Jump to content

zoskie

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

Reputation

0 Neutral
  1. zoskie
    Awesome! That makes my life a whole lot easier. The instructions in my user manual seem pretty clear and straightforward, so I think we can consider this topic closed. Once again, thanks for all your help, Elise. zoskie
  2. zoskie
    Hi Elise, My computer is a Dell, and came with no disks, but with a recovery partition; is it safe in this case to reinstall from the partition, or should I see if I can get a set of recovery disks from Dell? Thanks, zoskie
  3. zoskie
    Thank you, Elise! I think we're good--MBAM scan is clean, I'm going ahead with my backup and will move on to reformatting/reinstalling (gulp). Once again, thanks for all your help. zoskie
  4. zoskie
    Okay, new Combofix log: ComboFix 10-09-21.03 - Maureen Hall 09/23/2010 14:12:53.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1304 [GMT -4:00] Running from: c:\documents and settings\Maureen Hall\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((( Files Created from 2010-08-23 to 2010-09-23 ))))))))))))))))))))))))))))))) . 2010-09-23 17:46 . 2010-09-23 17:46 1377632 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll 2010-09-23 17:46 . 2010-09-23 17:46 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll 2010-09-23 17:46 . 2010-09-23 17:46 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll 2010-09-23 17:46 . 2010-09-23 17:46 4371296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2010-09-23 17:46 . 2010-09-23 17:46 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll 2010-09-23 17:44 . 2010-09-23 17:44 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-09-17 15:23 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-09-17 14:54 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-09-17 14:54 . 2010-09-17 14:54 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-09-17 14:49 . 2010-09-17 14:49 -------- d-----w- c:\documents and settings\Maureen Hall\Local Settings\Application Data\Sunbelt Software 2010-09-17 14:48 . 2010-09-17 14:48 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70} 2010-09-17 14:48 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe 2010-09-17 14:48 . 2010-09-17 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-09-17 14:48 . 2010-09-17 14:48 -------- d-----w- c:\program files\Lavasoft 2010-09-17 01:57 . 2010-09-17 01:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-09-03 18:34 . 2010-09-03 18:34 -------- d-----w- c:\program files\iPod 2010-09-03 18:33 . 2010-09-03 18:35 -------- d-----w- c:\program files\iTunes 2010-09-03 18:28 . 2010-09-03 18:29 -------- d-----w- c:\program files\QuickTime 2010-09-03 18:21 . 2010-09-03 18:21 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-22 13:37 . 2009-06-05 18:36 -------- d-----w- c:\program files\iWin Games 2010-09-22 13:05 . 2010-02-22 01:43 0 ----a-w- c:\documents and settings\Maureen Hall\Local Settings\Application Data\prvlcl.dat 2010-09-17 16:46 . 2010-09-17 16:47 1994240 ----a-w- c:\windows\Internet Logs\xDB1.tmp 2010-09-17 13:40 . 2008-01-08 03:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-09-16 23:04 . 2008-03-30 17:59 -------- d-----w- c:\program files\a-squared Free 2010-09-16 15:56 . 2010-02-21 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-09-11 16:35 . 2010-07-27 12:38 7948284 ----a-w- c:\windows\Internet Logs\tvDebug.Zip 2010-09-03 19:04 . 2008-08-25 23:09 -------- d-----w- c:\program files\Microsoft Silverlight 2010-09-03 18:34 . 2008-01-25 01:27 -------- d-----w- c:\program files\Common Files\Apple 2010-08-22 00:00 . 2009-02-19 15:53 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-16 16:57 . 2010-08-16 16:57 108544 ----a-w- c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe 2010-08-11 19:10 . 2007-11-30 10:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-07-29 18:03 . 2010-09-16 14:06 175890 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat 2010-07-22 19:19 . 2008-03-27 22:12 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2010-07-22 19:12 . 2008-05-04 17:49 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-22 19:12 . 2010-07-22 19:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-22 19:10 . 2008-05-04 17:49 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-06-30 12:31 . 2004-08-10 18:51 149504 ----a-w- c:\windows\system32\schannel.dll 2010-08-07 02:36 . 2008-09-07 00:59 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784] "SODCPreLoad"="c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\preload.exe" [2010-04-29 40960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968] "SigmatelSysTrayApp"="stsystra.exe" [2007-07-10 405504] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-10 137752] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-09-21 184320] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-10 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-10 162328] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-07 30192] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-22 2065760] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160] c:\documents and settings\Maureen Hall\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] OneNote Table Of Contents.onetoc2 [2010-7-20 3656] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-30 50688] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-07-22 19:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "RequireSignedAppInit_DLLs"=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Maureen Hall^Start Menu^Programs^Startup^Folding@Home 5.03.lnk] path=c:\documents and settings\Maureen Hall\Start Menu\Programs\Startup\Folding@Home 5.03.lnk backup=c:\windows\pss\Folding@Home 5.03.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 06:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp] 2008-09-19 01:11 1529856 -c--a-w- c:\program files\ATT-SST\McciTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-02-26 20:12 135664 ----atw- c:\documents and settings\Maureen Hall\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2006-10-03 17:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2006-10-03 17:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-09-01 12:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series] 2003-08-19 10:43 57344 -c--a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] 2006-08-17 15:00 1116920 -c--a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] 2006-11-05 17:22 221184 -c--a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2008-11-07 20:35 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer] 2007-11-26 18:47 1206600 -c--a-w- c:\program files\Webroot\Washer\wwDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2006-11-04 00:20 866584 -c--a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-10-19 00:05 204288 -c----w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Folding@Home\\winFAH.exe"= "c:\\WINDOWS\\system32\\igfxsrvc.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= "c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\iWin Games\\iWinGames.exe"= "c:\\Program Files\\iWin Games\\WebUpdater.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\AIM7\\aim.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/17/2010 10:54 AM 64288] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/4/2008 1:49 PM 216400] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/4/2008 1:49 PM 243024] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/22/2010 3:10 PM 921952] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/22/2010 3:12 PM 308136] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/26/2008 8:29 PM 24652] S2 gupdate1c9a4455a154794;Google Update Service (gupdate1c9a4455a154794);c:\program files\Google\Update\GoogleUpdate.exe [3/13/2009 9:36 PM 133104] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 8:15 AM 1355928] S3 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [3/30/2008 1:59 PM 1872320] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/30/2007 7:07 AM 30192] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 8:15 AM 15008] S3 WizCom;Wizcom USB driver;c:\windows\system32\drivers\WizComDrv.sys [8/20/2008 9:10 PM 27560] S3 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [5/16/2008 6:57 PM 598856] S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-09-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 14:54] 2009-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34] 2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 01:36] 2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 01:36] 2010-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1154142957-43311345-1785161915-1006Core.job - c:\documents and settings\Maureen Hall\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-14 20:12] 2010-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1154142957-43311345-1785161915-1006UA.job - c:\documents and settings\Maureen Hall\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-14 20:12] 2010-01-21 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://groups.yahoo.com/group/ncchuddle/ uInternet Settings,ProxyOverride = 127.0.0.1;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: 0.0.0.0 Trusted Zone: motive.com\pattta.att Trusted Zone: motive.com\patttbc.att DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\ FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/ FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\Maureen Hall\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\Maureen Hall\Application Data\Mozilla\plugins\npcoolirisplugin.dll FF - plugin: c:\documents and settings\Maureen Hall\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-23 14:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(896) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(2096) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-09-23 14:27:41 ComboFix-quarantined-files.txt 2010-09-23 18:27 ComboFix2.txt 2010-09-22 14:16 Pre-Run: 33,642,938,368 bytes free Post-Run: 33,622,511,616 bytes free - - End Of File - - A9E6567E11C75F29657D43FC167F900C
  5. zoskie
    No, I don't have an XP CD.
  6. zoskie
    I'm having trouble with this; I get a screen which says "starting windows recovery console..." and nothing further ever happens.
