Jump to content

madmelvin

Members
  • Posts

    9
  • Joined

  • Last visited

Everything posted by madmelvin

  1. Thank you! Everything appears to be working.
  2. The computer seems to be running okay now. The first time I ran eset the computer went into hibernation and the program said it was stopped by user. Below is the log from the partial run. I ran it again after turning off hibernation and it didn't find anything else. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\h8l1hnew.default\Cache(2)\1779B888d01 a variant of Win32/Adware.Toolbar.Shopper.AA application deleted - quarantined
  3. mbam log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4290 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/9/2010 5:23:54 PM mbam-log-2010-07-09 (17-23-54).txt Scan type: Full scan (C:\|) Objects scanned: 220192 Time elapsed: 1 hour(s), 15 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  4. Here's the Combofix log: ComboFix 10-07-08.02 - Owner 07/09/2010 13:04:26.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.310 [GMT -6:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 ))))))))))))))))))))))))))))))) . 2010-07-08 22:03 . 2010-07-08 22:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira 2010-07-08 05:24 . 2010-03-01 16:05 124784 ----a-w- c:\winnt\system32\drivers\avipbb.sys 2010-07-08 05:24 . 2010-02-16 20:24 60936 ----a-w- c:\winnt\system32\drivers\avgntflt.sys 2010-07-08 05:24 . 2009-05-11 18:49 45416 ----a-w- c:\winnt\system32\drivers\avgntdd.sys 2010-07-08 05:24 . 2009-05-11 18:49 22360 ----a-w- c:\winnt\system32\drivers\avgntmgr.sys 2010-07-08 05:24 . 2010-07-08 05:24 -------- d-----w- c:\program files\Avira 2010-07-08 05:24 . 2010-07-08 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-07-08 04:18 . 2010-04-29 21:39 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys 2010-07-08 04:18 . 2010-07-08 04:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-08 04:18 . 2010-04-29 21:39 20952 ----a-w- c:\winnt\system32\drivers\mbam.sys 2010-07-08 03:47 . 2010-07-08 04:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\hpnhlncer 2010-07-06 16:38 . 2010-07-06 16:38 -------- d-----w- c:\documents and settings\Owner\Application Data\Tific 2010-07-06 16:38 . 2010-07-06 16:38 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Symantec 2010-06-24 18:10 . 2010-06-24 18:10 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Qwest 2010-06-24 18:05 . 2010-06-24 18:05 -------- d-----w- c:\program files\Windows Sidebar 2010-06-24 18:05 . 2010-07-06 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-06-24 18:05 . 2010-06-24 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2010-06-11 01:28 . 2010-05-06 10:41 743424 ------w- c:\winnt\system32\dllcache\iedvtool.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-09 19:13 . 2008-11-30 22:15 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA 2010-07-09 18:00 . 2002-11-21 23:18 24 ----a-w- c:\winnt\system32\DVCStateBkp-{00000002-00000000-0000000C-00001102-00000004-00581102}.dat 2010-07-09 18:00 . 2002-11-21 23:18 24 ----a-w- c:\winnt\system32\DVCState-{00000002-00000000-0000000C-00001102-00000004-00581102}.dat 2010-07-08 22:02 . 2008-11-30 22:15 -------- d-----w- c:\program files\DNA 2010-07-07 02:27 . 2009-12-23 00:20 -------- d-----w- c:\program files\SummaWinplot 2010-07-06 16:52 . 2008-07-30 23:04 -------- d-----w- c:\program files\Qwest 2010-07-06 16:52 . 2002-11-14 13:56 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-06 16:48 . 2002-11-14 14:00 -------- d-----w- c:\program files\Symantec 2010-07-06 16:48 . 2002-11-14 14:00 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-07-06 16:38 . 2002-11-18 23:26 -------- d-----w- c:\program files\ACAD2000 2010-06-29 17:28 . 2002-11-14 13:59 -------- d-----w- c:\program files\Microsoft Works 2010-06-28 04:48 . 2010-04-05 00:00 439816 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\setup.exe 2010-06-05 22:55 . 2008-08-09 09:08 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-19 04:37 . 2009-10-18 04:06 -------- d-----w- c:\program files\Common Files\TeacherWorks 2010-05-06 10:41 . 2004-02-07 00:05 916480 ----a-w- c:\winnt\system32\wininet.dll 2010-05-02 05:22 . 2002-12-13 16:57 1851264 ----a-w- c:\winnt\system32\win32k.sys 2010-04-20 05:30 . 1980-01-01 06:00 285696 ----a-w- c:\winnt\system32\atmfd.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 200767] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-24 143360] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-25 198160] "NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2006-10-22 7700480] "QuickCare"="c:\program files\Qwest\Quickcare\bin\sprtcmd.exe" [2010-01-16 206120] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] c:\documents and settings\Owner\Start Menu\Programs\Startup\ Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9000:TCP"= 9000:TCP:Squeezebox Server 9000 tcp (UI) "9001:TCP"= 9001:TCP:Squeezebox Server 9001 tcp (UI) "9002:TCP"= 9002:TCP:Squeezebox Server 9002 tcp (UI) "9003:TCP"= 9003:TCP:Squeezebox Server 9003 tcp (UI) "9004:TCP"= 9004:TCP:Squeezebox Server 9004 tcp (UI) "9005:TCP"= 9005:TCP:Squeezebox Server 9005 tcp (UI) "9006:TCP"= 9006:TCP:Squeezebox Server 9006 tcp (UI) "9007:TCP"= 9007:TCP:Squeezebox Server 9007 tcp (UI) "9008:TCP"= 9008:TCP:Squeezebox Server 9008 tcp (UI) "9009:TCP"= 9009:TCP:Squeezebox Server 9009 tcp (UI) "9010:TCP"= 9010:TCP:Squeezebox Server 9010 tcp (UI) "9100:TCP"= 9100:TCP:Squeezebox Server 9100 tcp (UI) "8000:TCP"= 8000:TCP:Squeezebox Server 8000 tcp (UI) "10000:TCP"= 10000:TCP:Squeezebox Server 10000 tcp (UI) "9090:TCP"= 9090:TCP:Squeezebox Server 9090 tcp (UI) "3483:UDP"= 3483:UDP:Squeezebox Server 3483 udp "3483:TCP"= 3483:TCP:Squeezebox Server 3483 tcp R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/7/2010 11:24 PM 135336] R2 mrtRate;mrtRate;c:\winnt\system32\drivers\MrtRate.sys [11/14/2002 8:00 AM 34712] R2 RioPNP;RioPNP;c:\winnt\system32\drivers\RioPnP.sys [11/14/2002 8:00 AM 6736] R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728] R2 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\Qwest\Quickcare\bin\sprtsvc.exe [3/13/2010 11:58 AM 206120] R2 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\Qwest\Quickcare\bin\tgsrvc.exe [3/13/2010 11:58 AM 185640] S2 Seagate Sync Service;Seagate Sync Service;"c:\program files\Seagate\Sync\SeaSyncServices.exe" --> c:\program files\Seagate\Sync\SeaSyncServices.exe [?] S3 FilterService2;Canon BJ Hid Usb Filter Service2;c:\winnt\system32\drivers\bjhid2.sys [1/17/2004 7:17 PM 6528] S3 idrmkl;idrmkl;\??\c:\docume~1\Owner\LOCALS~1\Temp\idrmkl.sys --> c:\docume~1\Owner\LOCALS~1\Temp\idrmkl.sys [?] S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\Qctest\PCDoc\PCDRDRV.sys --> c:\atf\Qctest\PCDoc\PCDRDRV.sys [?] S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;c:\winnt\system32\drivers\SWUSBFLT.SYS [4/22/2004 1:59 PM 3968] --- Other Services/Drivers In Memory --- *NewlyCreated* - NMSSVC *NewlyCreated* - RSVP . Contents of the 'Scheduled Tasks' folder 2010-07-07 c:\winnt\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34] 2010-07-09 c:\winnt\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 21:54] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mWindow Title = Microsoft Internet Explorer presented by Comcast uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html Trusted Zone: aol.com\free Trusted Zone: turbotax.com DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\Gateway\Do More\DoMoreRunExe.CAB DPF: {511073AD-BE56-4D43-AE68-93390514385E} - hcp://system/TechTools.CAB FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\h8l1hnew.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-i3752&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-09 13:14 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(704) c:\winnt\system32\NavLogon.dll - - - - - - - > 'explorer.exe'(2464) c:\winnt\system32\WININET.dll c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll c:\program files\Common Files\Ahead\Lib\MFC71U.DLL c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll c:\winnt\system32\ieframe.dll c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL c:\winnt\system32\webcheck.dll c:\winnt\system32\WPDShServiceObj.dll c:\winnt\system32\PortableDeviceTypes.dll c:\winnt\system32\PortableDeviceApi.dll . Completion time: 2010-07-09 13:21:40 ComboFix-quarantined-files.txt 2010-07-09 19:21 ComboFix2.txt 2010-07-09 17:01 Pre-Run: 19,802,525,696 bytes free Post-Run: 19,791,011,840 bytes free - - End Of File - - AF8B2D703AA525B8A5BBC82BB24F1C8C
