TechSpot

Google redirect, too

Solved
By smargarita
Dec 21, 2010
  1. I’m also having the Google (and Yahoo) redirect issue that seems to be a problem for so many on this forum. Thanks so much to all of you experts who are spending your free time helping people fix their issues!

    My logs:

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3930

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    12/21/2010 2:46:30 PM
    mbam-log-2010-12-21 (14-46-30).txt

    Scan type: Quick scan
    Objects scanned: 135838
    Time elapsed: 16 minute(s), 38 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)





    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Margaret at 14:59:16.78 on Tue 12/21/2010
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1041 [GMT -5:00]

    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Southwest Airlines\Ding\Ding.exe
    C:\Program Files\MotionBased\Agent\MBAgent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Margaret\My Documents\Downloads\dds.scr
    C:\Program Files\Internet Explorer\iexplore.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    uDefault_Page_URL = hxxp://www.dell4me.com/myway
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    mDefault_Page_URL = hxxp://www.yahoo.com/
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
    BHO: File Print FedEx Kinko's: {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: {be5c5dfe-f009-4eec-a96e-0b7b441cb835} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
    TB: File Print FedEx Kinko's: {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll
    TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [Regscan] c:\windows\system32\regscan.exe
    uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
    mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe
    mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    mRun: [UpdReg] c:\windows\UpdReg.EXE
    mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
    mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
    mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\margaret\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\margaret\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
    StartupFolder: c:\docume~1\margaret\startm~1\programs\startup\motion~1.lnk - c:\program files\motionbased\agent\MBAgent.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secure~1.lnk - c:\program files\securebackupshare\ComcastSecureBackupSharestat.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
    IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {3E230861-5C87-11D3-A1C6-00105A1B41B8} - {83B28A74-640D-48F4-9F51-E80EED7CC7E0}
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/OneClickFix/tgctlsr.cab
    DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - hxxp://survey.otxresearch.com/Preloader.dll
    DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
    DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
    DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - hxxp://www.sidestep.com/get/k42037/sb02b.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173741447941
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195508015711
    DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
    DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - hxxp://www.snapfish.com/SnapfishUpload.cab
    DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - hxxp://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMeter_preinstaller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
    DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
    DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
    DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
    DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} - hxxp://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.308904167760062&file=stamps.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
    DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5165/mcfscan.cab
    AppInit_DLLs: c:\windows\system32\nobiwole.dll c:\windows\system32\vopegobi.dll c:\windows\system32\yagatezi.dll c:\windows\system32\zifutoro.dll
    SSODL: IneUEjX - {806692E9-2ACC-3843-A6D0-552289C94C46} - c:\windows\system32\oc.dll
    LSA: Notification Packages = scecli c:\windows\system32\nobiwole.dll
    Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
    Hosts: 195.245.119.131 browser-security.microsoft.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\margaret\applic~1\mozilla\firefox\profiles\ksd0iqt0.default\
    FF - plugin: c:\documents and settings\margaret\application data\mozilla\plugins\npPxPlay.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
    FF - Ext: XUL Cache: {056B84C7-14C1-422C-AF9C-4E1C348838EF} - c:\documents and settings\margaret\local settings\application data\{056B84C7-14C1-422C-AF9C-4E1C348838EF}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

    ---- FIREFOX POLICIES ----
    FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-4 64288]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-21 165584]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-21 11608]
    R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\windows\system32\drivers\ComcastSecureBackupShare.sys [2010-3-16 54776]
    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-4-2 214664]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-21 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-21 267944]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-21 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-21 40384]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-21 61960]
    R2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;c:\program files\securebackupshare\ComcastSecureBackupSharebackup.exe [2010-2-9 45896]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-21 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-21 40384]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-15 38224]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-7 133104]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
    S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-4-2 79816]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-4-2 35272]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-4-2 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-4-2 40552]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
    S3 WCG200V2XP;Linksys WCG200 ver. 2 Wireless-G Cable Gateway;c:\windows\system32\drivers\WCG200V2XP.sys [2007-10-8 14336]

    =============== Created Last 30 ================

    2010-12-21 19:22:41 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-21 17:43:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-12-21 16:40:45 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-12-21 16:40:45 -------- d-----w- c:\program files\Avira
    2010-12-21 16:40:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2010-12-15 21:42:26 -------- d-----w- c:\program files\Lexia
    2010-12-08 13:57:39 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-12-08 13:53:41 -------- d-----w- c:\docume~1\margaret\locals~1\applic~1\Sunbelt Software
    2010-12-08 13:47:38 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    2010-12-07 02:31:21 53248 ----a-w- c:\windows\system32\drivers\sst696.sys
    2010-12-02 16:43:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-12-02 16:43:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-12-02 16:43:08 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2010-12-02 12:50:03 -------- d-----w- c:\program files\iPod
    2010-12-02 12:50:01 -------- d-----w- c:\program files\iTunes
    2010-12-02 01:34:05 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
    2010-12-02 01:34:05 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe

    ==================== Find3M ====================

    2010-12-03 09:05:33 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

    ============= FINISH: 15:09:35.03 ===============



    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-21 14:56:58
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.08.0
    Running: 9q538qsf.exe; Driver: C:\DOCUME~1\Margaret\LOCALS~1\Temp\uwliapow.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8AEF50A]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA8AEF32E]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA8AEF468]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device aswSP.SYS (avast! self protection module/AVAST Software)
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:144] 8A3E558D
    Thread System [4:148] 8A3E6876

    ---- EOF - GMER 1.0.15 ----



    Avira AntiVir Personal
    Report file date: Tuesday, December 21, 2010 12:06

    Scanning for 2282993 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : Margaret
    Computer name : ALLTACKLE

    Version information:
    BUILD.DAT : 10.0.0.609 31824 Bytes 12/13/2010 09:43:00
    AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/13/2010 13:39:56
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
    LUKE.DLL : 10.0.3.2 104296 Bytes 12/13/2010 13:40:06
    LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 17:05:44
    VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 17:05:44
    VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 17:05:44
    VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 17:05:44
    VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 17:05:45
    VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 17:05:45
    VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 17:05:45
    VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 17:05:45
    VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 17:05:45
    VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 17:05:45
    VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 17:05:45
    VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 17:05:45
    VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 17:05:46
    VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 17:05:51
    VBASE015.VDF : 7.11.0.92 2048 Bytes 12/20/2010 17:05:51
    VBASE016.VDF : 7.11.0.93 2048 Bytes 12/20/2010 17:05:51
    VBASE017.VDF : 7.11.0.94 2048 Bytes 12/20/2010 17:05:51
    VBASE018.VDF : 7.11.0.95 2048 Bytes 12/20/2010 17:05:51
    VBASE019.VDF : 7.11.0.96 2048 Bytes 12/20/2010 17:05:51
    VBASE020.VDF : 7.11.0.97 2048 Bytes 12/20/2010 17:05:52
    VBASE021.VDF : 7.11.0.98 2048 Bytes 12/20/2010 17:05:52
    VBASE022.VDF : 7.11.0.99 2048 Bytes 12/20/2010 17:05:52
    VBASE023.VDF : 7.11.0.100 2048 Bytes 12/20/2010 17:05:52
    VBASE024.VDF : 7.11.0.101 2048 Bytes 12/20/2010 17:05:52
    VBASE025.VDF : 7.11.0.102 2048 Bytes 12/20/2010 17:05:52
    VBASE026.VDF : 7.11.0.103 2048 Bytes 12/20/2010 17:05:52
    VBASE027.VDF : 7.11.0.104 2048 Bytes 12/20/2010 17:05:52
    VBASE028.VDF : 7.11.0.105 2048 Bytes 12/20/2010 17:05:53
    VBASE029.VDF : 7.11.0.106 2048 Bytes 12/20/2010 17:05:53
    VBASE030.VDF : 7.11.0.107 2048 Bytes 12/20/2010 17:05:53
    VBASE031.VDF : 7.11.0.119 117248 Bytes 12/21/2010 17:05:54
    Engineversion : 8.2.4.126
    AEVDF.DLL : 8.1.2.1 106868 Bytes 12/13/2010 13:39:51
    AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 12/13/2010 13:39:51
    AESCN.DLL : 8.1.7.2 127349 Bytes 12/13/2010 13:39:50
    AESBX.DLL : 8.1.3.2 254324 Bytes 12/13/2010 13:39:50
    AERDL.DLL : 8.1.9.2 635252 Bytes 12/13/2010 13:39:50
    AEPACK.DLL : 8.2.4.5 512375 Bytes 12/21/2010 17:06:03
    AEOFFICE.DLL : 8.1.1.10 201084 Bytes 12/13/2010 13:39:49
    AEHEUR.DLL : 8.1.2.57 3142008 Bytes 12/21/2010 17:06:02
    AEHELP.DLL : 8.1.16.0 246136 Bytes 12/13/2010 13:39:42
    AEGEN.DLL : 8.1.5.0 397685 Bytes 12/13/2010 13:39:42
    AEEMU.DLL : 8.1.3.0 393589 Bytes 12/13/2010 13:39:42
    AECORE.DLL : 8.1.19.0 196984 Bytes 12/13/2010 13:39:41
    AEBB.DLL : 8.1.1.0 53618 Bytes 12/13/2010 13:39:41
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/13/2010 13:39:56
    AVPREF.DLL : 10.0.0.0 44904 Bytes 12/13/2010 13:39:54
    AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 19:27:13
    AVREG.DLL : 10.0.3.2 53096 Bytes 12/13/2010 13:39:54
    AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/13/2010 13:39:56
    AVARKT.DLL : 10.0.22.6 231784 Bytes 12/13/2010 13:39:52
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/13/2010 13:39:53
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/13/2010 13:39:56
    NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 19:27:21
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
    RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/13/2010 13:40:20