  7. zoskie
    Combofix log: ComboFix 10-09-21.03 - Maureen Hall 09/22/2010 9:21.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1503 [GMT -4:00] Running from: c:\documents and settings\Maureen Hall\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\iWin Games\iWinGamesHookIE.dll . ((((((((((((((((((((((((( Files Created from 2010-08-22 to 2010-09-22 ))))))))))))))))))))))))))))))) . 2010-09-22 12:55 . 2010-09-22 13:01 -------- d-----w- C:\32788R22FWJFW.0.tmp 2010-09-17 15:23 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-09-17 14:54 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-09-17 14:54 . 2010-09-17 14:54 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-09-17 14:49 . 2010-09-17 14:49 -------- d-----w- c:\documents and settings\Maureen Hall\Local Settings\Application Data\Sunbelt Software 2010-09-17 14:48 . 2010-09-17 14:48 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70} 2010-09-17 14:48 . 2010-09-17 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-09-17 14:48 . 2010-09-17 14:48 -------- d-----w- c:\program files\Lavasoft 2010-09-17 01:57 . 2010-09-17 01:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-09-03 18:34 . 2010-09-03 18:34 -------- d-----w- c:\program files\iPod 2010-09-03 18:33 . 2010-09-03 18:35 -------- d-----w- c:\program files\iTunes 2010-09-03 18:28 . 2010-09-03 18:29 -------- d-----w- c:\program files\QuickTime . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-22 13:37 . 2009-06-05 18:36 -------- d-----w- c:\program files\iWin Games 2010-09-22 13:05 . 2010-02-22 01:43 0 ----a-w- c:\documents and settings\Maureen Hall\Local Settings\Application Data\prvlcl.dat 2010-09-17 16:46 . 2010-09-17 16:47 1994240 ----a-w- c:\windows\Internet Logs\xDB1.tmp 2010-09-17 13:40 . 2008-01-08 03:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-09-16 23:04 . 2008-03-30 17:59 -------- d-----w- c:\program files\a-squared Free 2010-09-16 15:56 . 2010-02-21 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-09-11 16:35 . 2010-07-27 12:38 7948284 ----a-w- c:\windows\Internet Logs\tvDebug.Zip 2010-09-03 19:04 . 2008-08-25 23:09 -------- d-----w- c:\program files\Microsoft Silverlight 2010-09-03 18:34 . 2008-01-25 01:27 -------- d-----w- c:\program files\Common Files\Apple 2010-08-22 00:00 . 2009-02-19 15:53 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-11 19:10 . 2007-11-30 10:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-07-29 18:03 . 2010-09-16 14:06 175890 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat 2010-07-22 19:19 . 2008-03-27 22:12 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2010-07-22 19:12 . 2008-05-04 17:49 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-22 19:12 . 2010-07-22 19:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-22 19:10 . 2008-05-04 17:49 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-06-30 12:31 . 2004-08-10 18:51 149504 ----a-w- c:\windows\system32\schannel.dll 2010-08-07 02:36 . 2008-09-07 00:59 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784] "SODCPreLoad"="c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\preload.exe" [2010-04-29 40960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968] "SigmatelSysTrayApp"="stsystra.exe" [2007-07-10 405504] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-10 137752] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-09-21 184320] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-10 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-10 162328] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-07 30192] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-22 2065760] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160] c:\documents and settings\Maureen Hall\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] OneNote Table Of Contents.onetoc2 [2010-7-20 3656] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-30 50688] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-07-22 19:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "RequireSignedAppInit_DLLs"=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Maureen Hall^Start Menu^Programs^Startup^Folding@Home 5.03.lnk] path=c:\documents and settings\Maureen Hall\Start Menu\Programs\Startup\Folding@Home 5.03.lnk backup=c:\windows\pss\Folding@Home 5.03.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 06:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp] 2008-09-19 01:11 1529856 -c--a-w- c:\program files\ATT-SST\McciTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-02-26 20:12 135664 ----atw- c:\documents and settings\Maureen Hall\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2006-10-03 17:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2006-10-03 17:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-09-01 12:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series] 2003-08-19 10:43 57344 -c--a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] 2006-08-17 15:00 1116920 -c--a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] 2006-11-05 17:22 221184 -c--a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2008-11-07 20:35 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer] 2007-11-26 18:47 1206600 -c--a-w- c:\program files\Webroot\Washer\wwDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2006-11-04 00:20 866584 -c--a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-10-19 00:05 204288 -c----w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Folding@Home\\winFAH.exe"= "c:\\WINDOWS\\system32\\igfxsrvc.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= "c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\iWin Games\\iWinGames.exe"= "c:\\Program Files\\iWin Games\\WebUpdater.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\AIM7\\aim.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/17/2010 10:54 AM 64288] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/4/2008 1:49 PM 216400] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/4/2008 1:49 PM 243024] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/22/2010 3:10 PM 921952] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/22/2010 3:12 PM 308136] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/26/2008 8:29 PM 24652] S2 gupdate1c9a4455a154794;Google Update Service (gupdate1c9a4455a154794);c:\program files\Google\Update\GoogleUpdate.exe [3/13/2009 9:36 PM 133104] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 8:15 AM 1355928] S3 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [3/30/2008 1:59 PM 1872320] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/30/2007 7:07 AM 30192] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 8:15 AM 15008] S3 WizCom;Wizcom USB driver;c:\windows\system32\drivers\WizComDrv.sys [8/20/2008 9:10 PM 27560] S3 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [5/16/2008 6:57 PM 598856] S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-09-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 14:54] 2009-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34] 2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 01:36] 2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 01:36] 2010-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1154142957-43311345-1785161915-1006Core.job - c:\documents and settings\Maureen Hall\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-14 20:12] 2010-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1154142957-43311345-1785161915-1006UA.job - c:\documents and settings\Maureen Hall\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-14 20:12] 2010-01-21 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://groups.yahoo.com/group/ncchuddle/ uInternet Settings,ProxyOverride = 127.0.0.1;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: 0.0.0.0 Trusted Zone: motive.com\pattta.att Trusted Zone: motive.com\patttbc.att DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\ FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/ FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\Maureen Hall\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\Maureen Hall\Application Data\Mozilla\plugins\npcoolirisplugin.dll FF - plugin: c:\documents and settings\Maureen Hall\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe MSConfigStartUp-pccguide - c:\program files\Trend Micro\Internet Security 14\pccguide.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe AddRemove-Aveyond Gates of Night - c:\program files\Yahoo! Games\Aveyond Gates of Night\Uninstall.exe AddRemove-PopCap Browser Plugin - c:\program files\PopCap Games\PopCap Browser Plugin\Uninstall.exe AddRemove-SBC Self Support Tool - c:\docume~1\MAUREE~1\LOCALS~1\Temp\SST\CustomUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-22 09:54 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\docume~1\MAUREE~1\LOCALS~1\Temp\RGI3.tmp 7075 bytes scan completed successfully hidden files: 1 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8ABA1C76]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28 \Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8 \Driver\atapi -> atapi.sys @ 0xb9f37852 \Driver\iaStor -> iaStor.sys @ 0xb9e7cc1a IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 user & kernel MBR OK ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(924) c:\windows\system32\WININET.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'lsass.exe'(988) c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(5816) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\windows\system32\CDRTC.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\System32\bcmwltry.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\wscntfy.exe c:\windows\stsystra.exe c:\windows\system32\igfxsrvc.exe c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\soffice.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE . ************************************************************************** . Completion time: 2010-09-22 10:16:37 - machine was rebooted ComboFix-quarantined-files.txt 2010-09-22 14:16 Pre-Run: 34,225,721,344 bytes free Post-Run: 34,115,977,216 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - A298CE1D8B37DA29B5657EA71DFCEDB1
  8. zoskie
    Hi Elise, For the sake of recovering some files before reformatting, I've run the TDSS killer; here's the log file: 2010/09/17 15:24:25.0328 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44 2010/09/17 15:24:25.0328 ================================================================================ 2010/09/17 15:24:25.0328 SystemInfo: 2010/09/17 15:24:25.0328 2010/09/17 15:24:25.0328 OS Version: 5.1.2600 ServicePack: 3.0 2010/09/17 15:24:25.0328 Product type: Workstation 2010/09/17 15:24:25.0328 ComputerName: DD6BY5F1 2010/09/17 15:24:25.0328 UserName: Maureen Hall 2010/09/17 15:24:25.0328 Windows directory: C:\WINDOWS 2010/09/17 15:24:25.0328 System windows directory: C:\WINDOWS 2010/09/17 15:24:25.0328 Processor architecture: Intel x86 2010/09/17 15:24:25.0328 Number of processors: 2 2010/09/17 15:24:25.0328 Page size: 0x1000 2010/09/17 15:24:25.0328 Boot type: Normal boot 2010/09/17 15:24:25.0328 ================================================================================ 2010/09/17 15:24:26.0109 Initialize success 2010/09/17 15:24:28.0515 ================================================================================ 2010/09/17 15:24:28.0515 Scan started 2010/09/17 15:24:28.0515 Mode: Manual; 2010/09/17 15:24:28.0515 ================================================================================ 2010/09/17 15:24:31.0796 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2010/09/17 15:24:31.0953 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/09/17 15:24:32.0015 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/09/17 15:24:32.0093 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2010/09/17 15:24:32.0328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/09/17 15:24:32.0718 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/09/17 15:24:33.0375 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2010/09/17 15:24:33.0843 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2010/09/17 15:24:33.0984 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2010/09/17 15:24:34.0125 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2010/09/17 15:24:34.0281 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2010/09/17 15:24:34.0437 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2010/09/17 15:24:34.0640 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2010/09/17 15:24:34.0890 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2010/09/17 15:24:35.0296 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2010/09/17 15:24:35.0593 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 2010/09/17 15:24:35.0984 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/09/17 15:24:36.0234 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2010/09/17 15:24:36.0546 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2010/09/17 15:24:36.0921 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2010/09/17 15:24:37.0218 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/09/17 15:24:37.0406 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/09/17 15:24:37.0843 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/09/17 15:24:38.0000 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/09/17 15:24:38.0359 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys 2010/09/17 15:24:38.0671 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys 2010/09/17 15:24:39.0125 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys 2010/09/17 15:24:39.0656 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 2010/09/17 15:24:40.0453 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 