  5. I unchecked something under internet options, lan settings, proxy server and now I can access the internet. Here is the log from the combofix: ComboFix 10-07-08.02 - Owner 07/09/2010 10:40:16.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.298 [GMT -6:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\test.txt c:\winnt\system\PHONETIC.FON c:\winnt\system32\encapi32.dll . ((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 ))))))))))))))))))))))))))))))) . 2010-07-08 22:03 . 2010-07-08 22:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira 2010-07-08 05:24 . 2010-03-01 16:05 124784 ----a-w- c:\winnt\system32\drivers\avipbb.sys 2010-07-08 05:24 . 2010-02-16 20:24 60936 ----a-w- c:\winnt\system32\drivers\avgntflt.sys 2010-07-08 05:24 . 2009-05-11 18:49 45416 ----a-w- c:\winnt\system32\drivers\avgntdd.sys 2010-07-08 05:24 . 2009-05-11 18:49 22360 ----a-w- c:\winnt\system32\drivers\avgntmgr.sys 2010-07-08 05:24 . 2010-07-08 05:24 -------- d-----w- c:\program files\Avira 2010-07-08 05:24 . 2010-07-08 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-07-08 04:18 . 2010-04-29 21:39 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys 2010-07-08 04:18 . 2010-07-08 04:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-08 04:18 . 2010-04-29 21:39 20952 ----a-w- c:\winnt\system32\drivers\mbam.sys 2010-07-08 03:47 . 2010-07-08 04:34 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\hpnhlncer 2010-07-06 16:38 . 2010-07-06 16:38 -------- d-----w- c:\documents and settings\Owner\Application Data\Tific 2010-07-06 16:38 . 2010-07-06 16:38 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Symantec 2010-06-24 18:10 . 2010-06-24 18:10 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Qwest 2010-06-24 18:05 . 2010-06-24 18:05 -------- d-----w- c:\program files\Windows Sidebar 2010-06-24 18:05 . 2010-07-06 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-06-24 18:05 . 2010-06-24 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2010-06-11 01:28 . 2010-05-06 10:41 743424 ------w- c:\winnt\system32\dllcache\iedvtool.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-09 16:52 . 2008-11-30 22:15 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA 2010-07-09 03:49 . 2002-11-21 23:18 24 ----a-w- c:\winnt\system32\DVCStateBkp-{00000002-00000000-0000000C-00001102-00000004-00581102}.dat 2010-07-09 03:49 . 2002-11-21 23:18 24 ----a-w- c:\winnt\system32\DVCState-{00000002-00000000-0000000C-00001102-00000004-00581102}.dat 2010-07-08 22:02 . 2008-11-30 22:15 -------- d-----w- c:\program files\DNA 2010-07-07 02:27 . 2009-12-23 00:20 -------- d-----w- c:\program files\SummaWinplot 2010-07-06 16:52 . 2008-07-30 23:04 -------- d-----w- c:\program files\Qwest 2010-07-06 16:52 . 2002-11-14 13:56 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-06 16:48 . 2002-11-14 14:00 -------- d-----w- c:\program files\Symantec 2010-07-06 16:48 . 2002-11-14 14:00 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-07-06 16:38 . 2002-11-18 23:26 -------- d-----w- c:\program files\ACAD2000 2010-06-29 17:28 . 2002-11-14 13:59 -------- d-----w- c:\program files\Microsoft Works 2010-06-28 04:48 . 2010-04-05 00:00 439816 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\setup.exe 2010-06-05 22:55 . 2008-08-09 09:08 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-19 04:37 . 2009-10-18 04:06 -------- d-----w- c:\program files\Common Files\TeacherWorks 2010-05-06 10:41 . 2004-02-07 00:05 916480 ----a-w- c:\winnt\system32\wininet.dll 2010-05-02 05:22 . 2002-12-13 16:57 1851264 ----a-w- c:\winnt\system32\win32k.sys 2010-04-20 05:30 . 1980-01-01 06:00 285696 ----a-w- c:\winnt\system32\atmfd.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 200767] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-24 143360] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-25 198160] "NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2006-10-22 7700480] "QuickCare"="c:\program files\Qwest\Quickcare\bin\sprtcmd.exe" [2010-01-16 206120] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] c:\documents and settings\Owner\Start Menu\Programs\Startup\ Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9000:TCP"= 9000:TCP:Squeezebox Server 9000 tcp (UI) "9001:TCP"= 9001:TCP:Squeezebox Server 9001 tcp (UI) "9002:TCP"= 9002:TCP:Squeezebox Server 9002 tcp (UI) "9003:TCP"= 9003:TCP:Squeezebox Server 9003 tcp (UI) "9004:TCP"= 9004:TCP:Squeezebox Server 9004 tcp (UI) "9005:TCP"= 9005:TCP:Squeezebox Server 9005 tcp (UI) "9006:TCP"= 9006:TCP:Squeezebox Server 9006 tcp (UI) "9007:TCP"= 9007:TCP:Squeezebox Server 9007 tcp (UI) "9008:TCP"= 9008:TCP:Squeezebox Server 9008 tcp (UI) "9009:TCP"= 9009:TCP:Squeezebox Server 9009 tcp (UI) "9010:TCP"= 9010:TCP:Squeezebox Server 9010 tcp (UI) "9100:TCP"= 9100:TCP:Squeezebox Server 9100 tcp (UI) "8000:TCP"= 8000:TCP:Squeezebox Server 8000 tcp (UI) "10000:TCP"= 10000:TCP:Squeezebox Server 10000 tcp (UI) "9090:TCP"= 9090:TCP:Squeezebox Server 9090 tcp (UI) "3483:UDP"= 3483:UDP:Squeezebox Server 3483 udp "3483:TCP"= 3483:TCP:Squeezebox Server 3483 tcp R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/7/2010 11:24 PM 135336] R2 mrtRate;mrtRate;c:\winnt\system32\drivers\MrtRate.sys [11/14/2002 8:00 AM 34712] R2 RioPNP;RioPNP;c:\winnt\system32\drivers\RioPnP.sys [11/14/2002 8:00 AM 6736] R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728] R2 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\Qwest\Quickcare\bin\sprtsvc.exe [3/13/2010 11:58 AM 206120] R2 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\Qwest\Quickcare\bin\tgsrvc.exe [3/13/2010 11:58 AM 185640] S2 Seagate Sync Service;Seagate Sync Service;"c:\program files\Seagate\Sync\SeaSyncServices.exe" --> c:\program files\Seagate\Sync\SeaSyncServices.exe [?] S3 FilterService2;Canon BJ Hid Usb Filter Service2;c:\winnt\system32\drivers\bjhid2.sys [1/17/2004 7:17 PM 6528] S3 idrmkl;idrmkl;\??\c:\docume~1\Owner\LOCALS~1\Temp\idrmkl.sys --> c:\docume~1\Owner\LOCALS~1\Temp\idrmkl.sys [?] S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\Qctest\PCDoc\PCDRDRV.sys --> c:\atf\Qctest\PCDoc\PCDRDRV.sys [?] S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;c:\winnt\system32\drivers\SWUSBFLT.SYS [4/22/2004 1:59 PM 3968] --- Other Services/Drivers In Memory --- *NewlyCreated* - NMSSVC *NewlyCreated* - RSVP . Contents of the 'Scheduled Tasks' folder 2010-07-07 c:\winnt\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34] 2010-07-08 c:\winnt\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 21:54] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mWindow Title = Microsoft Internet Explorer presented by Comcast uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5577 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html Trusted Zone: aol.com\free Trusted Zone: turbotax.com DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\Gateway\Do More\DoMoreRunExe.CAB DPF: {511073AD-BE56-4D43-AE68-93390514385E} - hcp://system/TechTools.CAB FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\h8l1hnew.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-i3752&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/ FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - ORPHANS REMOVED - - - - AddRemove-comcastDD - c:\program files\Support.com\providerComcast\Uninstall.exe AddRemove-Creative Driver - c:\winnt\System32\ctdrvins ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-09 10:52 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(704) c:\winnt\system32\NavLogon.dll . Completion time: 2010-07-09 11:01:37 ComboFix-quarantined-files.txt 2010-07-09 17:01 Pre-Run: 18,546,647,040 bytes free Post-Run: 19,790,274,560 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINNT [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - 0FB56521572F56B762505A28B328EA7E