    Configuration settings for the scan:
    Jobname.............................: Short system scan after installation
    Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: off
    Integrity checking of system files..: off
    Scan all files......................: Intelligent file selection
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: Tuesday, December 21, 2010 12:06

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avconfig.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avshadow.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'setup.exe' - '1' Module(s) have been scanned
    Scan process 'presetup.exe' - '1' Module(s) have been scanned
    Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
    Scan process 'agent.exe' - '1' Module(s) have been scanned
    Scan process 'isuspm.exe' - '1' Module(s) have been scanned
    Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
    Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'scrnsave.scr' - '1' Module(s) have been scanned
    Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
    Scan process 'stxmenumgr.exe' - '1' Module(s) have been scanned
    Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
    Scan process 'AAWService.exe' - '1' Module(s) have been scanned
    Scan process 'agent.exe' - '1' Module(s) have been scanned
    Scan process 'isuspm.exe' - '1' Module(s) have been scanned
    Scan process 'Pmsb.exe' - '1' Module(s) have been scanned
    Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
    Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'ymsgr_tray.exe' - '1' Module(s) have been scanned
    Scan process 'MBAgent.exe' - '1' Module(s) have been scanned
    Scan process 'Ding.exe' - '1' Module(s) have been scanned
    Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned
    Scan process 'ComcastSecureBackupSharestat.exe' - '1' Module(s) have been scanned
    Scan process 'AcroTray.exe' - '1' Module(s) have been scanned
    Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'lexpps.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'OpwareSE2.exe' - '1' Module(s) have been scanned
    Scan process 'issch.exe' - '1' Module(s) have been scanned
    Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
    Scan process 'PCMService.exe' - '1' Module(s) have been scanned
    Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned
    Scan process 'CTDVDDet.EXE' - '1' Module(s) have been scanned
    Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
    Scan process 'IntelMEM.exe' - '1' Module(s) have been scanned
    Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned
    Scan process 'iaanotif.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
    Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned
    Scan process 'ComcastSecureBackupSharestat.exe' - '1' Module(s) have been scanned
    Scan process 'AcroTray.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'OpwareSE2.exe' - '1' Module(s) have been scanned
    Scan process 'issch.exe' - '1' Module(s) have been scanned
    Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
    Scan process 'PCMService.exe' - '1' Module(s) have been scanned
    Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned
    Scan process 'CTDVDDet.EXE' - '1' Module(s) have been scanned
    Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
    Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned
    Scan process 'iaanotif.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
    Scan process 'ComcastSecureBackupSharebackup.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
    Scan process 'ComcastSecureBackupSharebackup.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ViewMgr.exe' - '1' Module(s) have been scanned
    Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
    Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
    Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'MDM.EXE' - '1' Module(s) have been scanned
    Scan process 'jqs.exe' - '1' Module(s) have been scanned
    Scan process 'iaantmon.exe' - '1' Module(s) have been scanned
    Scan process 'FreeAgentService.exe' - '1' Module(s) have been scanned
    Scan process 'CTsvcCDA.exe' - '1' Module(s) have been scanned
    Scan process 'ComcastSecureBackupSharebackup.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!

    Start scanning boot sectors:

    Starting to scan executable files (registry).
    The registry was scanned ( '1870' files ).



    End of the scan: Tuesday, December 21, 2010 12:07
    Used time: 00:53 Minute(s)

    The scan has been done completely.

    0 Scanned directories
    2415 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    2415 Files not concerned
    5 Archives were scanned
    0 Warnings
    0 Notes
     
  2. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    Attach.txt part of DDS is missing, so please provide that.

    Then, you're running two AV programs, Avast and Avira.
    One of them has to go.
    Your choice.

    You also have some McAfee leftovers.
    Please, run this tool to remove them: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml

    =====================================================================

    When done....

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. smargarita

    smargarita TS Rookie Topic Starter Posts: 17

    Thanks so much Broni! I'm not tech-savvy, but I can get by, so I apologize in advance if I'm a little high-maintenance. I really really appreciate your help. Here's the missing file. Not sure how I missed that the first time.


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/17/2004 9:55:40 PM
    System Uptime: 12/21/2010 2:10:49 PM (2 hours ago)

    Motherboard: Dell Inc. | | 0J3492
    Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 146 GiB total, 46.64 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM ()
    F: is FIXED (NTFS) - 1397 GiB total, 1263.247 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP502: 9/23/2010 10:26:51 AM - System Checkpoint
    RP503: 9/24/2010 1:12:57 PM - System Checkpoint
    RP504: 9/25/2010 7:09:42 PM - System Checkpoint
    RP505: 9/26/2010 8:24:25 PM - System Checkpoint
    RP506: 9/27/2010 8:51:28 PM - System Checkpoint
    RP507: 9/28/2010 9:51:28 PM - System Checkpoint
    RP508: 9/29/2010 10:24:24 PM - System Checkpoint
    RP509: 9/30/2010 11:22:22 PM - System Checkpoint
    RP510: 10/1/2010 11:51:32 PM - System Checkpoint
    RP511: 10/3/2010 12:51:27 AM - System Checkpoint
    RP512: 10/4/2010 1:51:17 AM - System Checkpoint
    RP513: 10/5/2010 2:51:27 AM - System Checkpoint
    RP514: 10/6/2010 3:51:25 AM - System Checkpoint
    RP515: 10/7/2010 4:51:18 AM - System Checkpoint
    RP516: 10/8/2010 5:51:27 AM - System Checkpoint
    RP517: 10/9/2010 6:51:26 AM - System Checkpoint
    RP518: 10/10/2010 7:51:25 AM - System Checkpoint
    RP519: 10/11/2010 8:51:26 AM - System Checkpoint
    RP520: 10/12/2010 8:52:31 AM - System Checkpoint
    RP521: 10/13/2010 11:56:19 AM - System Checkpoint
    RP522: 10/14/2010 12:17:30 PM - System Checkpoint
    RP523: 10/15/2010 12:51:19 PM - System Checkpoint
    RP524: 10/16/2010 1:51:27 PM - System Checkpoint
    RP525: 10/17/2010 2:46:25 PM - System Checkpoint
    RP526: 10/18/2010 3:16:37 PM - System Checkpoint
    RP527: 10/19/2010 4:28:36 PM - System Checkpoint
    RP528: 10/20/2010 5:16:36 PM - System Checkpoint
    RP529: 10/21/2010 6:16:36 PM - System Checkpoint
    RP530: 10/22/2010 7:16:35 PM - System Checkpoint
    RP531: 10/23/2010 9:43:50 PM - System Checkpoint
    RP532: 10/24/2010 10:50:15 PM - System Checkpoint
    RP533: 10/25/2010 11:10:10 PM - System Checkpoint
    RP534: 10/27/2010 7:35:20 AM - System Checkpoint
    RP535: 10/28/2010 8:09:59 AM - System Checkpoint
    RP536: 10/29/2010 8:11:54 AM - System Checkpoint
    RP537: 10/30/2010 8:44:25 AM - System Checkpoint
    RP538: 11/1/2010 11:40:30 PM - System Checkpoint
    RP539: 11/2/2010 11:43:47 PM - System Checkpoint
    RP540: 11/3/2010 11:48:30 PM - System Checkpoint
    RP541: 11/5/2010 7:49:35 PM - System Checkpoint
    RP542: 11/6/2010 8:36:24 PM - System Checkpoint
    RP543: 11/7/2010 8:36:13 PM - System Checkpoint
    RP544: 11/9/2010 5:36:21 AM - System Checkpoint
    RP545: 11/10/2010 6:36:21 AM - System Checkpoint
    RP546: 11/11/2010 7:18:02 AM - Software Distribution Service 3.0
    RP547: 11/12/2010 7:37:26 AM - System Checkpoint
    RP548: 11/13/2010 8:36:24 AM - System Checkpoint
    RP549: 11/14/2010 9:35:12 AM - System Checkpoint
    RP550: 11/15/2010 9:36:12 AM - System Checkpoint
    RP551: 11/16/2010 9:52:40 AM - System Checkpoint
    RP552: 11/17/2010 10:35:11 AM - System Checkpoint
    RP553: 11/18/2010 11:29:24 AM - System Checkpoint
    RP554: 11/19/2010 11:35:26 AM - System Checkpoint
    RP555: 11/20/2010 12:29:24 PM - System Checkpoint
    RP556: 11/21/2010 1:29:23 PM - System Checkpoint
    RP557: 11/22/2010 2:29:23 PM - System Checkpoint
    RP558: 11/23/2010 3:29:21 PM - System Checkpoint
    RP559: 11/24/2010 5:13:00 PM - System Checkpoint
    RP560: 11/25/2010 5:29:24 PM - System Checkpoint
    RP561: 11/26/2010 6:29:15 PM - System Checkpoint
    RP562: 11/27/2010 7:29:26 PM - System Checkpoint
    RP563: 11/28/2010 8:30:33 PM - System Checkpoint
    RP564: 11/29/2010 10:59:04 PM - System Checkpoint
    RP565: 11/30/2010 11:57:45 PM - System Checkpoint
    RP566: 12/2/2010 12:00:43 AM - System Checkpoint
    RP567: 12/2/2010 11:42:52 AM - Installed Java(TM) 6 Update 22
    RP568: 12/3/2010 11:51:53 AM - System Checkpoint
    RP569: 12/4/2010 12:03:41 PM - System Checkpoint
    RP570: 12/5/2010 12:56:41 PM - System Checkpoint
    RP571: 12/6/2010 2:09:09 PM - System Checkpoint
    RP572: 12/7/2010 2:47:36 PM - System Checkpoint
    RP573: 12/8/2010 3:05:53 PM - System Checkpoint
    RP574: 12/9/2010 3:15:16 PM - System Checkpoint
    RP575: 12/10/2010 3:16:31 PM - System Checkpoint
    RP576: 12/11/2010 3:35:31 PM - System Checkpoint
    RP577: 12/12/2010 4:35:21 PM - System Checkpoint
    RP578: 12/13/2010 5:35:20 PM - System Checkpoint
    RP579: 12/14/2010 5:37:09 PM - System Checkpoint
    RP580: 12/15/2010 6:34:50 PM - System Checkpoint
    RP581: 12/16/2010 6:35:24 PM - System Checkpoint
    RP582: 12/17/2010 7:35:31 PM - System Checkpoint
    RP583: 12/18/2010 8:35:31 PM - System Checkpoint
    RP584: 12/19/2010 9:36:48 PM - System Checkpoint
    RP585: 12/20/2010 9:42:07 PM - System Checkpoint
    RP586: 12/21/2010 12:43:01 PM - avast! Free Antivirus Setup