2010/09/17 15:24:40.0828 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/09/17 15:24:41.0375 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2010/09/17 15:24:41.0703 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/09/17 15:24:42.0046 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2010/09/17 15:24:42.0515 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2010/09/17 15:24:42.0953 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/09/17 15:24:43.0421 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/09/17 15:24:43.0703 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/09/17 15:24:44.0578 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2010/09/17 15:24:45.0078 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2010/09/17 15:24:45.0718 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2010/09/17 15:24:46.0359 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2010/09/17 15:24:46.0812 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2010/09/17 15:24:47.0328 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2010/09/17 15:24:48.0062 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/09/17 15:24:48.0531 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS 2010/09/17 15:24:48.0921 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 2010/09/17 15:24:49.0125 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2010/09/17 15:24:49.0281 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS 2010/09/17 15:24:49.0453 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 2010/09/17 15:24:49.0625 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 2010/09/17 15:24:49.0906 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 2010/09/17 15:24:50.0109 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 2010/09/17 15:24:50.0312 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 2010/09/17 15:24:50.0468 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 2010/09/17 15:24:51.0640 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/09/17 15:24:54.0015 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/09/17 15:24:54.0281 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/09/17 15:24:54.0796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/09/17 15:24:55.0171 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2010/09/17 15:24:55.0468 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/09/17 15:24:55.0875 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2010/09/17 15:24:56.0046 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2010/09/17 15:24:56.0937 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 2010/09/17 15:24:57.0609 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 2010/09/17 15:24:58.0078 DXEC02 (0c8762b91b967a91373e0e022b62acfc) C:\WINDOWS\system32\drivers\dxec02.sys 2010/09/17 15:24:59.0000 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2010/09/17 15:25:00.0046 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys 2010/09/17 15:25:01.0140 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys 2010/09/17 15:25:02.0234 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/09/17 15:25:02.0515 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/09/17 15:25:02.0750 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/09/17 15:25:02.0937 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/09/17 15:25:03.0437 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/09/17 15:25:03.0750 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/09/17 15:25:04.0281 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/09/17 15:25:05.0093 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2010/09/17 15:25:05.0625 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/09/17 15:25:05.0843 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/09/17 15:25:06.0015 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/09/17 15:25:06.0171 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2010/09/17 15:25:06.0437 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 2010/09/17 15:25:06.0843 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 2010/09/17 15:25:07.0531 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/09/17 15:25:07.0703 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2010/09/17 15:25:07.0843 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2010/09/17 15:25:07.0953 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/09/17 15:25:09.0015 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2010/09/17 15:25:12.0296 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\drivers\iaStor.sys 2010/09/17 15:25:12.0609 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/09/17 15:25:12.0828 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2010/09/17 15:25:13.0109 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/09/17 15:25:13.0593 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/09/17 15:25:13.0812 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/09/17 15:25:14.0234 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/09/17 15:25:14.0468 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/09/17 15:25:14.0671 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/09/17 15:25:14.0765 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/09/17 15:25:15.0156 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/09/17 15:25:15.0281 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/09/17 15:25:15.0312 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/09/17 15:25:15.0406 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/09/17 15:25:15.0515 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/09/17 15:25:15.0765 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 2010/09/17 15:25:16.0031 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys 2010/09/17 15:25:16.0390 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 2010/09/17 15:25:16.0484 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 2010/09/17 15:25:16.0656 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2010/09/17 15:25:17.0187 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/09/17 15:25:17.0453 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/09/17 15:25:17.0484 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/09/17 15:25:17.0515 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/09/17 15:25:17.0625 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/09/17 15:25:17.0750 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2010/09/17 15:25:17.0984 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 2010/09/17 15:25:18.0062 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS 2010/09/17 15:25:18.0109 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS 2010/09/17 15:25:18.0296 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 2010/09/17 15:25:18.0734 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/09/17 15:25:18.0984 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/09/17 15:25:19.0078 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/09/17 15:25:19.0203 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/09/17 15:25:19.0312 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/09/17 15:25:19.0437 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/09/17 15:25:19.0593 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/09/17 15:25:19.0703 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2010/09/17 15:25:19.0921 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/09/17 15:25:20.0031 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2010/09/17 15:25:20.0187 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/09/17 15:25:20.0312 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2010/09/17 15:25:20.0421 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/09/17 15:25:20.0484 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/09/17 15:25:20.0562 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/09/17 15:25:20.0640 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/09/17 15:25:20.0703 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/09/17 15:25:20.0781 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/09/17 15:25:21.0015 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/09/17 15:25:21.0078 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/09/17 15:25:21.0187 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/09/17 15:25:21.0453 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 2010/09/17 15:25:21.0609 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/09/17 15:25:21.0781 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2010/09/17 15:25:22.0109 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/09/17 15:25:22.0265 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/09/17 15:25:22.0812 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/09/17 15:25:23.0046 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/09/17 15:25:23.0156 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/09/17 15:25:23.0265 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/09/17 15:25:23.0453 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/09/17 15:25:23.0671 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/09/17 15:25:23.0781 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/09/17 15:25:24.0578 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2010/09/17 15:25:24.0734 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2010/09/17 15:25:24.0906 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/09/17 15:25:24.0984 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/09/17 15:25:25.0062 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/09/17 15:25:25.0218 PxHelp20 (324c27635e516184c811339a75cefd4a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/09/17 15:25:25.0328 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2010/09/17 15:25:25.0484 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2010/09/17 15:25:25.0656 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2010/09/17 15:25:25.0812 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2010/09/17 15:25:25.0968 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2010/09/17 15:25:26.0171 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/09/17 15:25:26.0328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/09/17 15:25:26.0406 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/09/17 15:25:26.0468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/09/17 15:25:26.0562 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/09/17 15:25:26.0625 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/09/17 15:25:26.0812 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/09/17 15:25:26.0984 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/09/17 15:25:27.0203 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/09/17 15:25:27.0281 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 2010/09/17 15:25:27.0343 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 2010/09/17 15:25:27.0406 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 2010/09/17 15:25:27.0671 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2010/09/17 15:25:27.0828 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/09/17 15:25:28.0078 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/09/17 15:25:28.0578 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/09/17 15:25:28.0750 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/09/17 15:25:28.0890 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2010/09/17 15:25:28.0937 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2010/09/17 15:25:29.0015 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2010/09/17 15:25:29.0156 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/09/17 15:25:29.0281 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/09/17 15:25:29.0546 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/09/17 15:25:29.0765 STHDA (58f855684e163466a5c565adf0865536) C:\WINDOWS\system32\drivers\sthda.sys 2010/09/17 15:25:30.0093 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2010/09/17 15:25:30.0140 STV680 (1c38bfdf92332b488244bf8e2a3f6779) C:\WINDOWS\system32\drivers\STV680.sys 2010/09/17 15:25:30.0171 STV680m (84bc7e28d97be426b301879233f71de6) C:\WINDOWS\system32\drivers\STV680m.sys 2010/09/17 15:25:30.0546 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/09/17 15:25:30.0609 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/09/17 15:25:30.0812 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2010/09/17 15:25:30.0968 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2010/09/17 15:25:31.0125 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2010/09/17 15:25:31.0281 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2010/09/17 15:25:31.0515 SynTP (936cd58395d36659bb798b961ef7357f) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2010/09/17 15:25:31.0656 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/09/17 15:25:31.0921 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/09/17 15:25:32.0125 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/09/17 15:25:32.0296 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/09/17 15:25:32.0406 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/09/17 15:25:32.0687 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2010/09/17 15:25:32.0812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/09/17 15:25:32.0937 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2010/09/17 15:25:33.0140 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/09/17 15:25:33.0375 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys 2010/09/17 15:25:33.0515 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/09/17 15:25:33.0828 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/09/17 15:25:34.0265 