  6. Thank you, but I will no longer need your help.
  7. So, the problem is that AV Security Suite popped up on my computer. It was doing the usual pop-ups and redirecting my webpages. I ran malwarebytes anti-malware program and deleted 10 problems, but I still could not access websites. I then followed the instructions on the "I'm Infected" post. So far I have ran malwarbytes, installed avira, disabled cd rom emulation software with defogger, ran gmer rootkit scanner, and then posted all of the logs in my original post. I have not re-enabled with the defogger yet. It said to wait until told to do so. Now I am following your instructions and ran the OTL and another gmer scan. I am posting the three logs you requested (otl, extra, gmer). OTL log OTL logfile created on: 7/8/2010 9:37:37 AM - Run 1 OTL by OldTimer - Version 3.2.8.1 Folder = G:\ Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.00 Mb Total Physical Memory | 132.00 Mb Available Physical Memory | 26.00% Memory free 864.00 Mb Paging File | 503.00 Mb Available in Paging File | 58.00% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 55.90 Gb Total Space | 17.19 Gb Free Space | 30.76% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 1.86 Gb Total Space | 1.81 Gb Free Space | 97.38% Space Free | Partition Type: FAT H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: S0028901600 Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/07/08 09:31:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- G:\OTL.exe PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010/01/16 14:30:16 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe PRC - [2010/01/16 14:30:10 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe PRC - [2010/01/16 14:30:02 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/11/13 08:20:45 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe PRC - [2009/09/25 13:13:56 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe PRC - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe PRC - [2006/12/23 19:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2006/12/23 19:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2004/12/02 18:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe PRC - [2003/03/17 17:17:00 | 000,049,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\BJCard\Bjmcmng.exe PRC - [1996/11/17 01:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE ========== Modules (SafeList) ========== MOD - [2010/07/08 09:31:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- G:\OTL.exe MOD - [2010/01/16 14:30:06 | 000,116,008 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\sprthook.dll MOD - [2008/04/13 18:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msvcp60.dll MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Seagate\Sync\SeaSyncServices.exe -- (Seagate Sync Service) SRV - File not found [On_Demand | Stopped] -- C:\WINNT\System32\appmgmts.dll -- (AppMgmt) SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/01/16 14:31:40 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist) SRV - [2010/01/16 14:30:16 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe -- (tgsrvc_quickcare) SupportSoft Repair Service (quickcare) SRV - [2010/01/16 14:30:10 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe -- (sprtsvc_quickcare) SupportSoft Sprocket Service (quickcare) SRV - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten) SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc) SRV - [2007/10/18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc) SRV - [2003/03/17 17:17:00 | 000,049,152 | ---- | M] (CANON INC.) [Auto | Running] -- C:\Program Files\Canon\BJCard\Bjmcmng.exe -- (Bjmcmng) SRV - [2002/05/03 12:36:24 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\WINNT\system32\NMSSvc.Exe -- (NMSSvc) Intel® ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Atf\Qctest\PCDoc\PCDRDRV.sys -- (PCDRDRV) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\idrmkl.sys -- (idrmkl) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\AMERIC~1.0\ATWPKT2.SYS -- (ATWPKT2) DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINNT\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINNT\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINNT\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008/12/02 12:06:51 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\tmcomm.sys -- (tmcomm) DRV - [2008/04/13 12:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\61883.sys -- (61883) DRV - [2008/04/13 12:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\avc.sys -- (Avc) DRV - [2008/04/13 12:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\msdv.sys -- (MSDV) DRV - [2008/04/13 12:45:32 | 000,059,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\gckernel.sys -- (GcKernel) DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2007/02/02 03:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2007/02/02 03:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2006/10/22 13:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv) DRV - [2005/08/31 16:48:31 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\Haspnt.sys -- (Haspnt) DRV - [2004/11/05 11:22:04 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\hardlock.sys -- (hardlock) DRV - [2004/09/30 01:27:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ctpdusb.sys -- (Jukebox3) DRV - [2004/05/11 19:11:02 | 000,099,968 | ---- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\aksusb.sys -- (aksusb) DRV - [2004/04/27 12:41:32 | 000,328,448 | ---- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\akshasp.sys -- (akshasp) DRV - [2003/06/17 03:43:00 | 000,006,528 | ---- | M] (Canon.inc) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\bjhid2.sys -- (FilterService2) DRV - [2002/11/01 10:56:56 | 000,044,192 | ---- | M] (PC-Doctor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\drivers\PcdrNt.sys -- (PcdrNt) DRV - [2002/10/03 18:55:56 | 000,025,674 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINNT\System32\drivers\Dvd_2k.sys -- (dvd_2K) DRV - [2002/10/03 18:55:50 | 000,030,406 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\drivers\Mmc_2k.sys -- (mmc_2K) DRV - [2002/10/03 18:55:44 | 000,134,426 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\System32\drivers\pwd_2K.sys -- (pwd_2k) DRV - [2002/10/03 18:52:38 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINNT\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp) DRV - [2002/10/03 18:51:10 | 000,240,640 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINNT\System32\drivers\cdudf_xp.sys -- (cdudf_xp) DRV - [2002/08/06 15:24:16 | 001,107,680 | ---- | M] (GTW) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\GWMDM.sys -- (GTWModem) DRV - [2002/07/24 12:52:24 | 000,998,004 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2002/07/19 09:48:30 | 000,156,604 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\emupia2k.sys -- (emupia) DRV - [2002/07/19 09:48:20 | 000,213,860 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2002/07/19 09:48:06 | 000,011,068 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2002/07/19 09:48:02 | 000,195,432 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2002/07/19 09:47:50 | 000,837,548 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2002/07/19 09:46:26 | 000,127,948 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2002/06/13 16:08:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\pfc.sys -- (Pfc) DRV - [2002/05/24 12:52:58 | 000,010,368 | ---- | M] (Digit@lway Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\dwusbdnt.sys -- (dwusbdnt) DRV - [2001/08/17 14:02:56 | 000,003,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\SWUSBFLT.SYS -- (SWUSBFLT) DRV - [2001/08/17 14:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\hidswvd.sys -- (HIDSwvd) DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\MODEMCSA.sys -- (MODEMCSA) DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 13:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\BCMDM.sys -- (BCMModem) DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) DRV - [2001/02/28 10:42:44 | 000,034,712 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\MrtRate.sys -- (mrtRate) DRV - [2000/09/12 00:39:10 | 000,006,208 | ---- | M] (Silitek Corp.