    ==== Installed Programs ======================

    Ad-Aware
    Adobe Acrobat 5.0
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Help Center 1.0
    Adobe Illustrator CS2
    Adobe PageMaker 7.0
    Adobe Photoshop 7.0.1
    Adobe Reader 7.0.7
    Adobe Stock Photos 1.0
    Adobe SVG Viewer 3.0
    Adobe Type Manager 4.1
    AdwareAlert
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Software Suite
    ATI Control Panel
    ATI Display Driver
    avast! Free Antivirus
    Avira AntiVir Personal - Free Antivirus
    Banctec Service Agreement
    Bonjour
    Broadcom Advanced Control Suite 2
    BUM
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon MP Navigator 2.2
    Canon MP530
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities Easy-PhotoPrint
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    CleanUp!
    Clickables Online
    Compatibility Pack for the 2007 Office system
    Creative MediaSource
    Dell Digital Jukebox Driver
    Dell Media Experience
    Dell Networking Guide
    Dell Photo Printer 720
    Dell Solution Center
    Dell Support
    DellSupport
    DING!
    EarthLink Setup Files
    Easy-WebPrint
    ESPNMotion
    File, Print FedEx Kinko's
    Flickr Uploadr 2.5.0.15
    Garmin Communicator Plugin
    Garmin Training Center v5
    Garmin WebUpdater
    Google Chrome
    Google Earth
    Google Update Helper
    Google Updater
    Help and Support Customization
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    iDisk Utility for Windows
    Intel Application Accelerator
    Intel(R) 537EP V9x DF PCI Modem
    Internet Explorer Default Page
    ISO Recorder
    iTunes
    Jasc Paint Shop Photo Album
    Jasc Paint Shop Pro 8 Dell Edition
    Java 2 Runtime Environment, SE v1.4.2_03
    Java Auto Updater
    Java(TM) 6 Update 22
    JumpStart Learning Games Phonics
    KODAK EASYSHARE Gallery Easy Upload, v2.1
    KODAK EASYSHARE Gallery Upload ActiveX Control
    Learn2 Player (Uninstall Only)
    Lexia Reading
    LiveUpdate 2.6 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Office Basic Edition 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MobileMe Control Panel
    Modem Event Monitor
    Modem Helper
    Modem On Hold
    MotionBased Agent
    Mozilla Firefox (3.6.13)
    MSN Music Assistant
    MyFonts Order M901961
    Norton WMI Update
    OmniPage SE 2.0
    Personalized Learning Center
    Photodex Presenter
    PowerDVD 5.1
    Presto! PageManager 7.15.11
    Qualxserve Service Agreement
    QuickTime
    Reader Rabbit Thinking Adventures Ages 4-6
    RealPlayer Basic
    Safari
    Seagate Manager Installer
    Secure Backup and Share
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    SideStep
    Sonic DLA
    Sonic MyDVD
    Sonic RecordNow!
    Sonic Update Manager
    Sound Blaster Audigy 2
    Spybot - Search & Destroy
    Symantec Network Drivers Update
    TestDrive Client
    Uniblue RegistryBooster 2009
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    USB Driver for Panasonic DVC
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    WinZip 11.1
    Yahoo! Messenger
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    12/21/2010 11:34:59 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    12/21/2010 11:34:59 AM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Margaret\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
    12/21/2010 11:34:59 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    12/14/2010 12:17:02 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

    ==== End Of File ===========================


    Working on other instructions, thanks so much!
     
  4. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    OK :)...........
     
  5. smargarita

    smargarita TS Rookie Topic Starter Posts: 17

    OK, new set of logs. Whew, that Combofix took forever. My computer must be a big mess.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000003d

    Kernel Drivers (total 162):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF7987000 \WINDOWS\system32\KDCOM.DLL
    0xF7897000 \WINDOWS\system32\BOOTVID.dll
    0xF75A8000 ACPI.sys
    0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
    0xF7597000 pci.sys
    0xF75F7000 isapnp.sys
    0xF789B000 compbatt.sys
    0xF789F000 \WINDOWS\System32\DRIVERS\BATTC.SYS
    0xF7A4F000 pciide.sys
    0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    0xF74D9000 pcmcia.sys
    0xF7607000 MountMgr.sys
    0xF74BA000 ftdisk.sys
    0xF770F000 PartMgr.sys
    0xF7617000 VolSnap.sys
    0xF74A2000 atapi.sys
    0xF742F000 iaStor.sys
    0xF7627000 disk.sys
    0xF7637000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    0xF740F000 fltmgr.sys
    0xF7885000 sr.sys
    0xF7647000 Lbd.sys
    0xF7870000 drvmcdb.sys
    0xF7717000 PxHelp20.sys
    0xF7859000 KSecDD.sys
    0xF7B52000 Ntfs.sys
    0xF782C000 NDIS.sys
    0xF7657000 ohci1394.sys
    0xF7667000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
    0xBAFE6000 Mup.sys
    0xF7687000 \SystemRoot\System32\DRIVERS\nic1394.sys
    0xB9691000 \SystemRoot\System32\DRIVERS\intelppm.sys
    0xB0E8C000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
    0xB0E78000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
    0xB0E4A000 \SystemRoot\System32\DRIVERS\b57xp32.sys
    0xB1CAE000 \SystemRoot\System32\DRIVERS\usbuhci.sys
    0xB0E26000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
    0xB1CA6000 \SystemRoot\System32\DRIVERS\usbehci.sys
    0xB262F000 \SystemRoot\System32\DRIVERS\IntelC53.sys
    0xB0E03000 \SystemRoot\System32\DRIVERS\ks.sys
    0xB0CDC000 \SystemRoot\System32\DRIVERS\IntelC51.sys
    0xB0C47000 \SystemRoot\System32\DRIVERS\IntelC52.sys
    0xB1C9E000 \SystemRoot\System32\DRIVERS\mohfilt.sys
    0xB1C96000 \SystemRoot\System32\Drivers\Modem.SYS
    0xB0BD7000 \SystemRoot\system32\drivers\ctaud2k.sys
    0xB0BB3000 \SystemRoot\system32\drivers\portcls.sys
    0xB261F000 \SystemRoot\system32\drivers\drmk.sys
    0xB0B88000 \SystemRoot\system32\drivers\ctoss2k.sys
    0xB9283000 \SystemRoot\System32\drivers\ctprxy2k.sys
    0xB1C8E000 \SystemRoot\System32\DRIVERS\fdc.sys
    0xB260F000 \SystemRoot\System32\DRIVERS\i8042prt.sys
    0xB19D1000 \SystemRoot\System32\DRIVERS\kbdclass.sys
    0xB0B74000 \SystemRoot\System32\DRIVERS\parport.sys
    0xB25FF000 \SystemRoot\System32\DRIVERS\serial.sys
    0xB27A3000 \SystemRoot\System32\DRIVERS\serenum.sys
    0xB25EF000 \SystemRoot\System32\DRIVERS\imapi.sys
    0xB9281000 \SystemRoot\system32\drivers\sscdbhk5.sys
    0xB25DF000 \SystemRoot\System32\DRIVERS\cdrom.sys
    0xB25CF000 \SystemRoot\System32\DRIVERS\redbook.sys
    0xB19C9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xB2685000 \SystemRoot\System32\DRIVERS\audstub.sys
    0xB1AC4000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
    0xB240B000 \SystemRoot\System32\DRIVERS\ndistapi.sys
    0xB0B5D000 \SystemRoot\System32\DRIVERS\ndiswan.sys
    0xB1AB4000 \SystemRoot\System32\DRIVERS\raspppoe.sys
    0xB1AA4000 \SystemRoot\System32\DRIVERS\raspptp.sys
    0xB19C1000 \SystemRoot\System32\DRIVERS\TDI.SYS
    0xB0B4C000 \SystemRoot\System32\DRIVERS\psched.sys
    0xB1A94000 \SystemRoot\System32\DRIVERS\msgpc.sys
    0xB19B9000 \SystemRoot\System32\DRIVERS\ptilink.sys
    0xB19B1000 \SystemRoot\System32\DRIVERS\raspti.sys
    0xB0B1C000 \SystemRoot\System32\DRIVERS\rdpdr.sys
    0xB1A84000 \SystemRoot\System32\DRIVERS\termdd.sys
    0xB19A9000 \SystemRoot\System32\DRIVERS\mouclass.sys
    0xB927F000 \SystemRoot\System32\DRIVERS\swenum.sys
    0xB0ABE000 \SystemRoot\System32\DRIVERS\update.sys
    0xB19A1000 \SystemRoot\System32\DRIVERS\omci.sys
    0xB23F3000 \SystemRoot\System32\DRIVERS\mssmbios.sys
    0xB1A54000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB1A34000 \SystemRoot\System32\DRIVERS\usbhub.sys
    0xB9277000 \SystemRoot\System32\DRIVERS\USBD.SYS
    0xB1486000 \SystemRoot\system32\drivers\MODEMCSA.sys
    0xA89E1000 \SystemRoot\System32\drivers\ha10kx2k.sys
    0xA89C6000 \SystemRoot\System32\drivers\emupia2k.sys
    0xA89A7000 \SystemRoot\System32\drivers\ctsfm2k.sys
    0xA8987000 \SystemRoot\System32\drivers\ctac32k.sys
    0xA8967000 \SystemRoot\System32\drivers\hap16v2k.sys
    0xB1991000 \SystemRoot\System32\DRIVERS\flpydisk.sys
    0xB1472000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xA8954000 \SystemRoot\system32\DRIVERS\ComcastSecureBackupShare.sys
    0xB9275000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xB8BFA000 \SystemRoot\System32\Drivers\Null.SYS
    0xB9273000 \SystemRoot\System32\Drivers\Beep.SYS
    0xB1046000 \SystemRoot\system32\drivers\ssrtln.sys
    0xB103E000 \SystemRoot\System32\drivers\vga.sys
    0xB9271000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xB926F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xB1036000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xB102E000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB146A000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0xA8921000 \SystemRoot\System32\DRIVERS\ipsec.sys
    0xA88C8000 \SystemRoot\System32\DRIVERS\tcpip.sys
    0xB13E0000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xB13D0000 \SystemRoot\System32\DRIVERS\wanarp.sys
    0xA88A0000 \SystemRoot\System32\DRIVERS\netbt.sys
    0xA887E000 \SystemRoot\System32\drivers\afd.sys
    0xB13C0000 \SystemRoot\System32\DRIVERS\arp1394.sys
    0xB13B0000 \SystemRoot\System32\DRIVERS\netbios.sys
    0xA8853000 \SystemRoot\System32\DRIVERS\rdbss.sys
    0xA87E3000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
    0xB1390000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA87BC000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xB101E000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xBAA4F000 \SystemRoot\system32\drivers\grmnusb.sys
    0xB1016000 \SystemRoot\system32\drivers\GRMNGEN.SYS
    0xBAA4B000 \SystemRoot\System32\DRIVERS\hidusb.sys
    0xB1360000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
    0xB100E000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
    0xB9681000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB94F8000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
    0xB94F0000 \SystemRoot\System32\DRIVERS\usbccgp.sys
    0xBAFB6000 \SystemRoot\System32\DRIVERS\mouhid.sys
    0xB9482000 \SystemRoot\System32\DRIVERS\usbscan.sys
    0xB94E8000 \SystemRoot\System32\DRIVERS\usbprint.sys
    0xA8749000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB9476000 \SystemRoot\System32\drivers\Dxapi.sys
    0xB9719000 \SystemRoot\System32\watchdog.sys
    0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
    0xBA62D000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF9D6000 \SystemRoot\System32\ati2dvag.dll
    0xBFA0D000 \SystemRoot\System32\ati2cqag.dll
    0xBFA47000 \SystemRoot\System32\ati3duag.dll
    0xBFC1B000 \SystemRoot\System32\ativvaxx.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB6D3F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xBA666000 \SystemRoot\system32\drivers\drvnddm.sys
    0xB936D000 \SystemRoot\system32\dla\tfsndres.sys
    0xA7734000 \SystemRoot\system32\dla\tfsnifs.sys
    0xB6D2B000 \SystemRoot\system32\dla\tfsnopio.sys
    0xB91AD000 \SystemRoot\system32\dla\tfsnpool.sys
    0xB9729000 \SystemRoot\system32\dla\tfsnboio.sys
    0xBA656000 \SystemRoot\system32\dla\tfsncofs.sys
    0xB160D000 \SystemRoot\system32\dla\tfsndrct.sys
    0xA771B000 \SystemRoot\system32\dla\tfsnudf.sys
    0xA7702000 \SystemRoot\system32\dla\tfsnudfa.sys
    0xB9462000 \SystemRoot\System32\DRIVERS\ndisuio.sys
    0xA7673000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xA7366000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB8DB7000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA708B000 \SystemRoot\System32\DRIVERS\mrxdav.sys
    0xB9330000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xB923F000 \SystemRoot\System32\Drivers\ASCTRM.SYS
    0xB8D41000 \SystemRoot\System32\DRIVERS\dsunidrv.sys
    0xA6C8A000 \SystemRoot\System32\Drivers\HTTP.sys
    0xA6C0B000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA6DAB000 \??\C:\WINDOWS\System32\drivers\PfModNT.sys
    0xB6A8B000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0xA6350000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