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/09/17 15:25:34.0343 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/09/17 15:25:34.0437 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/09/17 15:25:34.0546 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/09/17 15:25:34.0734 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/09/17 15:25:34.0765 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/09/17 15:25:34.0875 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2010/09/17 15:25:35.0000 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2010/09/17 15:25:35.0109 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/09/17 15:25:35.0343 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys 2010/09/17 15:25:35.0437 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/09/17 15:25:35.0593 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2010/09/17 15:25:35.0718 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/09/17 15:25:36.0015 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2010/09/17 15:25:36.0359 WizCom (e60d8eb31cbd9cc88d86296a0998b593) C:\WINDOWS\system32\DRIVERS\WizcomDrv.sys 2010/09/17 15:25:36.0484 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2010/09/17 15:25:36.0593 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys 2010/09/17 15:25:36.0625 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2010/09/17 15:25:36.0734 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/09/17 15:25:36.0906 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/09/17 15:25:36.0984 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0) 2010/09/17 15:25:36.0984 ================================================================================ 2010/09/17 15:25:36.0984 Scan finished 2010/09/17 15:25:36.0984 ================================================================================ 2010/09/17 15:25:37.0015 Detected object count: 1 2010/09/17 15:25:51.0468 \HardDisk0\MBR - will be cured after reboot 2010/09/17 15:25:51.0468 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure 2010/09/17 15:25:56.0390 Deinitialize success
  9. zoskie
    Hi Elise, You have confirmed my worst fears! I don't believe I would ever feel safe using this computer after cleaning, so I will probably reformat/reinstall. May I ask you a couple of questions about that? First of all, will a reformat/reinstall definitely get rid of the infection? And secondly, can I save/backup info from this computer before reinstall, or is it possible to transfer the infection by doing so? Thanks for all your help. zoskie
  10. zoskie
    Rootkit Unhooker report: RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 3) Number of processors #2 ============================================== >Drivers ============================================== 0xB82B1000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5709824 bytes (Intel Corporation, Intel Graphics Miniport Driver) 0xBF1D8000 C:\WINDOWS\System32\igxpdx32.DLL 2605056 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology) 0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System) 0x804D7000 PnpManager 2150400 bytes 0x804D7000 RAW 2150400 bytes 0x804D7000 WMIxWDM 2150400 bytes 0xBF800000 Win32k 1855488 bytes 0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1613824 bytes (Intel Corporation, Component GHAL Driver) 0xA6D11000 C:\WINDOWS\system32\drivers\sthda.sys 1171456 bytes (SigmaTel, Inc., NDRC) 0xA6BAD000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver) 0xB9E73000 iaStor.sys 778240 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32) 0xA6AFA000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver) 0xB81BD000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 606208 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver) 0xB9D86000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver) 0xA3591000 C:\WINDOWS\System32\vsdatant.sys 528384 bytes (Check Point Software Technologies LTD, ZoneAlarm Firewalling Driver) 0xA386C000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic) 0xA2F8E000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0xB8069000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver) 0xA65D0000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver) 0x9DEC5000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver) 0xB8144000 C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver) 0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver) 0x9D894000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack) 0xA656E000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher) 0xA2F32000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver) 0xA6C9F000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver) 0xB8112000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 204800 bytes (Synaptics, Inc., Synaptics Touchpad Driver) 0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT) 0x9DF94000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0xB9D59000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver) 0x9CC86000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer) 0xA2FFE000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver) 0xB8251000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a) 0xA3612000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver) 0xA39D7000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator) 0xA6CED000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0xB8279000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0xB80EF000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library) 0xA3029000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0x806E4000 ACPI_HAL 134400 bytes 0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0xB9E53000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver) 0xA6CD3000 C:\WINDOWS\system32\drivers\dxec02.sys 106496 bytes (Knowles Acoustics, dxec02.sys) 0xB9D3F000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0xB9F31000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver) 0x9E491000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 98304 bytes (Roxio, Drive Letter Access Component) 0x9E4D1000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes 0x9E43C000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component) 0xB9E26000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0xB80D8000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0x9E453000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component) 0xB9E3D000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver) 0x9E1F7000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper) 0xB8195000 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver) 0xB81A9000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver) 0xB829D000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver) 0xA6629000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver) 0xB9E13000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver) 0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver) 0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver) 0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator) 0xB80C7000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler) 0xBA278000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 65536 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver) 0xA2B19000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver) 0xBA2B8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0xBA148000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager) 0xBA118000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver) 0xB9424000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client) 0xB9454000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0xBA0F8000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver) 0xBA2C8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver) 0xA22AE000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter) 0xBA198000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB) 0xBA128000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver) 0xBA288000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver) 0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll) 0xBA298000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver) 0xBA2D8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver) 0xA6E9F000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR) 0xBA2F8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0xA530B000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager) 0xA6E5F000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver) 0xBA2A8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver) 0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager) 0xBA2E8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver) 0xB8893000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy) 0xB88A3000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver) 0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver) 0xB9434000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library) 0xBA268000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver) 0xB88B3000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier) 0xA6E7F000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver) 0x9CE69000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0xBA108000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP) 0xBA1F8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0xA663C000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.) 0xBA390000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.) 0xBA340000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver) 0xBA388000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver) 0xA664C000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver) 0xBA410000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0x9E6EE000 C:\WINDOWS\System32\DLA\DLABMFSM.SYS 28672 bytes (Roxio, Drive Letter Access Component) 0xA5D2E000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component) 0xA2829000 C:\WINDOWS\system32\DRIVERS\elagopro.sys 28672 bytes (Gteko Ltd., Gteko's GoProto protocol driver) 0xA6644000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0xA5D36000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver) 0xBA370000 C:\WINDOWS\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component) 0xBA428000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter) 0xBA420000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver) 0xBA418000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver) 0xBA408000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver) 0xBA378000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0x9E6F6000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 20480 bytes (Roxio, Drive Letter Access Component) 0xBA380000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver) 0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager) 0xBA438000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library) 0xBA440000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver) 0xBA430000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper) 0x9EDC2000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver) 0x9F152000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver) 0xBA4C4000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver) 0xB9A74000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver) 0x9DF34000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver) 0xB9A60000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver) 0x9E410000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver) 0xBA4BC000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver) 0xBA4C0000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver) 0x9E7E8000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver) 0xA6AAA000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices) 0xB9CF7000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter) 0xA6AA6000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver) 0xB9A6C000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0xB8061000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0xB9A70000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI) 0xBA61E000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver) 0xBA5DA000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component) 0xBA61A000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Roxio, Drive Letter Access Component) 0xBA654000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver) 0xBA5C6000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes 0xBA5B4000 C:\WINDOWS\system32\DRIVERS\elaunidr.sys 8192 bytes (Gteko Ltd., GUniDriver) 0xBA61C000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver) 0xBA620000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator) 0xBA622000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport) 0xBA5DC000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0xBA5D8000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0xBA5A8000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0x8AAFF000 C:\WINDOWS\system32\KDCOM.DLL 7040 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0xBA759000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver) 0x9EAB5000 C:\WINDOWS\System32\DLA\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component) 0xBA7AA000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk) 0xBA68E000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver) 0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver) !!!!!!!!!!!Hidden driver: 0x8AB30ABF ?_empty_? 1345 bytes ============================================== >Stealth ============================================== 0xB9F31000 WARNING: suspicious driver modification [atapi.sys::0x8AB30ABF] Thanks for your help!
