Jump to content

Umpalumpa

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

 Content Type 

Everything posted by Umpalumpa

  1. Umpalumpa
    Posting log. Thank you. DDS (Ver_10-10-21.02) - NTFSx86 Run by Lisa Pratt at 16:40:11.85 on Thu 10/21/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.209 [GMT -4:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe C:\documents and settings\lisa pratt\local settings\temp\fsg_4203.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Common Files\AOL\1171534602\ee\AOLSoftware.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe C:\Program Files\Search Settings\SearchSettings.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\AWS\WeatherBug\Weather.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Digital Line Detect\DLG.exe svchost.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\dlbxcoms.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ISTsvc\istsvc.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Lisa Pratt\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://search.bearshare.com/ uSearch Page = hxxp://www.couldnotfind.com/search_page.html?&account_id=1002412 uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm080YYUS&fl=0&ptb=pLH95J1BBhS.DOCKBzyzWA&ind=2007111822&url=http://www.ask.com/web&q={searchTerms}&l=zu&o=sb uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.couldnotfind.com/search_page.html?&account_id=1002412 mSearchAssistant = hxxp://channels.aimtoday.com/search/aimtoolbar.jsp uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\program files\bearsharetb\BearShareDx.dll BHO: InstaFinderK: {4e7bd74f-2b8d-469e-90f0-f66ab581a933} - c:\progra~1\instaf~1\INSTAF~1.DLL BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\program files\bearsharetb\BearShareDx.dll TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\mskagent.exe uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1 uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [opmnklaudio] rundll32.exe "pmnmml.dll",s mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [<NO NAME>] mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [dlbxmon.exe] "c:\program files\dell photo aio printer 962\dlbxmon.exe" mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [Trickler] "c:\documents and settings\lisa pratt\local settings\temp\fsg_4203.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [PDUiP6700DMon] c:\program files\canon\memory card utility\ip6700d\PDUiP6700DMon.exe mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe mRun: [HostManager] c:\program files\common files\aol\1171534602\ee\AOLSoftware.exe mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe" mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe mRun: [searchSettings] c:\program files\search settings\SearchSettings.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [dALJd] c:\windows\bslcsfjw.exe mRun: [mliifdaudio] rundll32.exe "pmnmml.dll",s mRun: [iihedasys] rundll32.exe "nnmlii.dll",s mRun: [iST Service] c:\program files\istsvc\istsvc.exe dRun: [Adobe cleanup] rundll32.exe "c:\documents and settings\localservice\local settings\application data\adobe updater\mph.dll", StartProt dRun: [gedbxusys] rundll32.exe "nnmlii.dll",s dRun: [rqrronaudio] rundll32.exe "pmnmml.dll",s dRunOnce: [91607778] "c:\docume~1\locals~1\locals~1\applic~1\91607778.exe" 0 24 StartupFolder: c:\documents and settings\lisa pratt\start menu\programs\startup\PowerReg Scheduler V3.exe StartupFolder: c:\documents and settings\lisa pratt\start menu\programs\startup\PowerReg Scheduler.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm IE: &Search IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: facebook.com\www Trusted Zone: turbotax.com DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Notify: igfxcui - igfxsrvc.dll AppInit_DLLs: c:\windows\system32\mcafeemn.dll STS: convalescently: {cea2e5cd-e849-427b-80f0-59298caef1c4} - c:\windows\system32\cqsfk.dll LSA: Authentication Packages = msv1_0 nnmlii.dll ============= SERVICES / DRIVERS =============== R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-1 24652] S2 windump;Windows Dumper Host;c:\windows\system32\windump.exe --> c:\windows\system32\windump.exe [?] S3 gtermddo;gtermddo;c:\docume~1\lisapr~1\locals~1\temp\gtermddo.sys [2004-4-9 31744] =============== Created Last 30 ================ 2010-10-21 20:17:02 118272 ---ha-w- c:\windows\system32\tuvvvw.dll 2010-10-21 19:27:59 118272 ---ha-w- c:\windows\system32\khifda.dll 2010-10-21 15:31:27 118272 ---ha-w- c:\windows\system32\xxyvsp.dll 2010-10-21 14:24:34 118272 ---ha-w- c:\windows\system32\xxvuuu.dll 2010-10-21 13:25:34 118272 ---ha-w- c:\windows\system32\fccaxy.dll 2010-10-21 13:08:08 118272 ---ha-w- c:\windows\system32\xxvtro.dll 2010-10-21 13:07:22 -------- d-----w- c:\program files\ISTsvc 2010-10-21 11:23:43 118272 ---ha-w- c:\windows\system32\pmnmml.dll 2010-10-21 11:15:16 118272 ---ha-w- c:\windows\system32\opmkhh.dll 2010-10-20 11:18:49 -------- d-----w- c:\docume~1\lisapr~1\applic~1\Malwarebytes 2010-10-20 11:00:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-20 11:00:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-20 11:00:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-10-20 11:00:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-16 01:24:47 140288 ----a-w- c:\windows\system32\pcre3.dll 2010-10-16 01:24:15 109056 ---ha-w- c:\windows\system32\nnmlii.dll 2010-10-06 19:56:42 11264 ----a-w- c:\windows\bslcsfjw.exe ==================== Find3M ==================== 2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe ============= FINISH: 16:42:10.54 =============== GMER 1.0.15.15477 - http://www.gmer.net Rootkit scan 2010-10-21 17:08:38 Windows 5.1.2600 Service Pack 3 Running: lg1bsxdb.exe; Driver: C:\DOCUME~1\LISAPR~1\LOCALS~1\Temp\awloapog.sys ---- Kernel code sections - GMER 1.0.15 ---- ? lwlyrmu.sys The system cannot find the file specified. ! init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7CB9F80] ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 01: copy of MBR Disk \Device\Harddisk0\DR0 sector 02: copy of MBR Disk \Device\Harddisk0\DR0 sector 03: copy of MBR Disk \Device\Harddisk0\DR0 sector 04: copy of MBR Disk \Device\Harddisk0\DR0 sector 05: copy of MBR Disk \Device\Harddisk0\DR0 sector 06: copy of MBR Disk \Device\Harddisk0\DR0 sector 07: copy of MBR Disk \Device\Harddisk0\DR0 sector 08: copy of MBR Disk \Device\Harddisk0\DR0 sector 09: copy of MBR Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 12: copy of MBR Disk \Device\Harddisk0\DR0 sector 13: copy of MBR Disk \Device\Harddisk0\DR0 sector 14: copy of MBR Disk \Device\Harddisk0\DR0 sector 15: copy of MBR Disk \Device\Harddisk0\DR0 sector 16: copy of MBR Disk \Device\Harddisk0\DR0 sector 17: copy of MBR Disk \Device\Harddisk0\DR0 sector 18: copy of MBR Disk \Device\Harddisk0\DR0 sector 19: copy of MBR Disk \Device\Harddisk0\DR0 sector 20: copy of MBR Disk \Device\Harddisk0\DR0 sector 21: copy of MBR Disk \Device\Harddisk0\DR0 sector 22: copy of MBR Disk \Device\Harddisk0\DR0 sector 23: copy of MBR Disk \Device\Harddisk0\DR0 sector 24: copy of MBR Disk \Device\Harddisk0\DR0 sector 25: copy of MBR Disk \Device\Harddisk0\DR0 sector 26: copy of MBR Disk \Device\Harddisk0\DR0 sector 27: copy of MBR Disk \Device\Harddisk0\DR0 sector 28: copy of MBR Disk \Device\Harddisk0\DR0 sector 29: copy of MBR Disk \Device\Harddisk0\DR0 sector 30: copy of MBR Disk \Device\Harddisk0\DR0 sector 31: copy of MBR Disk \Device\Harddisk0\DR0 sector 32: copy of MBR Disk \Device\Harddisk0\DR0 sector 33: copy of MBR Disk \Device\Harddisk0\DR0 sector 34: copy of MBR Disk \Device\Harddisk0\DR0 sector 35: copy of MBR Disk \Device\Harddisk0\DR0 sector 36: copy of MBR Disk \Device\Harddisk0\DR0 sector 37: copy of MBR Disk \Device\Harddisk0\DR0 sector 38: copy of MBR Disk \Device\Harddisk0\DR0 sector 39: copy of MBR Disk \Device\Harddisk0\DR0 sector 40: copy of MBR Disk \Device\Harddisk0\DR0 sector 41: copy of MBR Disk \Device\Harddisk0\DR0 sector 42: copy of MBR Disk \Device\Harddisk0\DR0 sector 43: copy of MBR Disk \Device\Harddisk0\DR0 sector 44: copy of MBR Disk \Device\Harddisk0\DR0 sector 45: copy of MBR Disk \Device\Harddisk0\DR0 sector 46: copy of MBR Disk \Device\Harddisk0\DR0 sector 47: copy of MBR Disk \Device\Harddisk0\DR0 sector 48: copy of MBR Disk \Device\Harddisk0\DR0 sector 49: copy of MBR Disk \Device\Harddisk0\DR0 sector 50: copy of MBR Disk \Device\Harddisk0\DR0 sector 51: copy of MBR Disk \Device\Harddisk0\DR0 sector 52: copy of MBR Disk \Device\Harddisk0\DR0 sector 53: copy of MBR Disk \Device\Harddisk0\DR0 sector 54: copy of MBR Disk \Device\Harddisk0\DR0 sector 55: copy of MBR Disk \Device\Harddisk0\DR0 sector 56: copy of MBR Disk \Device\Harddisk0\DR0 sector 57: copy of MBR Disk \Device\Harddisk0\DR0 sector 58: copy of MBR Disk \Device\Harddisk0\DR0 sector 59: copy of MBR Disk \Device\Harddisk0\DR0 sector 60: copy of MBR Disk \Device\Harddisk0\DR0 sector 61: copy of MBR Disk \Device\Harddisk0\DR0 sector 62: copy of MBR Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sectors 156249809 (+1): rootkit-like behavior; ---- EOF - GMER 1.0.15 ---- Attach.zip gmerlog.log
  2. Umpalumpa
    Hi, this computer is infected with a lot of malware so I scanned it several times, safe mode and everything, but I keep getting 6 malware back all the times when I do a full scan. Even if I disconnect computer from internet. How is it possible? I searched this forum and I ran OTL. If somebody can help please that would be great. My OTL logs are following. Thanx a bunch! OTL logfile created on: 10/21/2010 3:39:59 PM - Run 1 OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Lisa Pratt\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 502.00 Mb Total Physical Memory | 270.00 Mb Available Physical Memory | 54.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free Paging file location(s): C:\pagefile.sys 1200 2000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71.07 Gb Total Space | 21.41 Gb Free Space | 30.12% Space Free | Partition Type: NTFS Drive I: | 7.46 Gb Total Space | 0.01 Gb Free Space | 0.14% Space Free | Partition Type: FAT32 Computer Name: D5HXJS61 | User Name: Lisa Pratt | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010/10/21 15:39:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa Pratt\Desktop\OTL.exe PRC - [2010/10/21 15:23:38 | 000,021,504 | ---- | M] () -- C:\Program Files\ISTsvc\istsvc.exe PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\gkjhgkjju.exe PRC - [2010/04/12 18:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2009/07/29 16:52:10 | 001,024,512 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Search Settings\SearchSettings.exe PRC - [2008/09/08 11:21:05 | 000,112,072 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe PRC - [2008/09/08 11:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/10/08 17:50:56 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1171534602\ee\aolsoftware.exe PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe PRC - [2006/10/12 19:13:54 | 000,283,161 | ---- | M] () -- C:\Documents and Settings\Lisa Pratt\Local