    Processes (total 70):
    0 System Idle Process
    4 System
    672 C:\WINDOWS\SYSTEM32\smss.exe
    744 csrss.exe
    768 C:\WINDOWS\SYSTEM32\winlogon.exe
    812 C:\WINDOWS\SYSTEM32\services.exe
    824 C:\WINDOWS\SYSTEM32\lsass.exe
    1028 C:\WINDOWS\SYSTEM32\ati2evxx.exe
    1044 C:\WINDOWS\SYSTEM32\svchost.exe
    1156 svchost.exe
    1252 C:\WINDOWS\SYSTEM32\svchost.exe
    1344 svchost.exe
    1452 svchost.exe
    1528 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    1616 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1824 C:\WINDOWS\explorer.exe
    372 C:\WINDOWS\SYSTEM32\LEXBCES.EXE
    500 C:\WINDOWS\SYSTEM32\LEXPPS.EXE
    520 C:\WINDOWS\SYSTEM32\spoolsv.exe
    708 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1224 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    1232 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    1240 C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    1312 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
    1320 C:\WINDOWS\SYSTEM32\CTHELPER.EXE
    1360 C:\Program Files\Dell\Media Experience\PCMService.exe
    1404 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
    1376 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    1468 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    1556 C:\Program Files\Mozilla Firefox\firefox.exe
    1664 C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
    1744 svchost.exe
    1904 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1916 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    2060 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    2084 C:\Program Files\iTunes\iTunesHelper.exe
    2104 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    2168 C:\WINDOWS\SYSTEM32\ctfmon.exe
    2180 C:\Program Files\Bonjour\mDNSResponder.exe
    2192 C:\Program Files\Messenger\msmsgs.exe
    2248 C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe
    2280 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    2436 C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
    2444 C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    2512 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    2532 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    2860 C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
    2876 C:\Program Files\Java\jre6\bin\jqs.exe
    2892 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    2916 C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe
    3000 C:\Program Files\WinZip\WZQKPICK.EXE
    3064 C:\WINDOWS\SYSTEM32\svchost.exe
    3096 wdfmgr.exe
    3204 C:\Program Files\Viewpoint\Common\ViewpointService.exe
    3228 C:\Program Files\Southwest Airlines\Ding\Ding.exe
    3236 C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
    3392 C:\Program Files\MotionBased\Agent\MBAgent.exe
    3556 C:\Program Files\Canon\CAL\CALMAIN.exe
    3644 C:\WINDOWS\SYSTEM32\wuauclt.exe
    1332 UNSECAPP.EXE
    2384 C:\Program Files\iPod\bin\iPodService.exe
    3888 wmiprvse.exe
    4024 C:\WINDOWS\SYSTEM32\svchost.exe
    788 C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
    2320 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    1248 C:\WINDOWS\SYSTEM32\wuauclt.exe
    256 C:\WINDOWS\SYSTEM32\ctfmon.exe
    1516 C:\Program Files\Internet Explorer\iexplore.exe
    960 C:\Program Files\Mozilla Firefox\plugin-container.exe
    1476 C:\Documents and Settings\Margaret\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)
    \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD1600JD-75HBB0, Rev: 08.02D08
    PhysicalDrive1 Model Number: SeagateFreeAgent, Rev: 0132

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: E66C176942DF42CCFE7A0113EAFF39E82F8B0047
    1397 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!



    ComboFix 10-12-21.01 - Margaret 12/21/2010 17:47:27.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1537 [GMT -5:00]
    Running from: c:\documents and settings\Margaret\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\documents and settings\Margaret\Local Settings\Application Data\{056B84C7-14C1-422C-AF9C-4E1C348838EF}
    c:\documents and settings\Margaret\Local Settings\Application Data\{056B84C7-14C1-422C-AF9C-4E1C348838EF}\chrome.manifest
    c:\documents and settings\Margaret\Local Settings\Application Data\{056B84C7-14C1-422C-AF9C-4E1C348838EF}\chrome\content\_cfg.js
    c:\documents and settings\Margaret\Local Settings\Application Data\{056B84C7-14C1-422C-AF9C-4E1C348838EF}\chrome\content\overlay.xul
    c:\documents and settings\Margaret\Local Settings\Application Data\{056B84C7-14C1-422C-AF9C-4E1C348838EF}\install.rdf
    c:\documents and settings\Margaret\My Documents\Files\From Jim's computer\Alltackle emails\Alltackle.eml
    c:\documents and settings\Margaret\My Documents\Files\From Jim's computer\Jim\Legal\Emails\Alltackle.eml
    c:\windows\system32\BSTIEPrintCtl1.dll
    c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common
    c:\windows\system32\drivers\sst696.sys
    c:\windows\system32\Oeminfo.ini
    c:\windows\wiaserviv.log
    F:\Autorun.inf

    ----- BITS: Possible infected sites -----

    hxxp://au.download.windowsupdate.comj+|Cv+@J:NGD_DQ{zGD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cv Settings\Margaret\Local Settings\Application Data\Temp\{102975CE-855C-40DD-A2F7-FA717EAD7EF7}Google Update
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_sst696
    -------\Service_sst696


    ((((((((((((((((((((((((( Files Created from 2010-11-21 to 2010-12-21 )))))))))))))))))))))))))))))))
    .