  11. zoskie
    OTL report: OTL logfile created on: 9/19/2010 4:36:03 PM - Run 1 OTL by OldTimer - Version 3.2.14.0 Folder = C:\Documents and Settings\Maureen Hall\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 143.03 Gb Total Space | 32.04 Gb Free Space | 22.40% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DD6BY5F1 Current User Name: Maureen Hall Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/09/19 16:34:52 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maureen Hall\Desktop\OTL.exe PRC - [2010/09/17 15:33:17 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/09/17 10:54:00 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2010/09/17 10:53:59 | 001,355,928 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/08/06 22:36:16 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe PRC - [2010/07/22 15:12:30 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2010/07/22 15:12:23 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2010/07/22 15:12:22 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2010/07/22 15:12:20 | 001,086,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcmgr.exe PRC - [2010/07/22 15:12:19 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2010/07/22 15:10:47 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe PRC - [2010/07/22 15:10:45 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2010/07/22 15:10:27 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010/04/29 19:18:48 | 000,872,518 | ---- | M] () -- C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\soffice.exe PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/09/21 02:07:20 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe PRC - [2007/07/10 00:03:06 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe PRC - [2007/07/03 15:57:38 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe PRC - [2007/03/15 17:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2006/11/03 20:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe PRC - [2006/11/02 16:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe ========== Modules (SafeList) ========== MOD - [2010/09/19 16:34:52 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maureen Hall\Desktop\OTL.exe MOD - [2010/07/22 15:12:23 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2010/09/17 10:53:59 | 001,355,928 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010/09/16 19:04:22 | 001,872,320 | ---- | M] (Emsi Software GmbH) [On_Demand | Stopped] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free) SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/08/06 22:36:16 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108) SRV - [2010/07/22 15:12:19 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010/07/22 15:10:47 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus® SRV - [2010/03/04 13:00:56 | 000,025,704 | R--- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService) SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) SRV - [2007/11/26 14:50:52 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc) SRV - [2007/03/19 14:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\PCAMPR5.SYS -- (PCAMPR5) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64) DRV - [2010/08/12 08:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2010/08/12 08:15:19 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2010/07/22 15:12:25 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010/07/22 15:10:45 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010/06/02 09:35:25 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr) DRV - [2008/07/28 18:26:30 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2008/07/28 18:26:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007/07/16 22:26:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2007/07/16 22:26:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2007/07/16 22:26:46 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2007/07/10 16:22:22 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007/07/10 16:22:20 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007/07/10 16:22:18 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007/07/10 00:21:54 | 000,202,912 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2007/07/10 00:03:04 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2007/07/09 23:58:42 | 005,707,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2007/05/08 22:22:58 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor) DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro) DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr) DRV - [2007/03/16 19:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2007/02/25 14:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv) DRV - [2006/11/21 05:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006/11/02 14:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02) DRV - [2006/10/05 19:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2006/08/18 15:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM) DRV - [2006/08/18 15:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM) DRV - [2006/08/18 15:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2006/08/18 15:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2006/08/18 15:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2006/08/18 15:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2006/08/18 15:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2006/08/18 15:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2006/08/11 13:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM) DRV - [2006/08/11 12:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M) DRV - [2006/07/21 13:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB) DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV) DRV - [2004/11/22 18:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5) DRV - [2004/11/22 18:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5) DRV - [2004/08/19 12:25:46 | 000,027,560 | ---- | M] (KEC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WizComDrv.sys -- (WizCom) DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2002/02/11 13:13:36 | 000,119,536 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stv680.sys -- (STV680) DRV - [2002/02/11 13:13:36 | 000,009,024 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stv680m.sys -- (STV680m) DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071130 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071130 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071130 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071130 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071130 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071130 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1154142957-43311345-1785161915-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071130 IE - HKU\S-1-5-21-1154142957-43311345-1785161915-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/...html?channel=us IE - HKU\S-1-5-21-1154142957-43311345-1785161915-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://groups.yahoo.com/group/ncchuddle/ IE - HKU\S-1-5-21-1154142957-43311345-1785161915-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-1154142957-43311345-1785161915-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1154142957-43311345-1785161915-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local ========== FireFox ========== FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://cm.my.yahoo.com/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.3 FF - prefs.js..extensions.enabledItems: feedbar@efinke.com:4.4.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/22 15:23:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0847}: C:\Program Files\iWin Games\firefox\ [2009/06/05 15:03:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 15:33:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 15:33:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.12\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/03 14:29:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.12\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/09/03 14:29:23 | 000,000,000 | ---D | M] [2008/06/17 18:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Extensions [2010/09/18 23:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\extensions [2010/08/29 09:19:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2009/12/24 11:13:21 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2009/05/28 17:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\extensions\{9bc51d13-3849-4541-a69c-da418934ca05} [2009/10/03 21:04:16 | 000,000,000 | ---D | M] (Book Burro) -- C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\extensions\{c7d1f80d-de65-49ee-852b-2b00b3b19a5d} [2010/06/26 08:39:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} [2010/08/18 08:17:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/06/23 08:50:31 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010/07/31 21:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\extensions\feedbar@efinke.com [2010/08/02 22:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\extensions\feedly@devhd [2010/04/09 10:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\extensions\follow2-lite@follow2.com [2008/08/25 19:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\extensions\moveplayer@movenetworks.com [2010/06/03 07:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\extensions\piclens@cooliris.com [2010/09/11 10:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\extensions\zotero@chnm.gmu.edu [2010/08/02 22:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\extensions\feedly@devhd\content\app\extension [2008/02/27 22:38:17 | 000,002,095 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\searchplugins\expediacom.xml [2008/11/13 09:59:43 | 000,002,317 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\searchplugins\free-ebooks-search.xml [2010/09/15 08:26:40 | 000,002,076 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\searchplugins\google-scholar--ub.xml [2008/11/27 11:01:20 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\searchplugins\jstor.xml [2008/06/18 21:47:22 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\searchplugins\webster.xml [2008/06/23 09:44:51 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Firefox\Profiles\sz8ju4m0.default\searchplugins\wikipedia-en.xml [2010/09/18 23:08:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/04/29 18:45:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/29 18:45:14 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2008/02/20 18:00:46 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll [2008/10/15 21:07:32 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll [2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O3 - HKU\S-1-5-21-1154142957-43311345-1785161915-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-21-1154142957-43311345-1785161915-1006..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.) O4 - HKU\S-1-5-21-1154142957-43311345-1785161915-1006..\Run: [sODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\preload.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software ) O4 - Startup: C:\Documents and Settings\Maureen Hall\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Maureen Hall\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1154142957-43311345-1785161915-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-1154142957-43311345-1785161915-1006\..Trusted Domains: 0.0.0.0 ([]https in Trusted sites) O15 - HKU\S-1-5-21-1154142957-43311345-1785161915-1006\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-1154142957-43311345-1785161915-1006\..Trusted Domains: motive.com ([pattta.att] https in Trusted sites) O15 - HKU\S-1-5-21-1154142957-43311345-1785161915-1006\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites) O15 - HKU\S-1-5-21-1154142957-43311345-1785161915-1006\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (AVGRSSTX.DLL) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\.DEFAULT Winlogon: Shell - (C:\WINDOWS\system32\config\systemprofile\Application Data\antispy.exe) - C:\WINDOWS\system32\config\systemprofile\Application Data\antispy.exe () O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\WINDOWS\system32\config\systemprofile\Application Data\antispy.exe) - C:\WINDOWS\system32\config\systemprofile\Application Data\antispy.exe () O20 - HKU\S-1-5-21-1154142957-43311345-1785161915-1006 Winlogon: Shell - (C:\Documents and Settings\Maureen Hall\Application Data\antispy.exe) - C:\Documents and Settings\Maureen Hall\Application Data\antispy.exe File not found O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop WallPaper: C:\WINDOWS\dell.