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\Sk9920nt.sys -- (Sk9920nt) DRV - [2000/09/11 18:32:28 | 000,007,552 | ---- | M] (Silitek Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\sk99202k.sys -- (Sk99202k) DRV - [2000/06/06 11:29:58 | 000,006,736 | ---- | M] (RioPort.com) [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\RioPnP.sys -- (RioPNP) DRV - [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINNT\system32\PFMODNT.SYS -- (PfModNT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2074931368-816519550-3288063215-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com IE - HKU\S-1-5-21-2074931368-816519550-3288063215-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm IE - HKU\S-1-5-21-2074931368-816519550-3288063215-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-2074931368-816519550-3288063215-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\S-1-5-21-2074931368-816519550-3288063215-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7 IE - HKU\S-1-5-21-2074931368-816519550-3288063215-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-2074931368-816519550-3288063215-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-2074931368-816519550-3288063215-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-2074931368-816519550-3288063215-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "BitZipperSearch Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-i3752&p=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.msn.com/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.3.20080730 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/02 10:36:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/03 16:13:01 | 000,000,000 | ---D | M] [2008/08/07 09:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions [2010/06/30 19:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\h8l1hnew.default\extensions [2009/08/07 15:12:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\h8l1hnew.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008/12/02 11:52:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\h8l1hnew.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010/06/30 14:56:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2008/12/02 15:59:31 | 000,000,000 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-2074931368-816519550-3288063215-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-2074931368-816519550-3288063215-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2074931368-816519550-3288063215-1003\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QuickCare] C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-2074931368-816519550-3288063215-1003..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-2074931368-816519550-3288063215-1003..\Run: [bitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-21-2074931368-816519550-3288063215-1003..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-2074931368-816519550-3288063215-1003..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2074931368-816519550-3288063215-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O15 - HKU\S-1-5-21-2074931368-816519550-3288063215-1003\..Trusted Domains: ([]msn in My Computer) O15 - HKU\S-1-5-21-2074931368-816519550-3288063215-1003\..Trusted Domains: //@install.mar@ ([]msni in My Computer) O15 - HKU\S-1-5-21-2074931368-816519550-3288063215-1003\..Trusted Domains: //@mail.mar@ ([]msni in Local intranet) O15 - HKU\S-1-5-21-2074931368-816519550-3288063215-1003\..Trusted Domains: aol.com ([free] http in Trusted sites) O15 - HKU\S-1-5-21-2074931368-816519550-3288063215-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://support.gateway.com/support/profiler/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB (DoMoreRunExe.DoMoreRun) O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testAc...OnlineGames.cab (Disney Online Games ActiveX Control) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} hcp://system/TechTools.CAB (TechToolsActivex.TechTools) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1187908134187 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1217519212156 (MUWebControl Class) O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} hcp://system/RunExeActiveX.CAB (RunExeActiveX.RunExe) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://64.146.72.210:8111/AxisCamControl.cab (CamImage Class) O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin) O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} hcp://system/StartFirstControl.CAB (StartFirstControl.CheckFirst) O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} https://support.gateway.com/support/serialharvest/gwCID.CAB (compid Class) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7607.8467592593 (Reg Error: Key error.) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab (ZoneIntro Class) O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} http://photos.msn.com/resources/neutral/co....cab?10,0,910,0 (DigWebHelper Class) O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found O20 - Winlogon\Notify\NavLogon: DllName - C:\WINNT\system32\NavLogon.dll - C:\WINNT\system32\NavLogon.dll () O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper2.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper2.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found O29 - HKLM SecurityProviders - (schannel.dll) - File not found O29 - HKLM SecurityProviders - (digest.dll) - File not found O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0769ebc2-fb3c-11d6-bc42-806d6172696f}\Shell\launch\command - "" = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\psaproxy.exe" -v %1\ O33 - MountPoints2\{085b3019-170f-11dd-a42a-0007e9bf2cca}\Shell - "" = AutoRun O33 - MountPoints2\{085b3019-170f-11dd-a42a-0007e9bf2cca}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{085b3019-170f-11dd-a42a-0007e9bf2cca}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{12f5ef08-811d-11dd-a476-0007e9bf2cca}\Shell - "" = AutoRun O33 - MountPoints2\{12f5ef08-811d-11dd-a476-0007e9bf2cca}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{12f5ef08-811d-11dd-a476-0007e9bf2cca}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{d0fc58b3-b0f6-11dd-a493-0007e9bf2cca}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found O33 - MountPoints2\{d0fc58b3-b0f6-11dd-a493-0007e9bf2cca}\Shell\Shell00\Command - "" = F:\Autorun.exe -- File not found O33 - MountPoints2\{d0fc58b3-b0f6-11dd-a493-0007e9bf2cca}\Shell\Shell01\Command - "" = F:\Autorun.exe -- File not found O33 - MountPoints2\{d0fc58b3-b0f6-11dd-a493-0007e9bf2cca}\Shell\Shell02\Command - "" = F:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/07/07 23:24:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINNT\System32\drivers\ssmdrv.sys [2010/07/07 23:24:31 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINNT\System32\drivers\avipbb.sys [2010/07/07 23:24:31 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINNT\System32\drivers\avgntflt.sys [2010/07/07 23:24:31 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINNT\System32\drivers\avgntdd.sys [2010/07/07 23:24:31 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINNT\System32\drivers\avgntmgr.sys [2010/07/07 23:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010/07/07 23:24:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [2010/07/07 22:18:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys [2010/07/07 22:18:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys [2010/07/07 22:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/07/07 21:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\hpnhlncer [2010/07/06 10:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Tific [2010/07/06 10:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Symantec [2010/06/24 12:10:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Qwest [2010/06/24 12:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar [2010/06/24 12:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton [2010/06/24 12:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller [2010/06/24 12:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Symantec [2010/06/10 19:28:32 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\iedvtool.dll [2002/11/21 17:06:26 | 000,065,536 | ---- | C] ( ) -- C:\WINNT\System32\a3d.dll [2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ] [1 C:\WINNT\System32\drivers\*.tmp files -> C:\WINNT\System32\drivers\*.tmp -> ] [1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/07/08 09:36:00 | 000,000,254 | ---- | M] () -- C:\WINNT\tasks\Check Updates for Windows Live Toolbar.job [2010/07/08 09:33:54 | 000,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl [2010/07/08 09:32:08 | 000,088,566 | ---- | M] () -- C:\WINNT\System32\nvapps.xml [2010/07/08 09:31:46 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT [2010/07/08 09:31:38 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat [2010/07/08 09:31:35 | 536,203,264 | -HS- | M] () -- C:\hiberfil.sys [2010/07/08 01:50:14 | 010,747,904 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat [2010/07/08 01:50:13 | 000,023,304 | ---- | M] () -- C:\WINNT\System32\BMXCtrlState-{00000002-00000000-0000000C-00001102-00000004-00581102}.rfx [2010/07/08 01:50:13 | 000,023,304 | ---- | M] () -- C:\WINNT\System32\BMXBkpCtrlState-{00000002-00000000-0000000C-00001102-00000004-00581102}.rfx [2010/07/08 01:50:13 | 000,018,648 | ---- | M] () -- C:\WINNT\System32\BMXStateBkp-{00000002-00000000-0000000C-00001102-00000004-00581102}.rfx [2010/07/08 01:50:13 | 000,018,648 | ---- | M] () -- C:\WINNT\System32\BMXState-{00000002-00000000-0000000C-00001102-00000004-00581102}.rfx [2010/07/08 01:50:13 | 000,001,080 | ---- | M] () -- C:\WINNT\System32\settingsbkup.sfm [2010/07/08 01:50:13 | 000,001,080 | ---- | M] () -- C:\WINNT\System32\settings.sfm [2010/07/08 01:50:13 | 000,000,024 | ---- | M] () -- C:\WINNT\System32\DVCStateBkp-{00000002-00000000-0000000C-00001102-00000004-00581102}.dat [2010/07/08 01:50:13 | 000,000,024 | ---- | M] () -- C:\WINNT\System32\DVCState-{00000002-00000000-0000000C-00001102-00000004-00581102}.dat [2010/07/08 01:49:46 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini [2010/07/08 01:48:41 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ark.zip [2010/07/07 23:52:10 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\3sxkbl9c.exe [2010/07/07 23:51:06 | 000,004,881 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip [2010/07/07 23:39:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable [2010/07/07 23:24:50 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2010/07/07 22:18:10 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/07 16:50:03 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job [2010/07/03 16:13:02 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010/06/23 19:05:12 | 000,488,566 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI [2010/06/23 19:05:12 | 000,432,796 | ---- | M] () -- C:\WINNT\System32\perfh009.dat [2010/06/23 19:05:12 | 000,067,370 | ---- | M] () -- C:\WINNT\System32\perfc009.dat [2010/06/23 09:33:27 | 000,000,069 | ---- | M] () -- C:\WINNT\NeroDigital.ini [2010/06/23 09:33:25 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/10 21:12:38 | 000,405,512 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT [2010/06/10 19:54:39 | 000,001,374 | ---- | M] () -- C:\WINNT\imsins.BAK [2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ] [1 C:\WINNT\System32\drivers\*.tmp files -> C:\WINNT\System32\drivers\*.tmp -> ] [1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/07/08 01:48:41 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ark.zip [2010/07/07 23:56:40 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\3sxkbl9c.exe [2010/07/07 23:51:06 | 000,004,881 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip [2010/07/07 23:39:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable [2010/07/07 23:24:49 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk [2010/07/07 22:18:10 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/07 22:16:45 | 536,203,264 | -HS- | C] () -- C:\hiberfil.sys [2010/07/03 16:13:01 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2009/11/01 17:08:22 | 000,000,028 | ---- | C] () -- C:\WINNT\ICOA.INI [2009/11/01 17:08:18 | 000,000,000 | ---- | C] () -- C:\WINNT\QFN.ini [2009/11/01 17:08:18 | 000,000,000 | ---- | C] () -- C:\WINNT\QDQICK.ini [2008/05/09 10:58:59 | 000,000,151 | ---- | C] () -- C:\WINNT\PhotoSnapViewer.INI [2008/01/03 17:49:07 | 000,000,069 | ---- | C] () -- C:\WINNT\NeroDigital.ini [2007/08/26 20:13:18 | 000,000,018 | ---- | C] () -- C:\WINNT\mworld.ini [2007/08/10 15:14:26 | 000,043,520 | ---- | C] () -- C:\WINNT\System32\CmdLineExt03.dll [2007/05/09 18:55:26 | 000,000,118 | ---- | C] () -- C:\WINNT\System32\MRT.INI [2007/05/02 21:22:34 | 000,000,053 | ---- | C] () -- C:\WINNT\Kyor.ini [2006/10/22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINNT\System32\nvwdmcpl.dll [2006/10/22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINNT\System32\nvwimg.dll [2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINNT\System32\nvhwvid.dll [2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINNT\System32\nvnt4cpl.dll [2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINNT\System32\nvapi.dll [2006/04/03 07:29:06 | 000,005,120 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll [2005/12/30 06:18:26 | 000,180,224 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll [2005/12/30 06:10:30 | 000,761,856 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll [2005/10/24 20:51:57 | 000,000,639 | ---- | C] () -- C:\WINNT\tlknw5.ini [2005/08/31 18:11:26 | 000,000,195 | ---- | C] () -- C:\WINNT\pfe32.ini [2005/08/31 16:48:31 | 000,000,383 | ---- | C] () -- C:\WINNT\System32\haspdos.sys [2005/05/28 15:51:27 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\PdeSrvps.dll [2005/02/24 10:56:45 | 000,000,547 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll.manifest [2005/01/18 14:34:36 | 000,069,632 | ---- | C] () -- C:\WINNT\System32\akrip32.dll [2005/01/09 13:50:40 | 000,012,288 | ---- | C] () -- C:\WINNT\impborl.dll [2004/11/09 12:08:20 | 000,864,256 | ---- | C] () -- C:\WINNT\System32\FreeImage.dll [2004/05/03 11:35:23 | 000,000,002 | ---- | C] () -- C:\WINNT\msoffice.ini [2004/03/05 10:07:07 | 000,000,023 | ---- | C] () -- C:\WINNT\System32\natbox.ini [2004/01/28 22:19:35 | 000,000,073 | ---- | C] () -- C:\WINNT\webica.ini [2004/01/12 16:07:54 | 000,006,656 | ---- | C] () -- C:\WINNT\System32\CNMVS5e.DLL [2003/12/27 17:56:17 | 000,000,021 | ---- | C] () -- C:\WINNT\CS_setup.ini [2003/12/27 17:53:15 | 000,000,000 | ---- | C] () -- C:\WINNT\OpPrintServer.INI [2003/12/09 00:08:20 | 002,539,520 | ---- | C] () -- C:\WINNT\System32\Bbgspdf.dll [2003/12/02 13:39:08 | 000,094,208 | ---- | C] () -- C:\WINNT\System32\InstallPrinter.dll [2003/11/18 02:29:04 | 000,055,808 | ---- | C] () -- C:\WINNT\System32\zlib1.dll [2003/11/15 21:46:51 | 000,000,023 | ---- | C] () -- C:\WINNT\CANDYLND.INI [2003/11/03 16:38:02 | 000,007,731 | ---- | C] () -- C:\WINNT\System32\DAntivirus.ini [2003/09/05 19:45:42 | 000,003,924 | ---- | C] () -- C:\WINNT\wininit.ini [2003/08/26 14:35:47 | 000,000,026 | ---- | C] () -- C:\WINNT\UP9ASP.INI [2003/06/08 12:27:54 | 000,000,090 | ---- | C] () -- C:\WINNT\ka.ini [2003/05/15 00:39:50 | 000,155,136 | ---- | C] () -- C:\WINNT\System32\unrar.dll [2003/03/27 16:28:44 | 000,004,955 | ---- | C] () -- C:\WINNT\System32\DProg.ini [2003/03/14 22:37:27 | 000,000,000 | ---- | C] () -- C:\WINNT\iPlayer.INI [2003/02/24 21:29:09 | 000,000,033 | ---- | C] () -- C:\WINNT\render.ini [2003/02/13 13:09:00 | 000,000,080 | ---- | C] () -- C:\WINNT\catz.ini [2003/02/03 06:26:18 | 000,012,288 | ---- | C] () -- C:\WINNT\System32\e100bmsg.dll [2003/01/30 06:04:00 | 000,618,496 | ---- | C] () -- C:\WINNT\System32\stlpmt45.dll [2002/12/03 22:47:16 | 000,172,032 | ---- | C] () -- C:\WINNT\System32\lame_enc.dll [2002/11/26 15:31:28 | 000,021,840 | ---- | C] () -- C:\WINNT\System32\SIntfNT.dll [2002/11/26 15:31:28 | 000,017,212 | ---- | C] () -- C:\WINNT\System32\SIntf32.dll [2002/11/26 15:31:28 | 000,012,067 | ---- | C] () -- C:\WINNT\System32\SIntf16.dll [2002/11/25 11:18:43 | 000,001,093 | ---- | C] () -- C:\WINNT\hegames.ini [2002/11/25 11:17:54 | 000,000,036 | ---- | C] () -- C:\WINNT\Disney.ini [2002/11/25 11:06:30 | 000,000,090 | ---- | C] () -- C:\WINNT\encore_launcher.ini [2002/11/21 19:18:10 | 000,000,199 | ---- | C] () -- C:\WINNT\kodakpcd.Owner.ini [2002/11/21 17:06:38 | 000,053,024 | ---- | C] () -- C:\WINNT\System32\UPDDRV9X.DLL [2002/11/21 17:06:38 | 000,037,727 | ---- | C] () -- C:\WINNT\System32\Emu10kx.ini [2002/11/21 17:06:38 | 000,000,029 | ---- | C] () -- C:\WINNT\System32\ctzapxx.ini [2002/11/21 17:06:28 | 000,000,180 | ---- | C] () -- C:\WINNT\System32\kill.ini [2002/11/21 17:06:28 | 000,000,092 | ---- | C] () -- C:\WINNT\System32\editinf.ini [2002/11/21 15:51:25 | 000,000,534 | ---- | C] () -- C:\WINNT\USBmanager.ini [2002/11/21 15:49:12 | 000,000,000 | ---- | C] () -- C:\WINNT\mpio.ini [2002/11/20 20:59:19 | 000,000,000 | ---- | C] () -- C:\WINNT\SETUP32.INI [2002/11/19 11:07:37 | 000,045,767 | ---- | C] () -- C:\WINNT\cdPlayer.ini [2002/11/19 09:16:44 | 000,000,020 | ---- | C] () -- C:\WINNT\InfModM.ini [2002/11/18 18:27:22 | 000,196,096 | ---- | C] () -- C:\WINNT\System32\MACD32.DLL [2002/11/18 18:27:22 | 000,138,752 | ---- | C] () -- C:\WINNT\System32\MASE32.DLL [2002/11/18 18:27:22 | 000,136,192 | ---- | C] () -- C:\WINNT\System32\MAMC32.DLL [2002/11/18 18:27:22 | 000,057,856 | ---- | C] () -- C:\WINNT\System32\MASD32.DLL [2002/11/18 18:27:22 | 000,027,648 | ---- | C] () -- C:\WINNT\System32\MA32.DLL [2002/11/18 17:37:00 | 000,000,055 | ---- | C] () -- C:\WINNT\AutoCAD 2000 EReg.ini [2002/11/18 17:36:24 | 000,000,000 | ---- | C] () -- C:\WINNT\mtstack.INI [2002/11/14 08:14:54 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini [2002/11/14 08:00:53 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\CTPdeSrvps.dll [2002/11/14 08:00:18 | 000,000,785 | ---- | C] () -- C:\WINNT\QUICKEN.INI [2002/11/14 08:00:18 | 000,000,052 | ---- | C] () -- C:\WINNT\intuprof.ini [2002/11/14 07:59:34 | 000,000,370 | ---- | C] () -- C:\WINNT\ODBC.INI [2002/11/14 07:56:49 | 000,000,000 | ---- | C] () -- C:\WINNT\SBWIN.INI [2002/11/14 07:56:48 | 000,000,231 | ---- | C] () -- C:\WINNT\AC3API.INI [2002/11/14 07:56:11 | 000,069,632 | ---- | C] () -- C:\WINNT\System32\PROInst.dll [2002/11/14 07:56:10 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\NMSInst.dll [2002/11/14 06:55:25 | 000,000,256 | ---- | C] () -- C:\WINNT\System32\UPDATE.INI [2002/11/14 06:55:24 | 000,000,701 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI [2002/09/03 13:00:31 | 000,000,770 | ---- | C] () -- C:\WINNT\orun32.ini [2002/05/14 22:58:38 | 000,122,880 | ---- | C] () -- C:\WINNT\System32\v2k2_dec.dll [2002/03/29 16:12:28 | 000,045,056 | ---- | C] () -- C:\WINNT\System32\NavLogon.dll [2002/01/25 08:04:50 | 000,005,440 | ---- | C] () -- C:\WINNT\System32\mciwa16.dll [2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINNT\System32\pspsbext.ini [2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINNT\System32\pspfidrv.ini [2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINNT\System32\pspfbase.ini [2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINNT\System32\pspaudrv.ini [2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINNT\System32\pspapdrv.ini [2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINNT\System32\mciwaw95.ini [2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINNT\System32\mcipspwa.ini [2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINNT\System32\mcipspct.ini [2002/01/25 08:04:50 | 000,000,220 | ---- | C] () -- C:\WINNT\System32\pspwave.ini [2002/01/25 08:04:50 | 000,000,219 | ---- | C] () -- C:\WINNT\System32\pspdss.ini [2002/01/25 08:04:50 | 000,000,219 | ---- | C] () -- C:\WINNT\System32\pspddi.ini [1998/08/16 07:00:00 | 000,004,096 | ---- | C] () -- C:\WINNT\System32\sysres.dll [1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\WINNT\System32\vidx16.dll [1996/11/17 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINNT\System32\DOCOBJ.DLL [1996/11/17 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINNT\System32\HLINKPRX.DLL [1980/01/01 00:00:00 | 001,470,464 | ---- | C] () -- C:\WINNT\System32\nview.dll [1980/01/01 00:00:00 | 000,466,944 | ---- | C] () -- C:\WINNT\System32\nvshell.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD623B3 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D01AB2FE < End of report > extra log OTL Extras logfile created on: 7/8/2010 9:37:37 AM - Run 1 OTL by OldTimer - Version 3.2.8.1 Folder = G:\ Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.00 Mb Total Physical Memory | 132.00 Mb Available Physical Memory | 26.00% Memory free 864.00 Mb Paging File | 503.00 Mb Available in Paging File | 58.00% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 55.90 Gb Total Space | 17.19 Gb Free Space | 30.76% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 1.86 Gb Total Space | 1.81 Gb Free Space | 97.38% Space Free | Partition Type: FAT H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: S0028901600 Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .reg [@ = regfile] -- regedit.exe "%1" [HKEY_USERS\S-1-5-21-2074931368-816519550-3288063215-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- winhlp32.exe %1 htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [open] -- regedit.exe "%1" regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI) "9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI) "9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI) "9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI) "9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI) "9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI) "9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI) "9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI) "9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI) "9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI) "9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI) "9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI) "8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI) "10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI) "9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI) "3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp "3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI) "9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI) "9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI) "9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI) "9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI) "9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI) "9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI) "9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI) "9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI) "9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI) "9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI) "9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI) "8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI) "10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI) "9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI) "3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp "3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.) "C:\Program Files\Rockstar Games\Midnight Club II\mc2.exe" = C:\Program Files\Rockstar Games\Midnight Club II\mc2.exe:*:Disabled:mc2 -- File not found "C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found "C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime Essentials -- (Nero AG) "C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.) "C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.) "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation) "C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.) "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.) "C:\WINNT\explorer.exe" = C:\WINNT\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files "{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II "{01F9D88C-3C86-4E82-840A-101A3221F67A}" = Microsoft Money 2003 "{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}" = Microsoft Money 2003 System Pack "{03410014-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Encyclopedia Standard 2003 "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0FADC5B1-E0E8-4DCA-A1BF-8B3B6496207A}" = Form Fill (Windows Live Toolbar) "{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002 "{1306C737-0AF4-46C7-B282-64E099304712}" = Smart Menus (Windows Live Toolbar) "{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}" = RemoteCapture 2.7.5 "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows "{2236B741-6631-49AE-B76E-3E14CA01CC87}" = RemoteCapture Task "{224F7A6E-1D66-46B6-888A-D025E5AC20F6}" = MPIO Manager "{225A137C-F371-4246-B6FF-20320297DB75}" = Canon Photo Viewer "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 18 "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation "{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}" = File Viewer Utility 1.3.2 "{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource "{30D298A8-8588-48B3-A3FB-2BE6E6AB1245}" = TurboTax 2008 wcoiper "{328420FA-7638-4AB1-81DF-E0FECEFF24E3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar) "{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Photo 7.0 "{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta) "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect "{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C23837C-993E-11D4-9DE0-0060085C158A}" = KODAK Picture CD "{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger "{59932D51-F260-4EF6-A784-4F69659F1A62}" = Map Button (Windows Live Toolbar) "{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic "{66034137-F1CE-4CEF-8180-46553C54DB18}" = Popup Blocker (Windows Live Toolbar) "{666A08DD-E48D-478E-B0BB-F5BEE24B2F18}" = GamesBar 1.0.0.9 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D10C4BE-0C36-4F4E-8C3A-E5E867A5F01D}" = QuickConnect "{70B4227A-CA3A-4516-9E93-D419ECEE2834}" = Pinnacle Expression "{71CB529E-21A4-42AD-BF38-564F08988633}" = Windows Live Outlook Toolbar (Windows Live Toolbar) "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar "{787E4F18-C7FF-4BA5-9637-66F95C7445CF}" = Shutterfly Express "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9115E7DB-3B29-445A-802D-11E0AA945B7F}" = Sound Blaster Audigy "{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002 "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway "{97917FA0-00C5-4351-AD6B-87AB99C52792}" = eDrawings 2005 "{98E8A2EF-4EAE-43B8-A172-74842B764777}" = DVD "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime "{9F7FC79B-3059-4264-9450-39EB368E3220}" = Microsoft Picture It! Library 9 "{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}" = Camera Window "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A4D490D0-CF24-47AB-B8B3-BE19366D80C8}" = Actiontec Gateway/Router "{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer "{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1 "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3 "{AD708DF0-9F04-4CB3-821A-85804A833B4D}" = ArcSoft Camera Suite "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport "{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials "{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English) "{B7FFC71C-CD9C-4A48-8DD1-12BC9B43B2BB}" = SolidWorks 2005 SP0 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX "{C6522325-92ED-4312-A45A-04E45896C130}" = WLTB Custom Buttons "{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar "{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt "{CBD8FD34-8559-4028-922B-50797D151E04}" = Memory Card Utility "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D3F28364-8B10-45F1-8C2D-0037F4538BBB}" = Windows Live Toolbar Extension (Windows Live Toolbar) "{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack "{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari "{D944236D-7992-41D6-8257-930B5832F1CC}" = Creative Zen Micro "{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}" = Microsoft Picture It! Express 9 "{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar) "{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = PhoneTools "{E4302788-101F-11D6-8563-00500494EF5C}" = Apple QuickTime Installer "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp "{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = PhotoStitch "{F60A73EA-EECC-47AB-8133-80718A02D046}" = NetHasp Server "{F6691488-C717-4FBA-8079-7BE021EC8BE9}" = Creative Zen Nano "{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}" = RAW Image Task "Ad-Aware SE Personal" = Ad-Aware SE Personal "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AudibleManager" = AudibleManager "AutoCAD 2000 Uninstall" = AutoCAD 2000 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BikeCAD Pro 6.0" = BikeCAD Pro 6.0 "CANONBJ_Deinstall_CNMCP5e.DLL" = Canon i900D "Citrix ICA Web Client" = Citrix ICA Web Client "comcastDD" = Desktop Doctor "Creative Driver" = Creative Driver "Creative Jukebox Driver" = Creative Jukebox Driver "Creative Mass Storage Drivers" = Creative Mass Storage Drivers "Creative NOMAD II Driver" = Creative NOMAD II Driver "Creative Removable Disk Manager" = Creative Removable Disk Manager "dBpoweramp Music Converter" = dBpoweramp Music Converter "Do More" = Do More "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-PhotoPrint Plus" = Canon Utilities Easy-PhotoPrint Plus "Easy-WebPrint" = Easy-WebPrint "Encarta97" = Microsoft Encarta 97 Encyclopedia "FoodWise" = FoodWise "Gateway Drivers and Applications Recovery" = Gateway Drivers and Applications Recovery "GTW V.92 Voicemodem" = GTW V.92 Voicemodem "HASP Device Driver" = HASP Device Driver "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}" = Canon Utilities RemoteCapture 2.7 "InstallShield_{2236B741-6631-49AE-B76E-3E14CA01CC87}" = Canon RemoteCapture Task for ZoomBrowser EX "InstallShield_{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}" = Canon Utilities File Viewer Utility 1.3 "InstallShield_{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}" = Canon Camera Window for ZoomBrowser EX "InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = Canon Utilities PhotoStitch 3.1 "InstallShield_{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}" = Canon RAW Image Task for ZoomBrowser EX "InterActual Player" = InterActual Player "LiveReg" = LiveReg (Symantec Corporation) "LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705 "Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "MuVo Driver" = Creative Mass Storage Drivers "Network Play System (Patching)" = Network Play System (Patching) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Office8.0" = Microsoft Office 97, Professional Edition "PhotoRecord" = Canon PhotoRecord "PictureIt_POD_v9" = Microsoft Picture It! Library 9 "PictureIt_v9" = Microsoft Picture It! Express 9 "PMP Transcoding Tool_is1" = PMP Transcoding Tool 0.5.1.0 For Windows NT/2000/XP "PROSet" = Intel® PRO Network Adapters and Drivers "Quicken 2002 New User Edition" = Quicken 2002 New User Edition "QwestQuickCare_is1" = Qwest Quickcare 2.7 "RealPlayer 12.0" = RealPlayer "Shockwave" = Shockwave "SK_PS2MillenniumKeyboard" = PS/2 Millennium Keyboard "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3 "Storm Codec 5" = Storm Codec "Summa - WinPlot_is1" = Summa WinPlot 6.9.32/64 "Summa Cutter Control_is1" = Summa Cutter Control 4.15.0.0 "Summa Cutter Tools_is1" = Summa Cutter Tools 1.10.0.1 "SysInfo" = Creative System Information "SystemRequirementsLab" = System Requirements Lab "TAV PPlus!" = TAV PPlus! "TeacherWorks" = TeacherWorks "TurboTax 2008" = TurboTax 2008 "TurboTax Deluxe 2007" = TurboTax Deluxe 2007 "ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only) "WIC" = Windows Imaging Component "Windows Live Toolbar" = Windows Live Toolbar "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Works2003Setup" = Microsoft Works 2003 Setup Launcher "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Toolbar" = Yahoo! Toolbar ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2074931368-816519550-3288063215-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 7/5/2010 1:01:40 PM | Computer Name = S0028901600 | Source = SecurityCenter | ID = 1802 Description = The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. Error - 7/6/2010 12:44:43 PM | Computer Name = S0028901600 | Source = SecurityCenter | ID = 1802 Description = The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. Error - 7/6/2010 12:51:43 PM | Computer Name = S0028901600 | Source = SecurityCenter | ID = 1802 Description = The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. Error - 7/7/2010 1:44:45 PM | Computer Name = S0028901600 | Source = SecurityCenter | ID = 1802 Description = The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. Error - 7/7/2010 11:50:03 PM | Computer Name = S0028901600 | Source = SecurityCenter | ID = 1802 Description = The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. Error - 7/8/2010 12:17:12 AM | Computer Name = S0028901600 | Source = SecurityCenter | ID = 1802 Description = The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. Error - 7/8/2010 12:37:02 AM | Computer Name = S0028901600 | Source = SecurityCenter | ID = 1802 Description = The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. Error - 7/8/2010 1:34:37 AM | Computer Name = S0028901600 | Source = SecurityCenter | ID = 1802 Description = The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. Error - 7/8/2010 1:43:44 AM | Computer Name = S0028901600 | Source = SecurityCenter | ID = 1802 Description = The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. Error - 7/8/2010 11:32:29 AM | Computer