Jump to content

pop_16

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

 Content Type 

Everything posted by pop_16

  1. pop_16
    Thanks again and thanks for all the info in Step 3.
  2. pop_16
    Looks good, thanks. Anything else I need to do? Do you make any recs for anti-virus/anti-malware software to run or should that be directed elsewhere? I was recommended to use the free versions of MBAM and AVG. Thanks again
  3. pop_16
    Sorry for delay, for some reason I wasn't notified that you had responded. Thanks. I ran OTL in safe mode, it said the computer had to reboot. Here is the log. All processes killed ========== FILES ========== C:\Documents and Settings\All Users\Application Data\nKdHc06301 folder moved successfully. C:\WINDOWS\System32\CONFIG.TMP moved successfully. C:\WINDOWS\002801_.tmp moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 81 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Mary ->Temp folder emptied: 620686190 bytes ->Temporary Internet Files folder emptied: 161515355 bytes ->Java cache emptied: 574159 bytes ->Flash cache emptied: 107704 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1025674 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 134 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13725448 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes RecycleBin emptied: 126279208 bytes Total Files Cleaned = 881.00 mb OTL by OldTimer - Version 3.2.17.3 log created on 12122010_131527 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Mary\Local Settings\Temp\~DF5704.tmp not found! File\Folder C:\Documents and Settings\Mary\Local Settings\Temp\~DF570F.tmp not found! File\Folder C:\Documents and Settings\Mary\Local Settings\Temp\~DF5830.tmp not found! File\Folder C:\Documents and Settings\Mary\Local Settings\Temp\~DF58A8.tmp not found! File\Folder C:\Documents and Settings\Mary\Local Settings\Temp\~DF59DA.tmp not found! File\Folder C:\Documents and Settings\Mary\Local Settings\Temp\~DF59E7.tmp not found! C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\H9VSOF21\iframe[1].htm moved successfully. C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\Content.IE5\5GWR52FM\indexCALEOWR9.htm moved successfully. File move failed. C:\Documents and Settings\Mary\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be moved on reboot. Registry entries deleted on Reboot...
  4. pop_16
    I'm unable to run OTL in regular mode.
  5. pop_16
    Thanks for your help Borislav. Below are the requested logs. I had to run in Safe Mode. Thanks again. This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 12/12/2010 at 10:40:50. Operating System: Microsoft Windows XP Processes terminated by Rkill or while it was running: Rkill completed on 12/12/2010 at 10:40:53. OTL logfile created on: 12/12/2010 10:45:31 AM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Mary\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,014.00 Mb Total Physical Memory | 822.00 Mb Available Physical Memory | 81.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 144.33 Gb Total Space | 119.17 Gb Free Space | 82.57% Space Free | Partition Type: NTFS Drive D: | 650.18 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: D1GLSC91 | User Name: Mary | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Mary\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Mary\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (lxcy_device) -- C:\WINDOWS\System32\lxcycoms.exe ( ) ========== Driver Services (SafeList) ========== DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions) DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions) DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell/en/side.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell/en/side.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/07/26 21:40:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/09/16 22:46:06 | 000,000,000 | ---D | M] O1 HOSTS File: ([2004/08/10 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions) O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.) O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe () O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LXCYCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.DLL (Lexmark International Inc.) O4 - HKLM..\Run: [lxcymon.exe] C:\Program Files\Lexmark 3400 Series\lxcymon.exe () O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [nKdHc06301] C:\Documents and Settings\All Users\Application Data\nKdHc06301\nKdHc06301.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1279838263484 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Mary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found O33 - MountPoints2\{e4ab6e40-95db-11df-8319-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{e4ab6e40-95db-11df-8319-00038a000015}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e4ab6e40-95db-11df-8319-00038a000015}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/12/12 10:44:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mary\Desktop\OTL.exe [2010/12/11 08:41:08 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2010/12/11 07:44:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2010/12/11 07:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nKdHc06301 [2010/12/10 16:15:23 | 000,398,744 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid [2010/12/10 16:15:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache [2010/12/10 16:15:16 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons [2010/12/04 14:51:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll [2010/12/04 14:51:24 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll [2010/12/02 11:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer [2010/12/02 11:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/12/02 11:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/12/02 11:18:39 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll [2010/12/02 11:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010/12/02 11:18:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010/12/02 11:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/11/29 14:29:15 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/11/29 14:29:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/11/29 14:29:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/11/29 14:27:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mary\Recent [2010/11/23 10:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary\Application Data\Catalina Marketing Corp [2010/07/22 17:24:36 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhcp.dll [2010/07/22 17:24:35 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyinpa.dll [2010/07/22 17:24:35 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyiesc.dll [2010/07/22 17:24:34 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyserv.dll [2010/07/22 17:24:34 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyusb1.dll [2010/07/22 17:24:34 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypmui.dll [2010/07/22 17:24:34 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyprox.dll [2010/07/22 17:24:34 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypplc.dll [2010/07/22 17:24:33 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcylmpm.dll [2010/07/22 17:24:32 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhbn3.dll [2010/07/22 17:24:31 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomc.dll [2010/07/22 17:24:31 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomm.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/12/12 10:44:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary\Desktop\OTL.exe [2010/12/12 10:39:54 | 000,660,752 | ---- | M] () -- C:\Documents and Settings\Mary\Desktop\rkill.exe [2010/12/12 10:36:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/12/11 13:42:33 | 000,001,029 | ---- | M] () -- C:\Documents and Settings\Mary\Desktop\ark.zip [2010/12/11 13:42:17 | 000,008,503 | ---- | M] () -- C:\Documents and Settings\Mary\Desktop\Attach.zip [2010/12/11 12:26:23 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Mary\Desktop\glpjsjn9.exe [2010/12/11 12:24:10 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Mary\Desktop\dds.scr [2010/12/11 12:19:12 | 006,787,072 | ---- | M] () -- C:\Documents and Settings\Mary\My Documents\My Money.mny [2010/12/11 12:14:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mary\defogger_reenable [2010/12/11 12:14:34 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mary\Desktop\Defogger.exe [2010/12/11 11:09:37 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2010/12/11 11:09:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/12/11 11:05:38 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp [2010/12/10 16:15:23 | 000,398,744 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid [2010/12/10 09:58:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/12/10 09:45:06 | 068,781,423 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010/12/08 19:16:43 | 001,367,444 | R--- | M] () -- C:\Documents and Settings\Mary\My Documents\My Money Backup_2010-12-08_191639.mbf [2010/12/06 08:03:47 | 001,281,555 | R--- | M] () -- C:\Documents and Settings\Mary\My Documents\My Money Backup_2010-12-06_080344.mbf [2010/12/03 17:00:36 | 000,832,804 | ---- | M] () -- C:\Documents and Settings\Mary\Desktop\Canon receipt.jpg [2010/12/03 16:49:49 | 001,272,209 | R--- | M] () -- C:\Documents and Settings\Mary\My Documents\My Money Backup_2010-12-03_164945.mbf [2010/12/02 11:44:24 | 033,532,064 | ---- | M] () -- C:\Documents and Settings\Mary\Desktop\iPod_touch_iOS4_User_Guide.pdf [2010/12/02 11:22:01 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/12/02 11:16:56 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2010/11/29 23:10:25 | 024,072,192 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb [2010/11/29 23:10:25 | 012,668,928 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/11/29 14:20:56 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/11/29 14:20:56 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/12/12 10:39:53 | 000,660,752 | ---- | C] () -- C:\Documents and Settings\Mary\Desktop\rkill.exe [2010/12/11 13:42:33 | 000,001,029 | ---- | C] () -- C:\Documents and Settings\Mary\Desktop\ark.zip [2010/12/11 13:42:17 | 000,008,503 | ---- | C] () -- C:\Documents and Settings\Mary\Desktop\Attach.zip [2010/12/11 12:26:21 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Mary\Desktop\glpjsjn9.exe [2010/12/11 12:24:09 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Mary\Desktop\dds.scr [2010/12/11 12:14:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mary\defogger_reenable [2010/12/11 12:14:34 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mary\Desktop\Defogger.exe [2010/12/11 10:13:24 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Mary\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2010/12/11 07:43:19 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp [2010/12/08 19:16:43 | 001,367,444 | R--- | C] () -- C:\Documents and Settings\Mary\My Documents\My Money Backup_2010-12-08_191639.mbf [2010/12/06 08:03:47 | 001,281,555 | R--- | C] () -- C:\Documents and Settings\Mary\My Documents\My Money Backup_2010-12-06_080344.mbf [2010/12/03 17:00:36 | 000,832,804 | ---- | C] () -- C:\Documents and Settings\Mary\Desktop\Canon receipt.jpg [2010/12/03 16:49:49 | 001,272,209 | R--- | C] () -- C:\Documents and Settings\Mary\My Documents\My