    2010-12-21 22:05 . 2010-12-21 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2010-12-21 19:22 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-21 17:44 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-12-21 17:44 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-12-21 17:44 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-12-21 17:44 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-12-21 17:44 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-12-21 17:44 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-12-21 17:44 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-12-21 17:43 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-12-21 17:43 . 2010-12-21 17:43 -------- d-----w- c:\program files\Alwil Software
    2010-12-21 17:43 . 2010-12-21 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-12-15 21:42 . 2010-12-15 21:46 -------- d-----w- c:\program files\Lexia
    2010-12-08 13:57 . 2010-12-08 13:57 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-12-08 13:53 . 2010-12-08 13:53 -------- d-----w- c:\documents and settings\Margaret\Local Settings\Application Data\Sunbelt Software
    2010-12-08 13:47 . 2010-12-08 13:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    2010-12-02 16:43 . 2010-12-02 16:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-12-02 16:43 . 2010-12-02 16:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-12-02 16:43 . 2010-12-02 16:42 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2010-12-02 12:50 . 2010-12-02 12:50 -------- d-----w- c:\program files\iPod
    2010-12-02 12:50 . 2010-12-02 12:50 -------- d-----w- c:\program files\iTunes
    2010-12-02 12:46 . 2010-12-02 12:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
    2010-12-02 01:34 . 2010-12-11 18:38 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
    2010-12-02 01:34 . 2010-12-11 18:38 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-03 09:05 . 2009-03-05 00:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-12-03 09:05 . 2009-03-05 01:07 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-09-28 20:44 . 2010-06-22 00:22 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2010-09-28 20:44 . 2010-06-22 00:22 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare]
    @="{72bcb80d-7778-eb4a-ec51-22340ad33e07}"
    [HKEY_CLASSES_ROOT\CLSID\{72bcb80d-7778-eb4a-ec51-22340ad33e07}]
    2010-02-09 13:02 2848584 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare2]
    @="{b723586e-9ca0-5b27-341a-4990a8c342cf}"
    [HKEY_CLASSES_ROOT\CLSID\{b723586e-9ca0-5b27-341a-4990a8c342cf}]
    2010-02-09 13:02 2848584 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare3]
    @="{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}"
    [HKEY_CLASSES_ROOT\CLSID\{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}]
    2010-02-09 13:02 2848584 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-26 335872]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
    "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
    "CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
    "CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
    "CTHelper"="CTHELPER.EXE" [2003-02-20 28672]
    "AsioReg"="CTASIO.DLL" [2003-02-20 110592]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
    "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-12-03 930032]
    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]

    c:\documents and settings\Margaret\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-2-15 113664]
    DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
    MotionBased Agent.lnk - c:\program files\MotionBased\Agent\MBAgent.exe [2006-12-30 909312]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-12-11 82026]
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-2-15 113664]
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    Secure Backup and Share Status.lnk - c:\program files\SecureBackupShare\ComcastSecureBackupSharestat.exe [2010-2-9 2861896]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-5-15 394856]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
    2006-09-06 15:05 1891416 ----a-w- c:\garmin\gStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2004-07-27 05:11 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "MDM"=2 (0x2)
    "iPod Service"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "AOL ACS"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\agent.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "64411:TCP"= 64411:TCP:pORT_64411
    "23353:TCP"= 23353:TCP:pORT_23353
    "21521:TCP"= 21521:TCP:pORT_21521
    "42391:TCP"= 42391:TCP:pORT_42391
    "61090:TCP"= 61090:TCP:pORT_61090
    "56363:TCP"= 56363:TCP:pORT_56363
    "10648:TCP"= 10648:TCP:pORT_10648
    "17087:TCP"= 17087:TCP:pORT_17087
    "20018:TCP"= 20018:TCP:pORT_20018
    "34688:TCP"= 34688:TCP:pORT_34688
    "6705:TCP"= 6705:TCP:pORT_6705
    "44154:TCP"= 44154:TCP:pORT_44154
    "47858:TCP"= 47858:TCP:pORT_47858
    "54820:TCP"= 54820:TCP:pORT_54820
    "65505:TCP"= 65505:TCP:pORT_65505
    "37770:TCP"= 37770:TCP:pORT_37770
    "62120:TCP"= 62120:TCP:pORT_62120
    "15145:TCP"= 15145:TCP:pORT_15145
    "24861:TCP"= 24861:TCP:pORT_24861
    "59605:TCP"= 59605:TCP:pORT_59605
    "40086:TCP"= 40086:TCP:pORT_40086
    "38042:TCP"= 38042:TCP:pORT_38042
    "18258:TCP"= 18258:TCP:pORT_18258
    "41110:TCP"= 41110:TCP:pORT_41110
    "51612:TCP"= 51612:TCP:pORT_51612
    "10915:TCP"= 10915:TCP:pORT_10915
    "20582:TCP"= 20582:TCP:pORT_20582
    "8352:TCP"= 8352:TCP:pORT_8352
    "50897:TCP"= 50897:TCP:pORT_50897
    "24373:TCP"= 24373:TCP:pORT_24373
    "12516:TCP"= 12516:TCP:pORT_12516
    "7260:TCP"= 7260:TCP:pORT_7260

    R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [3/4/2009 7:53 PM 64288]
    R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [12/21/2010 12:44 PM 165584]
    R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\windows\SYSTEM32\DRIVERS\ComcastSecureBackupShare.sys [3/16/2010 7:23 AM 54776]
    R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [12/21/2010 12:44 PM 17744]
    R2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;c:\program files\SecureBackupShare\ComcastSecureBackupSharebackup.exe [2/9/2010 8:02 AM 45896]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 1:35 PM 181544]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 4:05 AM 1389400]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 2:51 AM 24652]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/7/2009 1:59 PM 133104]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/3/2010 4:05 AM 15264]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [8/21/2008 10:49 PM 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [8/21/2008 10:49 PM 8320]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [6/18/2007 7:18 PM 23680]
    S3 WCG200V2XP;Linksys WCG200 ver. 2 Wireless-G Cable Gateway;c:\windows\SYSTEM32\DRIVERS\WCG200V2XP.sys [10/8/2007 2:58 PM 14336]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 09:05]

    2010-12-21 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-14 22:27]

    2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-07 18:59]

    2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-07 18:59]

    2010-12-21 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-27 16:24]

    2010-12-21 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 03:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.yahoo.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    DPF: {084F552D-19EB-4668-9788-984CBC781A8F}
    DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
    DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - hxxp://www.sidestep.com/get/k42037/sb02b.cab
    DPF: {A7EA8AD2-287F-11D3-B120-006008C39542}
    FF - ProfilePath - c:\documents and settings\Margaret\Application Data\Mozilla\Firefox\Profiles\ksd0iqt0.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{be5c5dfe-f009-4eec-a96e-0b7b441cb835} - (no file)
    HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
    HKLM-Run-MBkLogOnHook - c:\program files\McAfee\MBK\LogOnHook.exe
    SSODL-IneUEjX-{806692E9-2ACC-3843-A6D0-552289C94C46} - c:\windows\system32\oc.dll
    SafeBoot-MCODS



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-21 18:19
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3156)
    c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
    c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\Ati2evxx.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\System32\CTsvcCDA.exe
    c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\System32\wdfmgr.exe
    c:\windows\System32\MsPMSPSv.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\System32\wbem\unsecapp.exe
    c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
    c:\program files\Internet Explorer\iexplore.exe
    c:\program files\Internet Explorer\iexplore.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-21 18:44:13 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-21 23:43

    Pre-Run: 50,163,339,264 bytes free
    Post-Run: 50,149,105,664 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

    - - End Of File - - FF91ADE91F9B222CD89F15CEF9438724


    Thanks again!
     
  6. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    We're on the way to fix it :)

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  7. smargarita

    smargarita TS Rookie Topic Starter Posts: 17

    Moving right along...

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00
    Boot sector MD5 is: 58ecce6ee11c762f12393e1a4f86f16a

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...

    Thanks a ton! Glad to hear we're making progress.
     
  8. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    OK, we have to fix your MBR first....

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
  9. smargarita

    smargarita TS Rookie Topic Starter Posts: 17

    Okey dokey, next round of Greek...