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Maureen Hall\Application Data\Mozilla\Firefox\Desktop Background.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{865fc3ae-a452-11dc-9c27-001e4c466ace}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010/09/19 16:34:49 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Maureen Hall\Desktop\OTL.exe [2010/09/17 10:54:13 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2010/09/17 10:54:08 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010/09/17 10:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maureen Hall\Local Settings\Application Data\Sunbelt Software [2010/09/17 10:48:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70} [2010/09/17 10:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2010/09/17 10:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2010/09/17 10:34:56 | 133,582,520 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Maureen Hall\My Documents\Ad-AwareInstall.exe [2010/09/16 21:57:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2010/09/16 09:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/09/16 09:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/09/07 14:44:52 | 001,293,400 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Maureen Hall\Desktop\345.com.exe [2010/09/03 14:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/09/03 14:33:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/09/03 14:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/07/22 15:19:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs [2010/07/22 15:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs [2010/07/22 15:12:23 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2010/07/22 15:06:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2010/06/23 08:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\NOS [2010/06/23 08:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\Documents and Settings\Maureen Hall\My Documents\*.tmp files -> C:\Documents and Settings\Maureen Hall\My Documents\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010/09/19 16:34:52 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maureen Hall\Desktop\OTL.exe [2010/09/19 16:30:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/09/19 16:30:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/09/19 16:27:00 | 064,994,498 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010/09/19 16:26:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/09/19 09:50:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Local Settings\Application Data\prvlcl.dat [2010/09/19 09:47:01 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1154142957-43311345-1785161915-1006UA.job [2010/09/19 09:40:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/09/19 09:40:32 | 2137,038,848 | -HS- | M] () -- C:\hiberfil.sys [2010/09/19 09:39:42 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\ntuser.dat [2010/09/19 09:39:19 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Maureen Hall\ntuser.ini [2010/09/18 23:15:30 | 000,004,204 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\Attach.zip [2010/09/18 22:34:45 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\wvn3lun2.exe [2010/09/18 18:00:22 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\q6x3b4t1.exe [2010/09/18 14:47:23 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1154142957-43311345-1785161915-1006Core.job [2010/09/18 13:53:39 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\sj2st8w5.exe [2010/09/18 13:33:13 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\4nkhdmd9.exe [2010/09/18 12:50:49 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\euiv8yjn.exe [2010/09/18 12:33:58 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\u9by6pqe.exe [2010/09/18 12:14:20 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\nm966myj.exe [2010/09/18 09:52:25 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\Google Chrome.lnk [2010/09/18 09:52:25 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010/09/17 19:29:23 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\zwrg8hms.exe [2010/09/17 19:19:39 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\dds.scr [2010/09/17 19:16:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\defogger_reenable [2010/09/17 19:15:51 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\Defogger.exe [2010/09/17 12:40:38 | 001,293,400 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Maureen Hall\Desktop\345.com.exe [2010/09/17 12:38:43 | 001,193,882 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\My Documents\tdsskiller.zip [2010/09/17 10:56:50 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/09/17 10:54:08 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010/09/17 10:48:48 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk [2010/09/17 10:48:48 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2010/09/17 10:42:41 | 133,582,520 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Maureen Hall\My Documents\Ad-AwareInstall.exe [2010/09/17 10:26:26 | 006,633,644 | -H-- | M] () -- C:\Documents and Settings\Maureen Hall\Local Settings\Application Data\IconCache.db [2010/09/17 09:32:43 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini [2010/09/17 09:32:43 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2010/09/17 09:32:41 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/09/15 19:41:37 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/09/09 15:10:55 | 000,002,444 | ---- | M] () -- C:\WINDOWS\citation.ini [2010/09/06 14:50:42 | 000,162,950 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\My Documents\summaryofsummaries.docx [2010/09/03 14:29:10 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2010/09/02 17:09:13 | 000,116,355 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\My Documents\sissonthree.dat [2010/09/02 17:06:21 | 000,107,462 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\My Documents\sissonone.dat [2010/08/28 16:26:56 | 000,847,431 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\7as.jpg [2010/08/28 16:26:12 | 000,136,730 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\barbie-white13.jpg [2010/08/28 16:25:59 | 000,164,746 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\intermixed-teen-hardcore-9.jpg [2010/08/23 19:49:55 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\Microsoft Office Word 2007.lnk [2010/08/23 19:49:55 | 000,002,317 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OverDrive Media Console.lnk [2010/08/23 19:49:55 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\Skype.lnk [2010/08/22 22:55:11 | 000,112,378 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\014as.jpg [2010/08/22 22:44:51 | 000,306,037 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\2.jpg [2010/08/22 22:42:54 | 000,160,544 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\750_12h.jpg [2010/08/22 22:42:20 | 000,104,626 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\9.jpg [2010/08/22 22:42:05 | 000,119,757 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\7.jpg [2010/08/22 22:36:30 | 000,286,908 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\8.jpg [2010/08/22 22:33:26 | 000,150,854 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\Sarah-Shevon_14.jpg [2010/08/22 22:32:51 | 000,177,865 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\Sarah-Shevon_16.jpg [2010/08/22 22:26:36 | 000,137,901 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\14as.jpg [2010/08/22 22:21:44 | 000,317,913 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\Larisa-Dee_17.jpg [2010/08/22 22:17:42 | 000,155,108 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\tory-lane13.jpg [2010/08/22 22:12:51 | 000,175,101 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\16as.jpg [2010/08/22 22:12:43 | 000,177,961 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\15as.jpg [2010/08/22 22:12:33 | 000,167,019 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\13as.jpg [2010/08/22 22:12:18 | 000,211,841 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\12as.jpg [2010/08/22 22:12:06 | 000,210,820 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\11as.jpg [2010/08/22 22:11:54 | 000,214,731 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\10as.jpg [2010/08/22 22:10:59 | 000,215,619 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\09as.jpg [2010/08/22 22:10:37 | 000,226,795 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\08as.jpg [2010/08/22 22:10:21 | 000,225,076 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\07as.jpg [2010/08/22 22:10:05 | 000,186,269 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\06as.jpg [2010/08/22 22:09:46 | 000,168,457 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\03as.jpg [2010/08/21 20:00:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/08/13 14:16:16 | 000,016,404 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\My Documents\anarchism.docx [2010/08/12 08:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2010/08/12 08:15:20 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2010/08/11 22:29:30 | 000,519,478 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\15a.jpg [2010/08/11 15:27:20 | 000,212,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/08/11 15:20:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/08/11 15:19:21 | 000,507,034 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/08/11 15:19:21 | 000,444,786 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/08/11 15:19:21 | 000,073,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/07/29 11:27:38 | 000,186,097 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\My Documents\sc_fan_pack_01.zip [2010/07/25 19:46:12 | 000,109,997 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\21.jpg [2010/07/25 19:45:56 | 000,105,536 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\27.jpg [2010/07/25 19:29:38 | 000,132,017 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\14a.jpg [2010/07/25 19:27:11 | 000,066,199 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\12.jpg [2010/07/25 19:25:27 | 000,086,206 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\13.jpg [2010/07/25 19:25:17 | 000,071,854 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\15.jpg [2010/07/25 19:25:09 | 000,069,205 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\11.jpg [2010/07/25 19:21:04 | 000,168,345 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\013.jpg [2010/07/25 19:16:14 | 000,159,407 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\10a.jpg [2010/07/25 19:16:02 | 000,183,921 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\07.jpg [2010/07/25 19:15:29 | 000,179,281 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\14.jpg [2010/07/25 19:14:39 | 000,256,737 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\014.jpg [2010/07/25 19:14:09 | 000,116,171 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\10.jpg [2010/07/25 19:14:02 | 000,108,865 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\06.jpg [2010/07/25 19:13:54 | 000,101,026 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\08.jpg [2010/07/25 19:01:48 | 000,107,866 