Money Backup_2010-12-03_164945.mbf [2010/12/02 11:44:20 | 033,532,064 | ---- | C] () -- C:\Documents and Settings\Mary\Desktop\iPod_touch_iOS4_User_Guide.pdf [2010/12/02 11:22:01 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/12/02 11:16:56 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2010/07/22 18:43:40 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mary\Local Settings\Application Data\fusioncache.dat [2010/07/22 17:27:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcyvs.dll [2010/07/22 17:27:37 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxcycoin.dll [2010/07/22 17:27:12 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcydrs.dll [2010/07/22 17:27:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcycaps.dll [2010/07/22 17:27:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcycnv4.dll [2010/07/22 17:26:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL [2010/07/22 17:26:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL [2010/07/22 17:24:36 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\lxcyinst.dll [2010/07/22 17:22:17 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Mary\Application Data\PFP120JPR.{PB [2010/07/22 17:22:17 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Mary\Application Data\PFP120JCM.{PB [2010/07/22 17:12:45 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006/02/01 07:25:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/02/01 07:13:08 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006/02/01 06:47:12 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/08/16 05:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005/08/05 15:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/04/09 18:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini ========== LOP Check ========== [2010/07/22 16:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/12/11 07:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nKdHc06301 [2006/02/01 07:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2010/07/22 17:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/11/23 10:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\Catalina Marketing Corp [2010/08/22 15:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\Leadertech [2010/07/25 09:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary\Application Data\Skinux ========== Purity Check ========== < End of report > OTL Extras logfile created on: 12/12/2010 10:45:31 AM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Mary\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,014.00 Mb Total Physical Memory | 822.00 Mb Available Physical Memory | 81.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 144.33 Gb Total Space | 119.17 Gb Free Space | 82.57% Space Free | Partition Type: NTFS Drive D: | 650.18 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: D1GLSC91 | User Name: Mary | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found "C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) "C:\WINDOWS\system32\lxcycoms.exe" = C:\WINDOWS\system32\lxcycoms.exe:*:Enabled:Lexmark Communications System -- ( ) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company) "D:\bin\IA\Core\MDM_Util.exe" = D:\bin\IA\Core\MDM_Util.exe:*:Enabled:MDM_Util -- File not found "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE "{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 22 "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg "{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001 "{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1 "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA "{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5 "{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS "{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "AVG9Uninstall" = AVG Free 9.0 "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto "CCleaner" = CCleaner "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver "EmeraldQFE2" = Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information] "ie8" = Windows Internet Explorer 8 "Lexmark 3400 Series" = Lexmark 3400 Series "Lexmark Fax Solutions" = Lexmark Fax Solutions "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Money2008b" = Microsoft Money Plus "PROSet" = Intel® PRO Network Connections Drivers "RealPlayer 6.0" = RealPlayer Basic "StreetPlugin" = Learn2 Player (Uninstall Only) "ViewpointMediaPlayer" = Viewpoint Media Player "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 3 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 9/7/2010 11:47:50 PM | Computer Name = D1GLSC91 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 9/14/2010 2:06:38 AM | Computer Name = D1GLSC91 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 9/14/2010 2:06:38 AM | Computer Name = D1GLSC91 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 9/14/2010 9:49:24 PM | Computer Name = D1GLSC91 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 9/14/2010 9:49:51 PM | Computer Name = D1GLSC91 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 9/16/2010 3:17:20 AM | Computer Name = D1GLSC91 | Source = Bonjour Service | ID = 100 Description = 244: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.) Error - 9/28/2010 10:10:10 PM | Computer Name = D1GLSC91 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 9/28/2010 10:10:10 PM | Computer Name = D1GLSC91 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/11/2010 9:23:06 AM | Computer Name = D1GLSC91 | Source = Application Hang | ID = 1002 Description = Hanging application nKdHc06301.exe, version 1.0.