Settings\Temp\fsg_4203.exe PRC - [2006/10/11 12:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\WrtMon.exe PRC - [2006/09/19 16:05:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\WrtProc.exe PRC - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe PRC - [2006/03/21 21:30:00 | 001,191,936 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2006/03/16 15:47:04 | 000,061,440 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe PRC - [2004/10/14 17:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe PRC - [2004/09/09 18:35:38 | 001,597,440 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe PRC - [2004/08/27 15:29:10 | 000,417,792 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exE PRC - [2004/08/26 17:57:02 | 000,450,560 | ---- | M] (Dell) -- C:\WINDOWS\SYSTEM32\dlbxcoms.exe PRC - [2004/04/27 03:04:44 | 000,635,019 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe PRC - [2004/02/19 11:01:48 | 000,301,624 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe PRC - [2004/02/11 17:58:16 | 000,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe PRC - [2003/10/29 05:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe PRC - [2003/08/27 12:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe PRC - [2003/02/04 09:22:30 | 000,181,312 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ScsiAccess.EXE ========== Modules (SafeList) ========== MOD - [2010/10/21 15:39:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa Pratt\Desktop\OTL.exe MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx MOD - [2006/10/04 22:07:12 | 000,144,936 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll MOD - [2004/02/11 17:58:16 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Lisa Pratt\Local Settings\Temp\IadHide5.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\windump.exe -- (windump) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2008/09/08 11:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS) SRV - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2004/08/26 17:57:02 | 000,450,560 | ---- | M] (Dell) [On_Demand | Running] -- C:\WINDOWS\System32\dlbxcoms.exe -- (dlbx_device) SRV - [2004/02/19 11:01:48 | 000,301,624 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe -- (KodakCCS) SRV - [2003/08/27 12:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW) SRV - [2003/02/04 09:22:30 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\ScsiAccess.EXE -- (ScsiAccess) ========== Driver Services (SafeList) ========== DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2007/04/13 13:30:39 | 000,025,136 | ---- | M] (America Online) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\atwpkt2.sys -- (ATWPKT2) DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv) DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2005/02/20 21:02:28 | 000,008,552 | ---- | M] (Windows
  3. Umpalumpa
    Hi, this computer is infected with a lot of malware so I scanned it several times, safe mode and everything, but I keep getting 6 malware back all the times when I do a full scan. Even if I disconnect computer from internet. How is it possible? I searched this forum and I ran OTL. If somebody can help please that would be great. My OTL logs are following. Thanx a bunch! OTL logfile created on: 10/21/2010 3:39:59 PM - Run 1 OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Lisa Pratt\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 502.00 Mb Total Physical Memory | 270.00 Mb Available Physical Memory | 54.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free Paging file location(s): C:\pagefile.sys 1200 2000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71.07 Gb Total Space | 21.41 Gb Free Space | 30.12% Space Free | Partition Type: NTFS Drive I: | 7.46 Gb Total Space | 0.01 Gb Free Space | 0.14% Space Free | Partition Type: FAT32 Computer Name: D5HXJS61 | User Name: Lisa Pratt | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010/10/21 15:39:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa Pratt\Desktop\OTL.exe PRC - [2010/10/21 15:23:38 | 000,021,504 | ---- | M] () -- C:\Program Files\ISTsvc\istsvc.exe PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\gkjhgkjju.exe PRC - [2010/04/12 18:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2009/07/29 16:52:10 | 001,024,512 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Search Settings\SearchSettings.exe PRC - [2008/09/08 11:21:05 | 000,112,072 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe PRC - [2008/09/08 11:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/10/08 17:50:56 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1171534602\ee\aolsoftware.exe PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe PRC - [2006/10/12 19:13:54 | 000,283,161 | ---- | M] () -- C:\Documents and Settings\Lisa Pratt\Local Settings\Temp\fsg_4203.exe PRC - [2006/10/11 12:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\WrtMon.exe PRC - [2006/09/19 16:05:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\WrtProc.exe PRC - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe PRC - [2006/03/21 21:30:00 | 001,191,936 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2006/03/16 15:47:04 | 000,061,440 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe PRC - [2004/10/14 17:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe PRC - [2004/09/09 18:35:38 | 001,597,440 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe PRC - [2004/08/27 15:29:10 | 000,417,792 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exE PRC - [2004/08/26 17:57:02 | 000,450,560 | ---- | M] (Dell) -- C:\WINDOWS\SYSTEM32\dlbxcoms.exe PRC - [2004/04/27 03:04:44 | 000,635,019 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe PRC - [2004/02/19 11:01:48 | 000,301,624 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe PRC - [2004/02/11 17:58:16 | 000,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe PRC - [2003/10/29 05:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe PRC - [2003/08/27 12:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe PRC - [2003/02/04 09:22:30 | 000,181,312 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ScsiAccess.EXE ========== Modules (SafeList) ========== MOD - [2010/10/21 15:39:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa Pratt\Desktop\OTL.exe MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx MOD - [2006/10/04 22:07:12 | 000,144,936 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll MOD - [2004/02/11 17:58:16 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Lisa Pratt\Local Settings\Temp\IadHide5.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\windump.exe -- (windump) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2008/09/08 11:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS) SRV - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2004/08/26 17:57:02 | 000,450,560 | ---- | M] (Dell) [On_Demand | Running] -- C:\WINDOWS\System32\dlbxcoms.exe -- (dlbx_device) SRV - [2004/02/19 11:01:48 | 000,301,624 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe -- (KodakCCS) SRV - [2003/08/27 12:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW) SRV - [2003/02/04 09:22:30 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\ScsiAccess.EXE -- (ScsiAccess) ========== Driver Services (SafeList) ========== DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2007/04/13 13:30:39 | 000,025,136 | ---- | M] (America Online) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\atwpkt2.sys -- (ATWPKT2) DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv) DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2005/02/20 21:02:28 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM) DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt) DRV - [2004/08/13 04:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm) DRV - [2004/08/13 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa) DRV - [2004/08/13 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf) DRV - [2004/08/13 03:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs) DRV - [2004/08/13 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs) DRV - [2004/08/13 03:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio) DRV - [2004/08/13 03:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio) DRV - [2004/08/13 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool) DRV - [2004/08/13 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct) DRV - [2004/08/13 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres) DRV - [2004/08/04 05:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb) DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv) DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5) DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln) DRV - [2004/06/17 17:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys -- (HSFHWICH) DRV - [2004/06/17 17:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf) DRV - [2004/06/17 17:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP) DRV - [2004/04/23 11:59:44 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2004/04/09 09:35:41 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Lisa Pratt\Local Settings\Temp\gtermddo.sys -- (gtermddo) DRV - [2004/02/19 09:23:46 | 000,148,529 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ExportIt.sys -- (Exportit) DRV - [2003/12/05 10:48:34 | 000,068,182 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcPtp.sys -- (DcPTP) DRV - [2003/12/05 10:40:20 | 000,036,918 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcCam.sys -- (DcCam) DRV - [2003/11/16 20:50:06 | 000,038,737 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DCFS2k.sys -- (DCFS2K) DRV - [2003/09/30 19:00:08 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcFpoint.sys -- (DcFpoint) DRV - [2003/09/30 18:59:14 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DcLps.sys -- (DcLps) DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci) DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.viewpoint.com/landing/v38a.html IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.viewpoint.com/landing/v38a.html IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2852379324-998045440-989621390-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz IE - HKU\S-1-5-21-2852379324-998045440-989621390-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.ht...ount_id=1002412 IE - HKU\S-1-5-21-2852379324-998045440-989621390-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Ask.com IE - HKU\S-1-5-21-2852379324-998045440-989621390-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2....p;l=zu&o=sb IE - HKU\S-1-5-21-2852379324-998045440-989621390-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/ IE - HKU\S-1-5-21-2852379324-998045440-989621390-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.ht...ount_id=1002412 IE - HKU\S-1-5-21-2852379324-998045440-989621390-1006\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.) IE - HKU\S-1-5-21-2852379324-998045440-989621390-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2852379324-998045440-989621390-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> [2009/11/11 19:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Pratt\Application Data\Mozilla\Extensions [2009/11/11 19:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa Pratt\Application Data\Mozilla\Extensions\mozswing@mozswing.org O1 HOSTS File: ([2010/10/21 08:19:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll File not found O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll () O2 - BHO: (InstaFinderK) - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\Program Files\INSTAFINK\instafink.dll () O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation) O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found. O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll File not found O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll () O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (AIM Search) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll File not found O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation) O3 - HKU\S-1-5-21-2852379324-998045440-989621390-1006\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC) O4 - HKLM..\Run: [bywwvwsys] C:\WINDOWS\System32\nnmlii.dll (foobar2000.org) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [dALJd] C:\WINDOWS\bslcsfjw.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [dlbxmon.exe] C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe (Dell) O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1171534602\ee\aolsoftware.exe (AOL LLC) O4 - HKLM..\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe () O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe (CANON INC.) O4 - HKLM..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [ssrqqpaudio] C:\WINDOWS\System32\pmnmml.dll (foobar2000.org) O4 - HKLM..\Run: [Trickler] c:\documents and settings\lisa pratt\local settings\temp\fsg_4203.exe () O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions) O4 - HKLM..\Run: [userFaultCheck] File not found O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\WrtMon.exe () O4 - HKU\.DEFAULT..\Run: [Adobe cleanup] File not found O4 - HKU\.DEFAULT..\Run: [fcbxuusys] C:\WINDOWS\System32\nnmlii.dll (foobar2000.org) O4 - HKU\S-1-5-18..\Run: [Adobe cleanup] File not found O4 - HKU\S-1-5-18..\Run: [fcbxuusys] C:\WINDOWS\System32\nnmlii.dll (foobar2000.org) O4 - HKU\S-1-5-21-2852379324-998045440-989621390-1006..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) O4 - HKU\S-1-5-21-2852379324-998045440-989621390-1006..\Run: [fcyyyxaudio] C:\WINDOWS\System32\pmnmml.dll (foobar2000.org) O4 - HKU\S-1-5-21-2852379324-998045440-989621390-1006..\Run: [MSKAGENTEXE] c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe File not found O4 - HKU\S-1-5-21-2852379324-998045440-989621390-1006..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.) O4 - HKU\.DEFAULT..\RunOnce: [91607778] C:\DOCUME~1\LOCALS~1\LOCALS~1\APPLIC~1\91607778.exe File not found O4 - HKU\S-1-5-18..\RunOnce: [91607778] C:\DOCUME~1\LOCALS~1\LOCALS~1\APPLIC~1\91607778.exe File not found O4 - HKLM..\RunOnceEx: [] File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe () O4 - Startup: C:\Documents and Settings\Lisa Pratt\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies) O4 - Startup: C:\Documents and Settings\Lisa Pratt\Start Menu\Programs\Startup\PowerReg Scheduler.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2852379324-998045440-989621390-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-2852379324-998045440-989621390-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKU\S-1-5-21-2852379324-998045440-989621390-1006\..Trusted Domains: facebook.com ([www] https in Trusted sites) O15 - HKU\S-1-5-21-2852379324-998045440-989621390-1006\..Trusted Domains: turbotax.com ([]https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_08) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O20 - AppInit_DLLs: (C:\WINDOWS\system32\mcafeemn.dll) - C:\WINDOWS\System32\mcafeemn.dll File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O22 - SharedTaskScheduler: {cea2e5cd-e849-427b-80f0-59298caef1c4} - convalescently - C:\WINDOWS\System32\cqsfk.dll File not found O24 - Desktop WallPaper: C:\Documents and Settings\Lisa Pratt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lisa Pratt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (nnmlii.dll) - C:\WINDOWS\System32\nnmlii.dll (foobar2000.org) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{751c38a5-b558-11df-8e29-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{751c38a5-b558-11df-8e29-00038a000015}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/10/21 15:39:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lisa Pratt\Desktop\OTL.exe [2010/10/21 15:27:59 | 000,118,272 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\khifda.dll [2010/10/21 11:31:27 | 000,118,272 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\xxyvsp.dll [2010/10/21 10:24:34 | 000,118,272 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\xxvuuu.dll [2010/10/21 09:25:34 | 000,118,272 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\fccaxy.dll [2010/10/21 09:08:08 | 000,118,272 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\xxvtro.dll [2010/10/21 09:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\ISTsvc [2010/10/21 07:23:43 | 000,118,272 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\pmnmml.dll [2010/10/21 07:15:16 | 000,118,272 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\opmkhh.dll [2010/10/20 07:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa Pratt\Application Data\Malwarebytes [2010/10/20 