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000003d

    Kernel Drivers (total 168):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF7987000 \WINDOWS\system32\KDCOM.DLL
    0xF7897000 \WINDOWS\system32\BOOTVID.dll
    0xF75A8000 ACPI.sys
    0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
    0xF7597000 pci.sys
    0xF75F7000 isapnp.sys
    0xF789B000 compbatt.sys
    0xF789F000 \WINDOWS\System32\DRIVERS\BATTC.SYS
    0xF7A4F000 pciide.sys
    0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    0xF74D9000 pcmcia.sys
    0xF7607000 MountMgr.sys
    0xF74BA000 ftdisk.sys
    0xF770F000 PartMgr.sys
    0xF7617000 VolSnap.sys
    0xF74A2000 atapi.sys
    0xF742F000 iaStor.sys
    0xF7627000 disk.sys
    0xF7637000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    0xF740F000 fltmgr.sys
    0xF7885000 sr.sys
    0xF7647000 Lbd.sys
    0xF7870000 drvmcdb.sys
    0xF7717000 PxHelp20.sys
    0xF7859000 KSecDD.sys
    0xF7B52000 Ntfs.sys
    0xF782C000 NDIS.sys
    0xF7657000 ohci1394.sys
    0xF7667000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
    0xBAFE6000 Mup.sys
    0xF7687000 \SystemRoot\System32\DRIVERS\nic1394.sys
    0xBAF66000 \SystemRoot\System32\DRIVERS\intelppm.sys
    0xB98C1000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
    0xB98AD000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
    0xB987F000 \SystemRoot\System32\DRIVERS\b57xp32.sys
    0xBA428000 \SystemRoot\System32\DRIVERS\usbuhci.sys
    0xB985B000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
    0xBA420000 \SystemRoot\System32\DRIVERS\usbehci.sys
    0xBAF56000 \SystemRoot\System32\DRIVERS\IntelC53.sys
    0xB9838000 \SystemRoot\System32\DRIVERS\ks.sys
    0xB9711000 \SystemRoot\System32\DRIVERS\IntelC51.sys
    0xB967C000 \SystemRoot\System32\DRIVERS\IntelC52.sys
    0xF7797000 \SystemRoot\System32\DRIVERS\mohfilt.sys
    0xF779F000 \SystemRoot\System32\Drivers\Modem.SYS
    0xB960C000 \SystemRoot\system32\drivers\ctaud2k.sys
    0xB95E8000 \SystemRoot\system32\drivers\portcls.sys
    0xBAF46000 \SystemRoot\system32\drivers\drmk.sys
    0xB95BD000 \SystemRoot\system32\drivers\ctoss2k.sys
    0xF79E7000 \SystemRoot\System32\drivers\ctprxy2k.sys
    0xF77A7000 \SystemRoot\System32\DRIVERS\fdc.sys
    0xBAF36000 \SystemRoot\System32\DRIVERS\i8042prt.sys
    0xF77AF000 \SystemRoot\System32\DRIVERS\kbdclass.sys
    0xB95A9000 \SystemRoot\System32\DRIVERS\parport.sys
    0xBAF26000 \SystemRoot\System32\DRIVERS\serial.sys
    0xBAFAA000 \SystemRoot\System32\DRIVERS\serenum.sys
    0xBAF16000 \SystemRoot\System32\DRIVERS\imapi.sys
    0xF79E9000 \SystemRoot\system32\drivers\sscdbhk5.sys
    0xBAF06000 \SystemRoot\System32\DRIVERS\cdrom.sys
    0xBAEF6000 \SystemRoot\System32\DRIVERS\redbook.sys
    0xF77B7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xBA9DB000 \SystemRoot\System32\DRIVERS\audstub.sys
    0xB9BE8000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
    0xBAF9E000 \SystemRoot\System32\DRIVERS\ndistapi.sys
    0xB9592000 \SystemRoot\System32\DRIVERS\ndiswan.sys
    0xB9BD8000 \SystemRoot\System32\DRIVERS\raspppoe.sys
    0xB9BC8000 \SystemRoot\System32\DRIVERS\raspptp.sys
    0xF77BF000 \SystemRoot\System32\DRIVERS\TDI.SYS
    0xB9581000 \SystemRoot\System32\DRIVERS\psched.sys
    0xB9BB8000 \SystemRoot\System32\DRIVERS\msgpc.sys
    0xF77C7000 \SystemRoot\System32\DRIVERS\ptilink.sys
    0xF77CF000 \SystemRoot\System32\DRIVERS\raspti.sys
    0xB9551000 \SystemRoot\System32\DRIVERS\rdpdr.sys
    0xB9BA8000 \SystemRoot\System32\DRIVERS\termdd.sys
    0xF77D7000 \SystemRoot\System32\DRIVERS\mouclass.sys
    0xF79EB000 \SystemRoot\System32\DRIVERS\swenum.sys
    0xB94CB000 \SystemRoot\System32\DRIVERS\update.sys
    0xB99D6000 \SystemRoot\System32\DRIVERS\omci.sys
    0xBAF7A000 \SystemRoot\System32\DRIVERS\mssmbios.sys
    0xBA5F6000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xBA5D6000 \SystemRoot\System32\DRIVERS\usbhub.sys
    0xF79F5000 \SystemRoot\System32\DRIVERS\USBD.SYS
    0xBAFB2000 \SystemRoot\system32\drivers\MODEMCSA.sys
    0xAF9A7000 \SystemRoot\System32\drivers\ha10kx2k.sys
    0xAF98C000 \SystemRoot\System32\drivers\emupia2k.sys
    0xAF96D000 \SystemRoot\System32\drivers\ctsfm2k.sys
    0xAF94D000 \SystemRoot\System32\drivers\ctac32k.sys
    0xAF92D000 \SystemRoot\System32\drivers\hap16v2k.sys
    0xF7757000 \SystemRoot\System32\DRIVERS\flpydisk.sys
    0xB9539000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xAE6C7000 \SystemRoot\system32\DRIVERS\ComcastSecureBackupShare.sys
    0xF79A3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7A6E000 \SystemRoot\System32\Drivers\Null.SYS
    0xF79A5000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF7767000 \SystemRoot\system32\drivers\ssrtln.sys
    0xF776F000 \SystemRoot\System32\drivers\vga.sys
    0xF79A7000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF79A9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF7777000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA460000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB9531000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0xAE694000 \SystemRoot\System32\DRIVERS\ipsec.sys
    0xAE63B000 \SystemRoot\System32\DRIVERS\tcpip.sys
    0xB0AD8000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xA2CA6000 \SystemRoot\System32\DRIVERS\ipnat.sys
    0xA6A12000 \SystemRoot\System32\DRIVERS\wanarp.sys
    0xA2C7E000 \SystemRoot\System32\DRIVERS\netbt.sys
    0xA6AF4000 \SystemRoot\system32\drivers\grmnusb.sys
    0xA74D6000 \SystemRoot\system32\drivers\GRMNGEN.SYS
    0xA2C5C000 \SystemRoot\System32\drivers\afd.sys
    0xA6A02000 \SystemRoot\System32\DRIVERS\netbios.sys
    0xA69E2000 \SystemRoot\System32\DRIVERS\arp1394.sys
    0xA2C31000 \SystemRoot\System32\DRIVERS\rdbss.sys
    0xA2BC1000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
    0xA69D2000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA6AF0000 \SystemRoot\System32\DRIVERS\hidusb.sys
    0xA5F58000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
    0xA74BE000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
    0xA24F8000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xA6796000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xA678E000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
    0xA6786000 \SystemRoot\System32\DRIVERS\usbccgp.sys
    0xA66E4000 \SystemRoot\System32\DRIVERS\mouhid.sys
    0x9CDDE000 \SystemRoot\System32\DRIVERS\usbscan.sys
    0x9CBE6000 \SystemRoot\System32\DRIVERS\usbprint.sys
    0x9CA4E000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0x9B8DE000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0x9C97F000 \SystemRoot\System32\drivers\Dxapi.sys
    0x9CBCE000 \SystemRoot\System32\watchdog.sys
    0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
    0xA6BEB000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF9D6000 \SystemRoot\System32\ati2dvag.dll
    0xBFA0D000 \SystemRoot\System32\ati2cqag.dll
    0xBFA47000 \SystemRoot\System32\ati3duag.dll
    0xBFC1B000 \SystemRoot\System32\ativvaxx.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xA3AD5000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xA67F6000 \SystemRoot\system32\drivers\drvnddm.sys
    0xF7A85000 \SystemRoot\system32\dla\tfsndres.sys
    0x9A8C9000 \SystemRoot\system32\dla\tfsnifs.sys
    0xA3AC9000 \SystemRoot\system32\dla\tfsnopio.sys
    0x9CF08000 \SystemRoot\system32\dla\tfsnpool.sys
    0x9B9EB000 \SystemRoot\system32\dla\tfsnboio.sys
    0xA67E6000 \SystemRoot\system32\dla\tfsncofs.sys
    0xF7A86000 \SystemRoot\system32\dla\tfsndrct.sys
    0x9A8B0000 \SystemRoot\system32\dla\tfsnudf.sys
    0x9A897000 \SystemRoot\system32\dla\tfsnudfa.sys
    0xBA7B3000 \SystemRoot\System32\DRIVERS\ndisuio.sys
    0x9A880000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0x9A72B000 \SystemRoot\system32\drivers\wdmaud.sys
    0xF76C7000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA8E72000
    0x9A708000
    0xF7527000
    0xF7517000
    0x9A6DD000
    0xA6B2D000
    0x9A568000 \SystemRoot\System32\DRIVERS\mrxdav.sys
    0xA622C000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xF79ED000 \SystemRoot\System32\Drivers\ASCTRM.SYS
    0xF79B7000 \SystemRoot\System32\DRIVERS\dsunidrv.sys
    0x9A27F000 \SystemRoot\System32\Drivers\HTTP.sys
    0x9A1D8000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9A263000 \??\C:\WINDOWS\System32\drivers\PfModNT.sys
    0xF778F000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

    Processes (total 68):
    0 System Idle Process
    4 System
    684 C:\WINDOWS\SYSTEM32\smss.exe
    748 csrss.exe
    776 C:\WINDOWS\SYSTEM32\winlogon.exe
    820 C:\WINDOWS\SYSTEM32\services.exe
    832 C:\WINDOWS\SYSTEM32\lsass.exe
    1020 C:\WINDOWS\SYSTEM32\ati2evxx.exe
    1036 C:\WINDOWS\SYSTEM32\svchost.exe
    1120 svchost.exe
    1216 C:\WINDOWS\SYSTEM32\svchost.exe
    1332 svchost.exe
    1384 svchost.exe
    1460 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    1596 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1920 C:\WINDOWS\SYSTEM32\LEXBCES.EXE
    1948 C:\WINDOWS\SYSTEM32\spoolsv.exe
    1992 C:\WINDOWS\SYSTEM32\LEXPPS.EXE
    192 C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
    604 C:\WINDOWS\explorer.exe
    1104 svchost.exe
    1196 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1248 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1272 C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
    1296 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    1320 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    1328 C:\Program Files\Bonjour\mDNSResponder.exe
    1364 C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    1436 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
    1444 C:\WINDOWS\SYSTEM32\CTHELPER.EXE
    1508 C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe
    1660 C:\Program Files\Dell\Media Experience\PCMService.exe
    1852 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
    2060 C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
    2108 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    2208 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    2240 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    2272 C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
    2392 C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    2468 C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
    2488 C:\Program Files\Java\jre6\bin\jqs.exe
    2516 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    2532 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    2628 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    2680 C:\Program Files\iTunes\iTunesHelper.exe
    2700 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    2896 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    2904 C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    2964 C:\WINDOWS\SYSTEM32\svchost.exe
    2996 wdfmgr.exe
    3056 C:\Program Files\Viewpoint\Common\ViewpointService.exe
    3184 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    3192 C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
    3400 C:\Program Files\Canon\CAL\CALMAIN.exe
    3480 C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe
    3592 C:\Program Files\WinZip\WZQKPICK.EXE
    3748 C:\WINDOWS\SYSTEM32\wuauclt.exe
    3840 C:\Program Files\Southwest Airlines\Ding\Ding.exe
    4088 C:\Program Files\MotionBased\Agent\MBAgent.exe
    1068 UNSECAPP.EXE
    2612 wmiprvse.exe
    2660 C:\Program Files\iPod\bin\iPodService.exe
    3140 C:\Documents and Settings\Margaret\Desktop\MBRCheck.exe
    3664 wmiprvse.exe
    3604 C:\WINDOWS\SYSTEM32\ctfmon.exe
    3740 alg.exe
    536 C:\WINDOWS\SYSTEM32\svchost.exe
    2164 C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)
    \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD1600JD-75HBB0, Rev: 08.02D08
    PhysicalDrive1 Model Number: SeagateFreeAgent, Rev: 0132

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    1397 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!