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/11/2010 9:24:39 AM | Computer Name = D1GLSC91 | Source = Application Hang | ID = 1001 Description = Fault bucket -2075616268. [ System Events ] Error - 12/12/2010 11:31:43 AM | Computer Name = D1GLSC91 | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Media Center Extender Service service to connect. Error - 12/12/2010 11:31:43 AM | Computer Name = D1GLSC91 | Source = Service Control Manager | ID = 7000 Description = The Media Center Extender Service service failed to start due to the following error: %%1053 Error - 12/12/2010 11:31:43 AM | Computer Name = D1GLSC91 | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Fax service to connect. Error - 12/12/2010 11:31:43 AM | Computer Name = D1GLSC91 | Source = Service Control Manager | ID = 7000 Description = The Fax service failed to start due to the following error: %%1053 Error - 12/12/2010 11:32:02 AM | Computer Name = D1GLSC91 | Source = DCOM | ID = 10010 Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout. Error - 12/12/2010 11:35:15 AM | Computer Name = D1GLSC91 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 12/12/2010 11:35:23 AM | Computer Name = D1GLSC91 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 12/12/2010 11:36:01 AM | Computer Name = D1GLSC91 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 12/12/2010 11:37:13 AM | Computer Name = D1GLSC91 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 12/12/2010 11:38:25 AM | Computer Name = D1GLSC91 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm < End of report >
  6. pop_16
    MBAM did not detect System Tool but I have the obvious symptoms. Any help would be greatly appreciated. Virus scan using AVG9 did not detect anything, unable to install Avira Anitvir Personal. Could not get requested software to run in regular mode so ran in safe mode. I installed and ran DeFogger but it did not automatically reboot, posted defogger_disable log below MBAM log pasted below (no infections) DeFogger_disable log pasted below DDS log pasted below attach.txt zip attached below ark.txt zip attached below Thanks Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5295 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/11/2010 11:35:18 AM mbam-log-2010-12-11 (11-35-18).txt Scan type: Quick scan Objects scanned: 145911 Time elapsed: 3 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:14 on 11/12/2010 (Mary) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- DDS (Ver_10-12-05.01) - NTFSx86 NETWORK Run by Mary at 12:24:26.14 on Sat 12/11/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.769 [GMT -5:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Mary\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://yahoo.com/ uSearch Page = hxxp://www.google.com/hws/sb/dell/en/side.html uSearch Bar = hxxp://www.google.com/hws/sb/dell/en/side.html uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en uInternet Settings,ProxyOverride = *.local mSearchAssistant = hxxp://www.google.com/hws/sb/dell/en/side.html BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRunOnce: [nKdHc06301] c:\documents and settings\all users\application data\nkdhc06301\nKdHc06301.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe" mRun: [EzPrint] "c:\program files\lexmark 3400 series\ezprint.exe" mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16 mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279838263484 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll ============= SERVICES / DRIVERS =============== R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-22 243024] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-22 216400] S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-22 29584] S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-22 921952] S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-22 308136] S2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?] S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] =============== Created Last 30 ================ 2010-12-11 12:07:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\nKdHc06301 2010-12-10 21:15:23 398744 ----a-r- c:\windows\system32\cpnprt2.cid 2010-12-10 21:15:19 -------- d-----w- c:\windows\Cache 2010-12-10 21:15:16 -------- d-----w- c:\program files\Coupons 2010-12-04 19:51:32 5632 ----a-w- c:\windows\system32\ptpusb.dll 2010-12-04 19:51:24 159232 ----a-w- c:\windows\system32\ptpusd.dll 2010-12-02 16:21:19 -------- d-----w- c:\program files\iPod 2010-12-02 16:21:17 -------- d-----w- c:\program files\iTunes 2010-12-02 16:18:39 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2010-12-02 16:18:39 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2010-12-02 16:18:16 -------- d-----w- c:\program files\Bonjour 2010-12-02 16:17:03 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2010-12-02 16:17:03 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2010-12-02 16:17:03 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2010-12-02 16:17:03 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2010-12-02 16:17:03 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2010-12-02 16:17:03 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2010-12-02 16:17:03 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2010-11-23 15:10:00 -------- d-----w- c:\docume~1\mary\applic~1\Catalina Marketing Corp ==================== Find3M ==================== 2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-10-07 17:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2010-10-07 17:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll 2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-15 09:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-15 07:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl ============= FINISH: 12:25:04.51 =============== Attach.zip ark.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.