | Computer Name = SOPHIA | Source = Userenv | ID = 1007 Description = Windows cannot determine the associated site for this computer. (The RPC server is too busy to complete this operation. ). Group Policy processing aborted. Error - 5/3/2010 11:33:06 PM | Computer Name = SOPHIA | Source = ESENT | ID = 455 Description = wuaueng.dll (1084) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Error - 5/4/2010 1:43:08 AM | Computer Name = SOPHIA | Source = Userenv | ID = 1007 Description = Windows cannot determine the associated site for this computer. (The RPC server is too busy to complete this operation. ). Group Policy processing aborted. [ System Events ] Error - 5/4/2010 6:43:52 AM | Computer Name = SOPHIA | Source = Service Control Manager | ID = 7000 Description = The NetGroup Packet Filter Driver service failed to start due to the following error: %%2 Error - 5/4/2010 4:36:08 PM | Computer Name = SOPHIA | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 5/4/2010 4:36:08 PM | Computer Name = SOPHIA | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 5/4/2010 4:36:15 PM | Computer Name = SOPHIA | Source = Service Control Manager | ID = 7000 Description = The NetGroup Packet Filter Driver service failed to start due to the following error: %%2 Error - 5/4/2010 5:12:12 PM | Computer Name = SOPHIA | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 5/4/2010 5:12:12 PM | Computer Name = SOPHIA | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 5/4/2010 5:12:29 PM | Computer Name = SOPHIA | Source = Service Control Manager | ID = 7000 Description = The NetGroup Packet Filter Driver service failed to start due to the following error: %%2 Error - 5/4/2010 6:17:49 PM | Computer Name = SOPHIA | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 5/4/2010 6:17:49 PM | Computer Name = SOPHIA | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 5/4/2010 6:18:08 PM | Computer Name = SOPHIA | Source = Service Control Manager | ID = 7000 Description = The NetGroup Packet Filter Driver service failed to start due to the following error: %%2 < End of report >
  14. Results of screen317's Security Check version 0.99.4 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Avira AntiVir Personal - Free Antivirus Antivirus out of date! (On Access scanning disabled!) ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 17 Out of date Java installed! Adobe Flash Player 10.0.45.2 Adobe Reader 9.3.2 Mozilla Firefox (3.6.3) ```````````````````````````````` Process Check: objlist.exe by Laurent Avira Antivir avgnt.exe Avira Antivir avguard.exe Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log```````````` Logfile of random's system information tool 1.06 (written by random/random) Run by Sophia at 2010-05-04 18:07:33 Microsoft Windows XP Professional Service Pack 3 System drive C: has 360 GB (94%) free of 382 GB Total RAM: 2038 MB (66% free) HijackThis download failed ======Scheduled tasks folder====== C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-03 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-02-07 94208] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-02-07 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-02-07 118784] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] "lxdumon.exe"=C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe [2008-11-03 684712] "lxduamon"=C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe [2008-11-03 16040] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-08-21 15360] "RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616] C:\Documents and Settings\Sophia\Start Menu\Programs\Startup OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2006-02-07 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player" "C:\WINDOWS\system32\lxducoms.exe"="C:\WINDOWS\system32\lxducoms.exe:*:Enabled:5600-6600 Series Server" "C:\Program Files\Video Cleaner\VideoCleaner.exe"="C:\Program Files\Video Cleaner\VideoCleaner.exe:*:Enabled:River Past Video Cleaner" "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player " "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-05-04 18:07:33 ----D---- C:\rsit 2010-05-04 18:07:33 ----D---- C:\Program Files\trend micro 2010-05-02 11:57:41 ----HDC---- C:\WINDOWS\ie8 2010-05-01 11:54:54 ----D---- C:\Documents and Settings\Sophia\Application Data\Malwarebytes 2010-05-01 11:54:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-05-01 11:54:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-05-01 00:34:12 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure 2010-04-30 22:39:57 ----D---- C:\Documents and Settings\Sophia\Application Data\Avira 2010-04-30 22:38:52 ----A---- C:\WINDOWS\Tkatub.exe 2010-04-30 22:38:29 ----A---- C:\WINDOWS\Tkatua.exe 2010-04-30 22:38:13 ----D---- C:\Documents and Settings\Sophia\Application Data\4E51CD42BDB6676DED448829AB823145 2010-04-30 22:00:51 ----A---- C:\WINDOWS\system32\rmoc3260.dll 2010-04-30 22:00:51 ----A---- C:\WINDOWS\system32\pndx5032.dll 2010-04-30 22:00:51 ----A---- C:\WINDOWS\system32\pndx5016.dll 2010-04-30 22:00:51 ----A---- C:\WINDOWS\system32\pncrt.dll 2010-04-30 22:00:50 ----A---- C:\WINDOWS\system32\unrar.dll 2010-04-30 22:00:49 ----A---- C:\WINDOWS\avisplitter.ini 2010-04-30 22:00:45 ----A---- C:\WINDOWS\system32\yv12vfw.dll 2010-04-30 22:00:45 ----A---- C:\WINDOWS\system32\xvidvfw.dll 2010-04-30 22:00:45 ----A---- C:\WINDOWS\system32\xvidcore.dll 2010-04-30 22:00:44 ----A---- C:\WINDOWS\system32\qt-dx331.dll 2010-04-30 22:00:44 ----A---- C:\WINDOWS\system32\dpl100.dll 2010-04-30 22:00:43 ----A---- C:\WINDOWS\system32\divx.dll 2010-04-30 22:00:39 ----D---- C:\Program Files\K-Lite Codec Pack 2010-04-30 21:58:15 ----D---- C:\Program Files\FLVCodec 2010-04-30 21:52:13 ----D---- C:\Documents and Settings\Sophia\Application Data\Apowersoft 2010-04-30 21:52:13 ----A---- C:\WINDOWS\system32\wpcap.dll 2010-04-30 21:52:13 ----A---- C:\WINDOWS\system32\Packet.dll 2010-04-29 21:29:11 ----D---- C:\WINDOWS\ie8updates 2010-04-29 21:28:29 ----D---- C:\WINDOWS\WBEM 2010-04-29 18:20:36 ----A---- C:\WINDOWS\system32\msonpmon.dll 2010-04-27 03:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$ 2010-04-27 03:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$ 2010-04-27 03:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$ 2010-04-27 03:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$ 2010-04-25 23:02:00 ----N---- C:\WINDOWS\system32\spmsg.dll 2010-04-25 23:01:59 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$ 2010-04-25 23:01:44 ----D---- C:\Program Files\Windows Media Connect 2 2010-04-25 23:01:34 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$ 2010-04-25 23:00:49 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$ 2010-04-25 23:00:15 ----D---- C:\WINDOWS\system32\LogFiles 2010-04-25 23:00:11 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$ 2010-04-14 15:36:58 ----D---- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R 2010-04-14 15:33:52 ----D---- C:\Documents and Settings\Sophia\Application Data\Lexmark Productivity Studio 2010-04-14 03:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$ 2010-04-14 03:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$ 2010-04-14 03:03:00 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$ 2010-04-14 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$ 2010-04-14 03:01:33 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$ 2010-04-14 03:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$ 2010-04-14 03:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$ 2010-04-14 03:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$ 2010-04-06 12:00:51 ----D---- C:\WINDOWS\system32\NtmsData ======List of files/folders modified in the last 1 months====== 2010-05-04 18:07:33 ----RD---- C:\Program Files 2010-05-04 18:04:30 ----D---- C:\WINDOWS\Temp 2010-05-04 18:04:18 ----D---- C:\WINDOWS\Prefetch 2010-05-04 17:12:39 ----D---- C:\WINDOWS\system32\CatRoot2 2010-05-03 06:35:49 ----D---- C:\WINDOWS\system32 2010-05-03 06:35:46 ----D---- C:\WINDOWS 2010-05-03 06:35:06 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-05-03 06:35:06 ----HD---- C:\WINDOWS\inf 2010-05-03 06:35:06 ----D---- C:\WINDOWS\Help 2010-05-03 06:35:06 ----D---- C:\Program Files\Internet Explorer 2010-05-02 12:01:36 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-05-02 12:00:26 ----D---- C:\WINDOWS\system32\en-US 2010-05-02 12:00:08 ----D---- C:\WINDOWS\Media 2010-05-02 11:14:23 ----D---- C:\WINDOWS\Registration 2010-05-02 11:04:29 ----SHD---- C:\WINDOWS\Installer 2010-05-02 11:04:27 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2010-05-02 11:03:10 ----RSD---- C:\WINDOWS\assembly 2010-05-02 10:55:04 ----SHD---- C:\System Volume Information 2010-05-01 22:39:21 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$ 2010-05-01 22:39:21 ----D---- C:\WINDOWS\system32\drivers 2010-05-01 17:00:43 ----D---- C:\Program Files\Common Files\Apple 2010-05-01 16:55:25 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2010-05-01 16:54:13 ----SD---- C:\WINDOWS\Tasks 2010-05-01 11:40:54 ----A---- C:\WINDOWS\imsins.BAK 2010-05-01 11:40:45 ----HD---- C:\WINDOWS\$hf_mig$ 2010-05-01 00:45:48 ----D---- C:\Documents and Settings 2010-04-29 21:28:36 ----D---- C:\WINDOWS\system32\config 2010-04-29 18:16:57 ----D---- C:\Program Files\Common Files\Microsoft Shared 2010-04-29 16:10:35 ----D---- C:\Program Files\Mozilla Firefox 2010-04-29 13:18:35 ----D---- C:\Program Files\MSECache 2010-04-27 03:02:16 ----D---- C:\WINDOWS\system32\CatRoot 2010-04-26 03:16:08 ----D---- C:\Program Files\Windows Media Player 2010-04-25 23:01:53 ----A---- C:\WINDOWS\win.ini 2010-04-25 23:00:40 ----D---- C:\Documents and Settings\Sophia\Application Data\vlc 2010-04-06 13:52:54 ----A---- C:\WINDOWS\system32\MRT.exe 2010-04-06 12:00:51 ----D---- C:\WINDOWS\repair 2010-04-05 19:26:04 ----D---- C:\WINDOWS\WinSxS ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-08-21 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-08-21 14592] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-08-21 10368] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-02-07 1399615] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 portio;TPM Service; C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys [2004-09-22 14695] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-08-21 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-08-21 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-08-21 59520] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-08-21 20608] S2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [] S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591] S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; \??\C:\DOCUME~1\Sophia\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-19 267432] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 lxdu_device;lxdu_device; C:\WINDOWS\system32\lxducoms.exe [2008-05-23 594600] R2 lxduCATSCustConnectService;lxduCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe [2008-05-23 98984] R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968] R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904] R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe -d -f C:\Program Files\WinPcap\rpcapd.ini [] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-08-21 14336] S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
  15. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:53:29 PM, on 5/4/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe C:\WINDOWS\system32\lxducoms.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Sophia\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe" O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) -- End of file - 5364 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.