Name = S0028901600 | Source = SecurityCenter | ID = 1802 Description = The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. [ System Events ] Error - 7/2/2010 12:46:17 PM | Computer Name = S0028901600 | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the NAV service. Error - 7/4/2010 11:33:22 PM | Computer Name = S0028901600 | Source = PlugPlayManager | ID = 12 Description = The device 'LITE-ON DVDRW LH-20A1P' (IDE\CdRomLITE-ON_DVDRW_LH-20A1P__________________KL0N____\5&292bf65c&0&0.1.0) disappeared from the system without first being prepared for removal. Error - 7/6/2010 7:14:43 PM | Computer Name = S0028901600 | Source = MRxSmb | ID = 8003 Description = The master browser has received a server announcement from the computer CAYDEN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{25D7F3A9-63D5-442F-AB. The master browser is stopping or an election is being forced. Error - 7/8/2010 12:10:36 AM | Computer Name = S0028901600 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 7/8/2010 12:11:30 AM | Computer Name = S0028901600 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: cdudf_xp Fips intelppm Error - 7/8/2010 12:12:32 AM | Computer Name = S0028901600 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 7/8/2010 12:38:05 AM | Computer Name = S0028901600 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: adpu160m PCIIde ultra ViaIde Error - 7/8/2010 1:23:00 AM | Computer Name = S0028901600 | Source = SideBySide | ID = 16842784 Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. Error - 7/8/2010 1:23:00 AM | Computer Name = S0028901600 | Source = SideBySide | ID = 16842811 Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . Error - 7/8/2010 1:23:00 AM | Computer Name = S0028901600 | Source = SideBySide | ID = 16842811 Description = Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. . < End of report > gmer log GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-07-08 15:41:36 Windows 5.1.2600 Service Pack 3 Running: rmqg4gh2.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxloyfob.sys ---- System - GMER 1.0.15 ---- SSDT F8D83E26 ZwCreateKey SSDT F8D83E1C ZwCreateThread SSDT F8D83E2B ZwDeleteKey SSDT F8D83E35 ZwDeleteValueKey SSDT F8D83E3A ZwLoadKey SSDT F8D83E08 ZwOpenProcess SSDT F8D83E0D ZwOpenThread SSDT F8D83E44 ZwReplaceKey SSDT F8D83E3F ZwRestoreKey SSDT F8D83E30 ZwSetValueKey INT 0x06 \??\C:\WINNT\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) BA56316D INT 0x0E \??\C:\WINNT\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) BA562FC2 ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINNT\System32\DRIVERS\nv4_mini.sys section is writeable [0xF79DE360, 0x24BB1D, 0xE8000020] .text C:\WINNT\system32\drivers\hardlock.sys section is writeable [0xB952F400, 0x7A186, 0xE8000020] .protect
  8. AV Security Suite popped up on my computer. I followed the self help instructions and ran the malwarebytes anti-malware program. Afterward, the internet would still not go to any sites. I then followed the instructions under i'm infected. I appreciate any help. Thank you. Here are the logs (mbam, dds, attach, ark): Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4290 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/7/2010 10:34:03 PM mbam-log-2010-07-07 (22-34-03).txt Scan type: Quick scan Objects scanned: 142879 Time elapsed: 12 minute(s), 13 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 8 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: C:\Documents and Settings\Owner\Local Settings\Application Data\hpnhlncer\gwxtlmctssd.exe (Trojan.Downloader) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\cmaidctlapp.maidctrl.1 (Adware.ClosetMaid) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7fe26be2-b923-4b41-9834-e84da1cc1f96} (Adware.ClosetMaid) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7fe26be2-b923-4b41-9834-e84da1cc1f96} (Adware.ClosetMaid) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9d761d3a-e8bd-434b-b42b-520d8fe1da3a} (Adware.ClosetMaid) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmildvaw (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmildvaw (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Owner\Local Settings\Application Data\hpnhlncer\gwxtlmctssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINNT\Downloaded Program Files\CMAIDCTL.OCX (Adware.ClosetMaid) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temp\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully. DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 23:43:57.46 on Wed 07/07/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18 ============== Running Processes =============== ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uDefault_Page_URL = hxxp://qwest.live.com uWindow Title = Microsoft Internet Explorer presented by Comcast mWindow Title = Microsoft Internet Explorer presented by Comcast uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5577 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://www.google.com/ie BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll BHO: 1 (0x1) - No File BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe" uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [NvCplDaemon] RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup mRun: [QuickCare] c:\program files\qwest\quickcare\bin\sprtcmd.exe /P QuickCare mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\owner\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE mPolicies-explorer: <NO NAME> = IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll Trusted Zone: aol.com\free Trusted Zone: turbotax.com DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\gateway\do more\DoMoreRunExe.CAB DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab DPF: {511073AD-BE56-4D43-AE68-93390514385E} - hcp://system/TechTools.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187908134187 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217519212156 DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} - hcp://system/RunExeActiveX.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://64.146.72.210:8111/AxisCamControl.cab DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} - hcp://system/StartFirstControl.CAB DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxps://support.gateway.com/support/serialharvest/gwCID.CAB DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37607.8467592593 DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} - hxxp://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0 Notify: NavLogon - c:\winnt\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\h8l1hnew.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-i3752&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/ FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2010-07-08 05:39:28 0 ----a-w- c:\documents and settings\owner\defogger_reenable 2010-07-08 05:24:31 60936 ----a-w- c:\winnt\system32\drivers\avgntflt.sys 2010-07-08 05:24:30 0 d-----w- c:\program files\Avira 2010-07-08 05:24:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-07-08 04:18:08 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys 2010-07-08 04:18:06 20952 ----a-w- c:\winnt\system32\drivers\mbam.sys 2010-07-08 04:18:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-06 16:38:50 0 d-----w- c:\docume~1\owner\applic~1\Tific 2010-06-24 18:05:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton 2010-06-24 18:05:29 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller 2010-06-11 01:28:32 743424 ------w- c:\winnt\system32\dllcache\iedvtool.dll ==================== Find3M ==================== 2010-05-05 13:30:57 173056 ----a-w- c:\winnt\system32\dllcache\ie4uinit.exe 2010-05-02 05:22:50 1851264 ----a-w- c:\winnt\system32\win32k.sys 2010-05-02 05:22:50 1851264 ------w- c:\winnt\system32\dllcache\win32k.sys 2010-04-20 05:30:08 285696 ----a-w- c:\winnt\system32\atmfd.dll 2010-04-20 05:30:08 285696 ------w- c:\winnt\system32\dllcache\atmfd.dll 2008-07-31 17:34:28 32768 --sha-w- c:\winnt\system32\config\systemprofile\local settings\history\history.ie5\mshist012008073120080801\index.dat 2010-02-24 23:51:12 16384 --sha-w- c:\winnt\temp\cookies\index.dat 2010-02-24 23:51:12 16384 --sha-w- c:\winnt\temp\history\history.ie5\index.dat 2010-02-24 23:51:12 49152 --sha-w- c:\winnt\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 23:46:00.39 =============== Attach.zip ark.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.