    Thanks!
     
  10. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Good job :)

    Combofix log looks good :)

    How is computer doing?

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

    ======================================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. smargarita

    smargarita TS Rookie Topic Starter Posts: 17

    I hadn't tried a Google search since we started, but since you asked me, it's working! Thanks a million!

    More fun stuff for you:

    OTL logfile created on: 12/22/2010 8:10:56 AM - Run 1
    OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Margaret\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 145.95 Gb Total Space | 46.59 Gb Free Space | 31.92% Space Free | Partition Type: NTFS
    Drive F: | 1397.26 Gb Total Space | 1260.02 Gb Free Space | 90.18% Space Free | Partition Type: NTFS

    Computer Name: ALLTACKLE | User Name: Margaret | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/22 07:57:50 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Margaret\Desktop\OTL.exe
    PRC - [2010/12/03 04:05:32 | 001,389,400 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2010/12/03 04:05:32 | 000,930,032 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/02/09 08:02:34 | 002,861,896 | ---- | M] (Secure Backup and Share) -- C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe
    PRC - [2010/02/09 08:02:32 | 000,045,896 | ---- | M] (Secure Backup and Share) -- C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe
    PRC - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    PRC - [2009/05/01 13:35:10 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/05/15 10:10:00 | 000,394,856 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
    PRC - [2006/12/30 10:18:46 | 000,909,312 | ---- | M] (MotionBased Technologies) -- C:\Program Files\MotionBased\Agent\MBAgent.exe
    PRC - [2006/06/22 14:15:48 | 000,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe
    PRC - [2005/09/30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2004/08/09 06:03:38 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    PRC - [2004/03/23 12:16:16 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
    PRC - [2004/03/23 12:15:40 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
    PRC - [2003/05/08 11:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
    PRC - [2003/02/20 16:45:40 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTHELPER.EXE
    PRC - [2002/10/29 09:18:24 | 000,049,152 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    PRC - [2002/09/30 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
    PRC - [2001/10/11 16:35:02 | 000,082,026 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/22 07:57:50 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Margaret\Desktop\OTL.exe
    MOD - [2006/03/24 10:53:30 | 000,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll
    MOD - [2003/02/20 16:45:52 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTAGENT.DLL


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - [2010/12/03 04:05:32 | 001,389,400 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/02/09 08:02:32 | 000,045,896 | ---- | M] (Secure Backup and Share) [Auto | Running] -- C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe -- (ComcastSecureBackupSharebackup)
    SRV - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
    SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
    SRV - [2005/09/30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2004/11/02 15:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
    SRV - [2004/03/23 12:15:40 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
    SRV - [2000/05/24 15:20:36 | 000,015,360 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\ATMsrvc.exe -- (ATMsrvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/12/03 04:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2010/12/03 04:05:33 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/02/09 08:02:26 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ComcastSecureBackupShare.sys -- (ComcastSecureBackupShareFilter)
    DRV - [2008/08/21 22:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motccgpfl.sys -- (motccgpfl)
    DRV - [2008/08/21 22:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motccgp.sys -- (motccgp)
    DRV - [2008/04/13 13:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
    DRV - [2008/04/13 13:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
    DRV - [2008/04/13 13:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
    DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motport.sys -- (motport)
    DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys -- (motmodem)
    DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2005/07/28 14:52:18 | 000,123,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - [2004/07/27 00:11:57 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2004/07/05 11:06:04 | 000,014,336 | R--- | M] (Cisco-Linksys, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WCG200V2XP.sys -- (WCG200V2XP)
    DRV - [2004/05/29 17:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
    DRV - [2004/05/25 23:19:00 | 000,729,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
    DRV - [2004/03/23 12:13:58 | 000,467,200 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
    DRV - [2004/03/15 01:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
    DRV - [2004/03/15 01:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
    DRV - [2004/03/15 01:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
    DRV - [2004/03/15 01:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
    DRV - [2004/03/15 01:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
    DRV - [2004/03/15 01:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
    DRV - [2004/03/15 01:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
    DRV - [2004/03/15 01:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
    DRV - [2004/03/15 01:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
    DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
    DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
    DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
    DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
    DRV - [2004/02/27 02:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
    DRV - [2004/02/13 03:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
    DRV - [2004/01/14 19:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
    DRV - [2004/01/14 19:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
    DRV - [2003/03/27 10:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k)
    DRV - [2003/03/26 15:33:58 | 000,498,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV - [2003/03/26 15:32:32 | 000,189,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
    DRV - [2003/03/26 15:32:02 | 000,141,536 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hap16v2k.sys -- (hap16v2k)
    DRV - [2003/03/26 15:31:40 | 000,823,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)
    DRV - [2003/03/06 09:10:34 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfmodnt.sys -- (PfModNT)
    DRV - [2003/02/20 16:24:46 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)
    DRV - [2003/02/20 16:24:34 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2003/02/20 16:24:18 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)
    DRV - [2003/02/20 16:22:38 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)
    DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
    DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..network.proxy.ftp: ":0"
    FF - prefs.js..network.proxy.gopher: ":0"
    FF - prefs.js..network.proxy.http: ":0"
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: ":0"
    FF - prefs.js..network.proxy.ssl: ":0"


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/21 17:23:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 13:38:45 | 000,000,000 | ---D | M]