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\09.jpg [2010/07/25 19:01:30 | 000,094,331 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\03.jpg [2010/07/22 19:39:28 | 002,116,859 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\My Documents\3-free-scarf-knitting-patterns.pdf [2010/07/22 19:38:19 | 003,419,852 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\My Documents\CrochetMe-Crochet-Hats.pdf [2010/07/22 19:07:10 | 004,244,919 | R--- | M] () -- C:\Documents and Settings\Maureen Hall\My Documents\Knitting%20Techniques%20freemium_FINAL.pdf [2010/07/22 15:20:18 | 000,420,800 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2010/07/22 15:19:54 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat [2010/07/22 15:19:52 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\Desktop\ZoneAlarm Security.lnk [2010/07/22 15:18:39 | 046,899,712 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\My Documents\zaSetup_92_057_000_en.exe [2010/07/22 15:12:25 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2010/07/22 15:12:23 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2010/07/22 15:10:45 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2010/07/22 15:02:41 | 003,801,120 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\My Documents\cpes_clean.exe [2010/07/22 14:41:08 | 046,899,712 | ---- | M] () -- C:\Documents and Settings\Maureen Hall\My Documents\zaSetup_92_057_000_en(2).exe [2010/07/22 11:06:46 | 000,000,674 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf [2010/07/20 22:57:46 | 000,003,656 | -HS- | M] () -- C:\Documents and Settings\Maureen Hall\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\Documents and Settings\Maureen Hall\My Documents\*.tmp files -> C:\Documents and Settings\Maureen Hall\My Documents\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/09/18 23:15:30 | 000,004,204 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\Attach.zip [2010/09/18 22:34:42 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\wvn3lun2.exe [2010/09/18 18:00:19 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\q6x3b4t1.exe [2010/09/18 13:53:36 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\sj2st8w5.exe [2010/09/18 13:33:07 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\4nkhdmd9.exe [2010/09/18 12:50:45 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\euiv8yjn.exe [2010/09/18 12:33:53 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\u9by6pqe.exe [2010/09/18 12:14:16 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\nm966myj.exe [2010/09/17 19:29:20 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\zwrg8hms.exe [2010/09/17 19:19:30 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\dds.scr [2010/09/17 19:16:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\defogger_reenable [2010/09/17 19:15:41 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\Defogger.exe [2010/09/17 12:38:35 | 001,193,882 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\My Documents\tdsskiller.zip [2010/09/17 11:23:20 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2010/09/17 10:55:15 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/09/17 10:48:48 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk [2010/09/17 10:48:48 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2010/09/05 18:05:31 | 000,162,950 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\My Documents\summaryofsummaries.docx [2010/09/03 14:35:17 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/09/03 14:29:10 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2010/09/02 17:09:13 | 000,116,355 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\My Documents\sissonthree.dat [2010/09/02 17:06:03 | 000,107,462 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\My Documents\sissonone.dat [2010/08/28 16:26:55 | 000,847,431 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\7as.jpg [2010/08/28 16:26:11 | 000,136,730 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\barbie-white13.jpg [2010/08/28 16:25:56 | 000,164,746 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\intermixed-teen-hardcore-9.jpg [2010/08/22 22:55:11 | 000,112,378 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\014as.jpg [2010/08/22 22:44:51 | 000,306,037 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\2.jpg [2010/08/22 22:42:54 | 000,160,544 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\750_12h.jpg [2010/08/22 22:42:20 | 000,104,626 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\9.jpg [2010/08/22 22:42:05 | 000,119,757 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\7.jpg [2010/08/22 22:36:29 | 000,286,908 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\8.jpg [2010/08/22 22:33:26 | 000,150,854 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\Sarah-Shevon_14.jpg [2010/08/22 22:32:50 | 000,177,865 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\Sarah-Shevon_16.jpg [2010/08/22 22:26:36 | 000,137,901 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\14as.jpg [2010/08/22 22:21:44 | 000,317,913 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\Larisa-Dee_17.jpg [2010/08/22 22:17:42 | 000,155,108 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\tory-lane13.jpg [2010/08/22 22:12:51 | 000,175,101 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\16as.jpg [2010/08/22 22:12:42 | 000,177,961 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\15as.jpg [2010/08/22 22:12:33 | 000,167,019 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\13as.jpg [2010/08/22 22:12:18 | 000,211,841 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\12as.jpg [2010/08/22 22:12:05 | 000,210,820 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\11as.jpg [2010/08/22 22:11:54 | 000,214,731 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\10as.jpg [2010/08/22 22:10:58 | 000,215,619 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\09as.jpg [2010/08/22 22:10:36 | 000,226,795 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\08as.jpg [2010/08/22 22:10:21 | 000,225,076 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\07as.jpg [2010/08/22 22:10:05 | 000,186,269 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\06as.jpg [2010/08/22 22:09:45 | 000,168,457 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\03as.jpg [2010/08/12 14:02:16 | 000,016,404 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\My Documents\anarchism.docx [2010/08/11 22:29:29 | 000,519,478 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\15a.jpg [2010/07/29 11:27:36 | 000,186,097 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\My Documents\sc_fan_pack_01.zip [2010/07/25 19:46:12 | 000,109,997 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\21.jpg [2010/07/25 19:45:55 | 000,105,536 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\27.jpg [2010/07/25 19:29:37 | 000,132,017 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\14a.jpg [2010/07/25 19:27:11 | 000,066,199 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\12.jpg [2010/07/25 19:25:27 | 000,086,206 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\13.jpg [2010/07/25 19:25:16 | 000,071,854 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\15.jpg [2010/07/25 19:25:08 | 000,069,205 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\11.jpg [2010/07/25 19:21:04 | 000,168,345 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\013.jpg [2010/07/25 19:16:14 | 000,159,407 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\10a.jpg [2010/07/25 19:16:02 | 000,183,921 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\07.jpg [2010/07/25 19:15:29 | 000,179,281 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\14.jpg [2010/07/25 19:14:39 | 000,256,737 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\014.jpg [2010/07/25 19:14:09 | 000,116,171 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\10.jpg [2010/07/25 19:14:02 | 000,108,865 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\06.jpg [2010/07/25 19:13:54 | 000,101,026 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\08.jpg [2010/07/25 19:01:47 | 000,107,866 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\09.jpg [2010/07/25 19:01:30 | 000,094,331 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\03.jpg [2010/07/22 19:39:23 | 002,116,859 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\My Documents\3-free-scarf-knitting-patterns.pdf [2010/07/22 19:38:15 | 003,419,852 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\My Documents\CrochetMe-Crochet-Hats.pdf [2010/07/22 19:08:34 | 004,244,919 | R--- | C] () -- C:\Documents and Settings\Maureen Hall\My Documents\Knitting%20Techniques%20freemium_FINAL.pdf [2010/07/22 15:19:52 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Desktop\ZoneAlarm Security.lnk [2010/07/22 15:19:33 | 000,420,800 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml [2010/07/22 15:02:34 | 003,801,120 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\My Documents\cpes_clean.exe [2010/07/22 14:38:33 | 046,899,712 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\My Documents\zaSetup_92_057_000_en(2).exe [2010/07/20 22:57:46 | 000,003,656 | -HS- | C] () -- C:\Documents and Settings\Maureen Hall\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 [2010/07/02 09:56:36 | 046,899,712 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\My Documents\zaSetup_92_057_000_en.exe [2010/02/21 21:43:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Local Settings\Application Data\prvlcl.dat [2009/03/24 13:37:07 | 000,002,444 | ---- | C] () -- C:\WINDOWS\citation.ini [2009/03/24 13:37:07 | 000,000,422 | ---- | C] () -- C:\WINDOWS\System32\MSST42.DLL [2008/08/04 11:47:18 | 000,000,364 | ---- | C] () -- C:\WINDOWS\pstudio.ini [2008/08/04 11:47:18 | 000,000,164 | ---- | C] () -- C:\WINDOWS\photoprn.ini [2008/08/04 11:47:18 | 000,000,140 | ---- | C] () -- C:\WINDOWS\fantasy2.ini [2008/07/14 16:04:27 | 000,000,128 | ---- | C] () -- C:\WINDOWS\Sierra.ini [2008/07/14 15:55:17 | 000,000,048 | ---- | C] () -- C:\WINDOWS\LFWIN.INI [2008/03/27 18:12:08 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2008/01/11 12:26:38 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2008/01/07 12:43:44 | 000,107,008 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/01/04 01:47:54 | 000,000,244 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2007/12/21 16:17:17 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Maureen Hall\Local Settings\Application Data\fusioncache.dat [2007/11/30 07:13:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007/11/30 07:02:56 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll [2007/11/30 06:55:52 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL [2007/11/30 06:55:51 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini [2007/11/30 06:47:59 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2007/11/30 06:47:56 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2007/11/30 06:21:58 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2007/11/30 06:21:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll [2007/11/30 06:21:56 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2007/11/30 06:20:27 | 000,001,121 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006/11/07 06:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll [2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll [2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2003/08/18 06:46:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL [2002/11/13 11:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll [2002/09/13 07:40:06 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini ========== LOP Check ========== [2008/11/26 20:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore [2010/06/18 21:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM [2008/02/03 16:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon [2010/09/16 11:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2008/01/04 01:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2008/01/18 14:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2009/06/05 14:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games [2008/03/27 18:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier [2010/06/14 16:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst [2008/02/20 18:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap [2010/04/08 21:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games [2007/12/21 20:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2009/06/13 20:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2007/11/30 07:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO [2010/03/30 21:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/10/14 14:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010/09/17 10:48:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70} [2008/11/26 20:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\acccore [2007/12/05 22:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\Aim [2007/12/05 20:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\AlwaysNeat [2007/12/14 13:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\Amazon [2009/04/04 18:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\Aveyond II [2009/02/11 23:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\Big Fish Games [2008/01/04 18:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\DataSafeOnline [2008/03/20 17:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\eGames [2010/06/14 17:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\Facebook [2008/11/13 21:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\Free Spider TreeCardGames [2008/01/18 14:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\Grisoft [2009/06/05 14:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\iWin [2009/06/05 14:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\iWinArcade [2009/12/16 15:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\Magic Academy 2 [2009/04/29 17:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\MysteryStudio [2008/07/19 21:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\OverDrive [2010/06/14 16:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\PlayFirst [2009/10/28 18:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\SpinTop Games [2008/04/25 13:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\Thunderbird [2009/01/16 01:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\Viewpoint [2008/08/20 21:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hall\Application Data\WizCom [2010/09/17 10:56:50 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2010/01/21 11:02:40 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job ========== Purity Check ========== < End of report > Extras: OTL Extras logfile created on: 9/19/2010 4:36:03 PM - Run 1 OTL by OldTimer - Version 3.2.14.0 Folder = C:\Documents and Settings\Maureen Hall\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 143.03 Gb Total Space | 32.04 Gb Free Space | 22.40% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DD6BY5F1 Current User Name: Maureen Hall Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:aim -- (America Online, Inc.) "C:\Program Files\Folding@Home\winFAH.exe" = C:\Program Files\Folding@Home\winFAH.exe:*:Enabled:Folding@Home 5.03 -- (Stanford University) "C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found "C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found "C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found "C:\Program Files\Yahoo! Games\Wordcraft\WordCraft.exe" = C:\Program Files\Yahoo! Games\Wordcraft\WordCraft.exe:*:Disabled:JAMDAT WordCraft Application -- File not found "C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.) "C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.) "C:\Program Files\PopCap Games\Rocket Mania Deluxe\RocketMania.exe" = C:\Program Files\PopCap Games\Rocket Mania Deluxe\RocketMania.exe:*:Disabled:RocketMania -- File not found "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found "C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC) "C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found "C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.) "C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- () "C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL Inc.) "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE "{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in "{252ED5B8-F624-4EA4-86BE-AA28BBD8B3A2}" = Zenerchi "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20 "{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51A28919-1745-4D4D-9F05-D980ACC8CB96}" = Citation "{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video "{59FD743D-A699-449E-8197-BD2899DAD69A}" = OverDrive Media Console "{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel "{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6a3b6195-f7c7-453f-9387-450cfd91e3b5}" = IBM Lotus Symphony "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7835C855-43B6-4539-AE2C-8DF464BD16FD}" = WizCom Desktop "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{821DABD6-26F2-49E5-AE55-40A589ADBE6D}" = Pharaoh and Cleopatra "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3 "{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype
  12. zoskie
    My computer has become infected with the Google redirect whatever it is; I'm also getting pop-ups from AdAware AdWatch telling me that svchost.exe is attempting to contact a malicious website, and a recurring error that Generic Host Process for Win32 Services has encountered an error and needs to close. I have tried at least 10 times now to run GREM, and have only once been able to finish the scan; every other time, either the program completely freezes up at some point, or the whole computer does. The one time I got the scan finished, when I attempted to save the results, the program froze up. Twice, I got a blue screen shut down; once, the error message was that a driver had overrun its stack which could allow a malicious user to gain control of the computer, and the second time it said the problem appeared to be with fftoapog.sys and was causing a page fault in a non-paged area. Please help! Malwarebytes' Anti-Malware 1.44 Database version: 3830 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 9/17/2010 3:19:07 PM mbam-log-2010-09-17 (15-19-07).txt Scan type: Full Scan (C:\|) Objects scanned: 246470 Time elapsed: 2 hour(s), 18 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_10-03-17.01) - NTFSx86 Run by Maureen Hall at 19:20:10.67 on Fri 09/17/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.889 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Dell\MediaDirect\PCMService.exe C:\WINDOWS\system32\KADxMain.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\soffice.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Maureen Hall\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://groups.yahoo.com/group/ncchuddle/ uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071130 uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us uInternet Settings,ProxyOverride = 127.0.0.1;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie uWinlogon: Shell=c:\documents and settings\maureen hall\application data\antispy.exe BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup uRun: [sODCPreLoad] c:\program files\ibm\lotus\symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\preload.exe c:\docume~1\mauree~1\ibm\lotus\symphony\.sodc\ mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe" mRun: [KADxMain] c:\windows\system32\KADxMain.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [ECenter] c:\dell\e-center\EULALauncher.exe mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\docume~1\mauree~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\documents and settings\maureen hall\start menu\programs\startup\OneNote Table Of Contents.onetoc2 StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll Trusted Zone: 0.0.0.0 Trusted Zone: motive.com\pattta.att Trusted Zone: motive.com\patttbc.att DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll AppInit_DLLs: AVGRSSTX.DLL c:\progra~1\google\google~2\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\mauree~1\applic~1\mozilla\firefox\profiles\sz8ju4m0.default\ FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/ FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\maureen hall\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\maureen hall\application data\mozilla\firefox\profiles\sz8ju4m0.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\maureen hall\application data\mozilla\plugins\npcoolirisplugin.dll FF - plugin: c:\documents and settings\maureen hall\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-17 64288] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-4 216400] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-1-5 29584] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-4 243024] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-7-22 532224] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-22 921952] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-22 308136] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355928] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-26 24652] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008] S2 gupdate1c9a4455a154794;Google Update Service (gupdate1c9a4455a154794);c:\program files\google\update\GoogleUpdate.exe [2009-3-13 133104] S3 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2008-3-30 1872320] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-30 30192] S3 WizCom;Wizcom USB driver;c:\windows\system32\drivers\WizComDrv.sys [2008-8-20 27560] S3 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-5-16 598856] S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] =============== Created Last 30 ================ 2010-09-17 23:16:52 0 ----a-w- c:\documents and settings\maureen hall\defogger_reenable 2010-09-17 15:23:20 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-09-17 14:54:13 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-09-17 14:54:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-09-17 14:48:51 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70} 2010-09-17 14:48:18 0 d-----w- c:\program files\Lavasoft 2010-09-03 18:34:02 0 d-----w- c:\program files\iPod 2010-09-03 18:33:59 0 d-----w- c:\program files\iTunes ==================== Find3M ==================== 2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll 2010-07-22 19:19:54 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2010-07-22 19:12:25 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-22 19:12:23 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-22 19:10:45 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll 2010-06-24 21:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll 2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 12:22:03 916480 ------w- c:\windows\system32\dllcache\wininet.dll 2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll 2010-06-24 12:22:01 611840 ------w- c:\windows\system32\dllcache\mstime.dll 2010-06-24 12:22:01 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll 2010-06-24 12:22:01 206848 ------w- c:\windows\system32\dllcache\occache.dll 2010-06-24 12:21:59 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll 2010-06-24 12:21:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll 2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll 2010-06-24 12:21:58 184320 ------w- c:\windows\system32\dllcache\iepeers.dll 2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll 2010-06-23 17:51:22 1238528 ----a-w- c:\windows\system32\zpeng25.dll 2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys 2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys ============= FINISH: 19:22:49.00 =============== Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.