07:00:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/10/20 07:00:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/10/20 07:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/10/20 07:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/10/20 07:00:12 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lisa Pratt\Desktop\mbam-setup-1.46.exe [2010/10/15 21:24:47 | 000,140,288 | ---- | C] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\WINDOWS\System32\pcre3.dll [2010/10/15 21:24:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe updater [2010/10/15 21:24:15 | 000,109,056 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\nnmlii.dll [2010/10/15 21:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM [2010/10/15 21:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe [2010/10/15 21:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun [2010/10/06 14:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/10/06 14:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/10/06 09:45:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/10/21 15:39:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa Pratt\Desktop\OTL.exe [2010/10/21 15:32:32 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At16.job [2010/10/21 15:32:32 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At15.job [2010/10/21 15:32:32 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At14.job [2010/10/21 15:31:02 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/10/21 15:27:59 | 000,118,272 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\khifda.dll [2010/10/21 12:23:22 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/21 12:22:27 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At13.job [2010/10/21 12:22:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2010/10/21 12:22:19 | 526,536,704 | -HS- | M] () -- C:\hiberfil.sys [2010/10/21 11:31:27 | 000,118,272 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\xxyvsp.dll [2010/10/21 11:10:14 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At12.job [2010/10/21 10:24:34 | 000,118,272 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\xxvuuu.dll [2010/10/21 10:10:13 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At11.job [2010/10/21 09:25:34 | 000,118,272 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\fccaxy.dll [2010/10/21 09:23:22 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Lisa Pratt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/21 09:10:05 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At10.job [2010/10/21 09:08:08 | 000,118,272 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\xxvtro.dll [2010/10/21 08:19:00 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS [2010/10/21 08:12:05 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\Lisa Pratt\Desktop\hostsperm.bat [2010/10/21 07:23:43 | 000,118,272 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\pmnmml.dll [2010/10/21 07:15:16 | 000,118,272 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\opmkhh.dll [2010/10/21 07:13:49 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Lisa Pratt\Desktop\rkill.com [2010/10/20 07:00:27 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lisa Pratt\Desktop\mbam-setup-1.46.exe [2010/10/20 06:57:35 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\Lisa Pratt\Desktop\Shortcut to iexplore.lnk [2010/10/19 19:10:02 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At20.job [2010/10/19 18:41:52 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI [2010/10/19 18:16:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2010/10/18 10:10:28 | 000,013,590 | ---- | M] () -- C:\WINDOWS\System32\235.js [2010/10/15 21:24:47 | 000,140,288 | ---- | M] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\WINDOWS\System32\pcre3.dll [2010/10/15 21:24:15 | 000,109,056 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\nnmlii.dll [2010/10/15 21:10:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At22.job [2010/10/15 21:10:35 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At21.job [2010/10/15 19:14:08 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At17.job [2010/10/13 18:10:03 | 000,010,053 | ---- | M] () -- C:\WINDOWS\System32\234.js [2010/10/13 18:10:03 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At19.job [2010/10/13 17:10:05 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At18.job [2010/10/07 20:15:50 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/10/06 16:33:24 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At9.job [2010/10/06 16:33:24 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At8.job [2010/10/06 16:33:24 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At7.job [2010/10/06 16:33:24 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At6.job [2010/10/06 16:33:24 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At5.job [2010/10/06 16:33:24 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At24.job [2010/10/06 16:33:24 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At23.job [2010/10/06 16:33:18 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2010/10/06 16:33:15 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2010/10/06 16:33:14 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2010/10/06 16:33:13 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2010/10/06 15:56:42 | 000,011,264 | ---- | M] () -- C:\WINDOWS\bslcsfjw.exe [2010/10/06 15:51:12 | 000,249,056 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF [2010/10/06 15:39:09 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT [2010/10/06 15:39:09 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT [2010/10/06 15:29:22 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/10/21 09:02:53 | 526,536,704 | -HS- | C] () -- C:\hiberfil.sys [2010/10/21 08:12:05 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Lisa Pratt\Desktop\hostsperm.bat [2010/10/21 07:13:49 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Lisa Pratt\Desktop\rkill.com [2010/10/20 07:00:38 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/20 06:57:35 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\Lisa Pratt\Desktop\Shortcut to iexplore.lnk [2010/10/18 10:10:28 | 000,013,590 | ---- | C] () -- C:\WINDOWS\System32\235.js [2010/10/13 17:10:04 | 000,010,053 | ---- | C] () -- C:\WINDOWS\System32\234.js [2010/10/06 16:33:24 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At24.job [2010/10/06 16:33:23 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At23.job [2010/10/06 16:33:23 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At22.job [2010/10/06 16:33:23 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At21.job [2010/10/06 16:33:23 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At20.job [2010/10/06 16:33:22 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At19.job [2010/10/06 16:33:22 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At18.job [2010/10/06 16:33:22 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At17.job [2010/10/06 16:33:22 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At16.job [2010/10/06 16:33:21 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At15.job [2010/10/06 16:33:21 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At14.job [2010/10/06 16:33:21 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At13.job [2010/10/06 16:33:20 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At9.job [2010/10/06 16:33:20 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At12.job [2010/10/06 16:33:20 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At11.job [2010/10/06 16:33:20 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At10.job [2010/10/06 16:33:19 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At8.job [2010/10/06 16:33:19 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At7.job [2010/10/06 16:33:19 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At6.job [2010/10/06 16:33:18 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At5.job [2010/10/06 16:33:17 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At4.job [2010/10/06 16:33:15 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At3.job [2010/10/06 16:33:14 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At2.job [2010/10/06 16:33:12 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\At1.job [2010/10/06 15:56:42 | 000,011,264 | ---- | C] () -- C:\WINDOWS\bslcsfjw.exe [2010/10/06 14:09:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/02/07 22:23:44 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Lisa Pratt\Application Data\ZBWallpaper.bmp [2009/11/22 20:48:46 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini [2009/11/11 18:53:05 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Lisa Pratt\Application Data\Smiley.ico [2009/01/17 11:41:15 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2008/05/27 20:18:15 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2008/05/21 22:14:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL [2008/05/21 22:13:39 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll [2008/05/21 22:11:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2007/08/26 21:06:10 | 000,000,276 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2005/11/02 21:42:15 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Lisa Pratt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/05/18 16:35:37 | 000,000,021 | ---- | C] () -- C:\WINDOWS\FxSetDll.INI [2005/03/31 21:07:46 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2005/03/27 11:35:38 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005/03/08 08:12:36 | 000,001,698 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini [2005/02/22 20:17:45 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Lisa Pratt\Application Data\PFP120JPR.{PB [2005/02/22 20:17:45 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Lisa Pratt\Application Data\PFP120JCM.{PB [2005/02/20 16:53:05 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Lisa Pratt\Local Settings\Application Data\fusioncache.dat [2005/02/20 16:34:49 | 000,000,952 | ---- | C] () -- C:\WINDOWS\dellstat.ini [2005/02/20 16:33:11 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbxins.dll [2005/02/20 16:33:11 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsr.dll [2005/02/20 16:33:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbxvs.dll [2005/02/20 16:33:09 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbxutil.dll [2005/02/20 16:33:09 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbxcu.dll [2005/02/20 16:33:09 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbxcur.dll [2005/02/20 16:33:08 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsb.dll [2005/02/20 16:33:08 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbxjswr.dll [2005/02/20 16:33:08 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbxcub.dll [2005/02/08 13:21:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/02/08 13:13:50 | 000,000,195 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005/02/08 12:37:58 | 000,000,521 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004/09/16 02:28:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/08/10 15:13:12 | 000,000,788 | ---- | C] () -- C:\WINDOWS\ORUN32.INI [2004/08/10 15:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/08/04 07:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2004/08/04 07:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2004/08/04 07:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2004/08/04 07:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2004/08/04 07:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI [2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll < End of report > OTL Extras logfile created on: 10/21/2010 3:39:59 PM - Run 1 OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Lisa Pratt\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 502.00 Mb Total Physical Memory | 270.00 Mb Available Physical Memory | 54.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free Paging file location(s): C:\pagefile.sys 1200 2000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71.07 Gb Total Space | 21.41 Gb Free Space | 30.12% Space Free | Partition Type: NTFS Drive I: | 7.46 Gb Total Space | 0.01 Gb Free Space | 0.14% Space Free | Partition Type: FAT32 Computer Name: D5HXJS61 | User Name: Lisa Pratt | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = aol_htm] -- C:\Program Files\AOL\Explorer\AOLExplorer.exe (AOL LLC) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\AOL\Explorer\AOLExplorer.exe" -u "%1" (AOL LLC) https [open] -- "C:\Program Files\AOL\Explorer\AOLExplorer.exe" -u "%1" (AOL LLC) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "8087:TCP" = 8087:TCP:*:Enabled:cow ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC) "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC) "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC) "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC) "C:\WINDOWS\SYSTEM32\dlbxcoms.exe" = C:\WINDOWS\SYSTEM32\dlbxcoms.exe:*:Disabled:Dell 962 Server -- (Dell) "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.) "C:\WINDOWS\SYSTEM32\USMT\MIGWIZ.EXE" = C:\WINDOWS\SYSTEM32\USMT\MIGWIZ.EXE:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation) "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.) "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- () "C:\Program Files\Kazaa\kazaa.exe" = C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa -- File not found "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC) "C:\Program Files\Common Files\AOL\1171534602\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1171534602\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC) "C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.) "C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.) "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC) "C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found "C:\Program Files\Blubster\Blubster.exe" = C:\Program Files\Blubster\Blubster.exe:*:Enabled:Blubster -- File not found "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier "{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.2 "{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE "{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement "{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP6700D" = Canon iP6700D "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK "{1D643CD2-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004 "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16 "{2A6282FF-B75B-463F-90F5-0A43732F690D}" = Broadcom Management Programs "{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8 "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5 "{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM "{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3 "{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH "{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit "{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon "{78F79C84-BFD5-4D79-A07D-F39A3CF428DC}" = HLPIndex "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5 "{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver "{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT "{8C64E149-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch
  4. Umpalumpa
    Hi, sorry about that. I tried everything above with no success. Any idea how to find out the registry issue and take it out manually? Or a way to monitor the registry so when MBAM shuts off I can see what reg entry is causing this? Thanx
  5. Umpalumpa
  6. Umpalumpa
    I got Antivirus 2010 and disabled the popupus with msconfig making it stop to load. Then I thought: alright I'm going to restart in safe mode, download MBAM and take it out. Once I restarted in safe mode I installed MBAM but as soon as I ran it it crashed, closed itself without leaving a trace and if I try to restart it I get a message "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access them." So I looked into MBAM folder and most things from there are gone, like deleted and MBAM's icon is just a generic icon. Then I tried SuperAntiSpyware...same result, crashes and deletes itself. Then I tried Hijack This...same result. When I'm in safe mode and run Process Explorer fom Sysinternals, I see only good processes and even if I run MBAM and it crashes, I never see any strange process popping up. SuperAntiSpyware shuts down hitting some entry in the registry. Ran a scan excluding the registry...and it went FINE...so it's in the registry, something is shutting everything off. Any idea? Thanx
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.