    [2008/10/30 17:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Mozilla\Extensions
    [2010/12/21 14:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Mozilla\Firefox\Profiles\ksd0iqt0.default\extensions
    [2010/12/01 21:16:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Margaret\Application Data\Mozilla\Firefox\Profiles\ksd0iqt0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/12/01 21:16:31 | 000,000,000 | ---D | M] (IE View) -- C:\Documents and Settings\Margaret\Application Data\Mozilla\Firefox\Profiles\ksd0iqt0.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
    [2008/10/30 22:06:59 | 000,000,000 | ---D | M] (IE View Lite) -- C:\Documents and Settings\Margaret\Application Data\Mozilla\Firefox\Profiles\ksd0iqt0.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
    [2010/12/21 14:27:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/12/02 11:43:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/02 11:42:57 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/12/21 18:18:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O2 - BHO: (no name) - {be5c5dfe-f009-4eec-a96e-0b7b441cb835} - No CLSID value found.
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
    O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
    O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
    O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secure Backup and Share Status.lnk = C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe (Secure Backup and Share)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
    O4 - Startup: C:\Documents and Settings\Margaret\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\Margaret\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
    O4 - Startup: C:\Documents and Settings\Margaret\Start Menu\Programs\Startup\MotionBased Agent.lnk = C:\Program Files\MotionBased\Agent\MBAgent.exe (MotionBased Technologies)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/OneClickFix/tgctlsr.cab (SupportSoft Script Runner Class)
    O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} http://www.ritzpix.com/net/Uploader/LPUploader45.cab (Image Uploader Control)
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
    O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} http://www.sidestep.com/get/k42037/sb02b.cab (Reg Error: Key error.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173741447941 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1195508015711 (MUWebControl Class)
    O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab (Ofoto Upload Manager Class)
    O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} http://www.snapfish.com/SnapfishUpload.cab (Snapfish File Upload ActiveX Control)
    O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} http://a14.g.akamai.net/f/14/7141/1...taller_activex_en_4.60.38.0_MEGAPANEL_USA.cab (NMInstall Control)
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
    O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab (FujifilmUploader Class)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab (ZoneIntro Class)
    O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.308904167760062&file=stamps.cab (SDCInstaller Class)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
    O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab (CGameManagerCtrl Object)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5165/mcfscan.cab (McFreeScan Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop Components:0 () - http://im1.shutterfly.com/procserv/47b5d929b3127cce92fff0bf12ba00000015108QbNmrZozb6
    O24 - Desktop Components:1 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Margaret\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Margaret\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/03/20 12:58:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/12/21 22:42:22 | 000,000,067 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902053519425536)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/22 07:57:49 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Margaret\Desktop\OTL.exe
    [2010/12/21 22:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Margaret\Desktop\NTBR_CD
    [2010/12/21 21:23:51 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Documents and Settings\Margaret\Desktop\remover.exe
    [2010/12/21 17:40:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/12/21 17:31:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/12/21 17:31:20 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/12/21 17:31:20 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/12/21 17:31:20 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/12/21 17:26:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/12/21 17:26:18 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010/12/21 17:25:02 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/21 17:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2010/12/21 14:22:41 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010/12/21 12:44:44 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/12/21 12:44:44 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/12/21 12:44:43 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/12/21 12:44:43 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/12/21 12:44:43 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/12/21 12:44:43 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/12/21 12:44:43 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/12/21 12:43:07 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/12/21 12:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/12/21 12:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/12/15 16:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\Lexia
    [2010/12/08 08:57:39 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/12/08 08:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Margaret\Local Settings\Application Data\Sunbelt Software
    [2010/12/08 08:47:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    [2010/12/02 11:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/12/02 07:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/12/02 07:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/12/02 07:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
    [2004/07/27 00:08:17 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
    [1 C:\Documents and Settings\Margaret\My Documents\*.tmp files -> C:\Documents and Settings\Margaret\My Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/12/22 07:57:50 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Margaret\Desktop\OTL.exe
    [2010/12/22 07:31:01 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/12/22 06:21:11 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
    [2010/12/21 23:31:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/12/21 22:45:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/12/21 22:43:50 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
    [2010/12/21 22:43:48 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\3559580329.dat
    [2010/12/21 22:42:48 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Margaret\Start Menu\Programs\Startup\MotionBased Agent.lnk
    [2010/12/21 22:42:31 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2010/12/21 22:42:18 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
    [2010/12/21 22:42:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2010/12/21 22:42:05 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/21 22:39:35 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
    [2010/12/21 22:39:35 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
    [2010/12/21 22:39:35 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
    [2010/12/21 22:39:35 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
    [2010/12/21 22:39:35 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
    [2010/12/21 22:39:35 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
    [2010/12/21 22:39:35 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
    [2010/12/21 22:39:35 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
    [2010/12/21 22:27:01 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\Margaret\Desktop\NTBR_CD.exe
    [2010/12/21 21:22:52 | 000,039,605 | ---- | M] () -- C:\Documents and Settings\Margaret\Desktop\bootkit_remover.rar
    [2010/12/21 18:22:00 | 000,387,722 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
    [2010/12/21 18:22:00 | 000,055,782 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
    [2010/12/21 18:19:05 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-10031102}.CDF
    [2010/12/21 18:18:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
    [2010/12/21 17:40:34 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
    [2010/12/21 17:24:12 | 003,995,873 | R--- | M] () -- C:\Documents and Settings\Margaret\Desktop\ComboFix.exe
    [2010/12/21 17:17:50 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Margaret\Desktop\MBRCheck.exe
    [2010/12/21 14:50:33 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/12/21 12:44:44 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/12/15 18:45:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/12/13 18:18:00 | 001,235,566 | ---- | M] () -- C:\Documents and Settings\Margaret\My Documents\Bulldog Buddy Bumper Sticker.JPG
    [2010/12/13 18:15:00 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\Margaret\My Documents\Bulldog Buddy Bumper Sticker.sig
    [2010/12/08 08:57:38 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/12/08 08:49:04 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/12/08 08:47:38 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010/12/08 08:47:38 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2010/12/07 09:32:00 | 000,541,872 | ---- | M] () -- C:\Documents and Settings\Margaret\My Documents\camp snow
    [2010/12/03 04:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
    [2010/12/03 04:05:33 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
    [2010/12/02 07:50:38 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/12/02 07:43:55 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
    [2010/12/02 07:43:55 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2010/12/01 20:34:08 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/12/01 20:34:08 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/11/28 20:49:28 | 027,776,512 | ---- | M] () -- C:\Documents and Settings\Margaret\My Documents\Doc5.doc
    [1 C:\Documents and Settings\Margaret\My Documents\*.tmp files -> C:\Documents and Settings\Margaret\My Documents\*.tmp -> ]
     
     
  12. smargarita

    smargarita TS Rookie Topic Starter Posts: 17

    Oops, message too long. Part 2 of OTL.txt:

    ========== Files Created - No Company Name ==========

    [2010/12/21 22:26:57 | 002,565,432 | ---- | C] () -- C:\Documents and Settings\Margaret\Desktop\NTBR_CD.exe
    [2010/12/21 21:22:52 | 000,039,605 | ---- | C] () -- C:\Documents and Settings\Margaret\Desktop\bootkit_remover.rar
    [2010/12/21 17:40:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/12/21 17:40:20 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/12/21 17:31:20 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/12/21 17:31:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/12/21 17:31:20 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/12/21 17:31:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/12/21 17:31:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/12/21 17:24:08 | 003,995,873 | R--- | C] () -- C:\Documents and Settings\Margaret\Desktop\ComboFix.exe
    [2010/12/21 17:17:49 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Margaret\Desktop\MBRCheck.exe
    [2010/12/21 12:44:44 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/12/13 18:19:11 | 001,235,566 | ---- | C] () -- C:\Documents and Settings\Margaret\My Documents\Bulldog Buddy Bumper Sticker.JPG
    [2010/12/13 18:16:11 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\Margaret\My Documents\Bulldog Buddy Bumper Sticker.sig
    [2010/12/08 08:49:04 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/12/08 08:47:38 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010/12/08 08:47:38 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2010/12/07 09:35:37 | 000,541,872 | ---- | C] () -- C:\Documents and Settings\Margaret\My Documents\camp snow
    [2010/12/07 08:19:31 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3559580329.dat
    [2010/12/02 07:50:38 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/11/28 20:49:17 | 027,776,512 | ---- | C] () -- C:\Documents and Settings\Margaret\My Documents\Doc5.doc
    [2010/04/02 20:13:47 | 000,012,888 | -HS- | C] () -- C:\Documents and Settings\Margaret\Local Settings\Application Data\Wv7V1mEL4UH
    [2010/04/02 20:13:47 | 000,012,888 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Wv7V1mEL4UH
    [2010/03/30 23:27:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2010/03/30 22:13:33 | 000,014,436 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2157912310
    [2010/03/30 19:33:53 | 000,014,432 | -HS- | C] () -- C:\Documents and Settings\Margaret\Local Settings\Application Data\80AsEM
    [2010/03/30 19:33:53 | 000,014,432 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\80AsEM
    [2009/09/30 14:37:39 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
    [2008/05/16 03:02:28 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2007/11/30 19:03:05 | 000,000,247 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
    [2007/11/30 19:03:03 | 000,000,232 | ---- | C] () -- C:\WINDOWS\KA.INI
    [2007/11/26 13:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
    [2007/07/22 20:32:13 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Margaret.ini
    [2007/07/18 18:16:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2007/07/18 18:16:16 | 000,000,209 | ---- | C] () -- C:\WINDOWS\disney.ini
    [2006/12/02 14:32:28 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7R.DLL
    [2006/12/02 14:31:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
    [2006/12/02 14:27:55 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
    [2006/09/28 12:46:27 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\Margaret\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/01/27 12:37:44 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
    [2006/01/12 07:50:18 | 000,000,026 | ---- | C] () -- C:\WINDOWS\FPKPMSV.INI
    [2006/01/12 07:46:16 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Margaret\Local Settings\Application Data\fusioncache.dat
    [2005/08/30 08:14:00 | 001,227,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
    [2004/12/11 15:33:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
    [2004/12/11 15:32:04 | 000,000,156 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
    [2004/12/11 15:31:55 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
    [2004/12/01 12:51:56 | 000,000,616 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
    [2004/10/17 21:16:38 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
    [2004/10/17 20:57:31 | 000,000,305 | ---- | C] () -- C:\WINDOWS\dellstat.ini
    [2004/07/27 00:20:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/07/27 00:15:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2004/07/27 00:11:21 | 000,000,454 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2004/07/27 00:08:31 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
    [2004/07/27 00:08:18 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
    [2004/07/27 00:08:18 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2004/07/27 00:08:17 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
    [2004/07/27 00:08:17 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
    [2004/07/27 00:07:59 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
    [2004/06/16 14:27:10 | 000,000,283 | ---- | C] () -- C:\WINDOWS\System32\DLBCPLC.INI
    [2004/06/07 11:43:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
    [2004/06/07 11:42:56 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
    [2004/03/26 16:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/03/20 13:21:34 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
    [2004/03/20 12:58:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/03/19 17:37:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
    [2003/05/30 09:00:02 | 000,132,608 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/12/12 00:14:32 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
    [1980/01/01 00:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

    ========== LOP Check ==========

    [2010/12/21 12:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2006/12/02 14:32:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2008/09/28 16:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
    [2008/10/27 22:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
    [2010/12/21 17:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2009/10/09 09:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2010/05/04 11:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
    [2009/10/09 09:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    [2009/10/09 09:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
    [2010/12/22 07:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2007/05/21 17:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2010/12/08 08:47:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    [2010/06/21 19:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/03/05 11:41:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
    [2007/03/27 14:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Canon
    [2006/01/12 07:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Downloaded Installations
    [2009/09/04 13:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\fhnetwork.com
    [2007/10/17 14:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Flickr
    [2008/10/30 22:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\GARMIN
    [2008/09/25 09:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\GetRightToGo
    [2007/10/17 09:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Hulabee
    [2008/09/25 09:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\ICAClient
    [2004/12/11 15:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\InterTrust
    [2006/01/12 07:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Kinko's
    [2004/12/01 12:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Leadertech
    [2008/10/30 22:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\MotionBased
    [2007/02/16 14:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Netscape
    [2006/12/02 14:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\NewSoft
    [2007/04/17 08:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Opera
    [2006/01/01 22:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\OurPictures
    [2008/09/25 09:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Runaware
    [2006/12/02 14:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\ScanSoft
    [2007/01/15 19:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Snapfish
    [2010/01/20 12:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Southwest Airlines
    [2009/03/04 17:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Uniblue
    [2010/12/21 22:45:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2010/12/21 22:42:18 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/12/21 22:42:04 | 000,004,524 | ---- | M] () -- C:\aaw7boot.log
    [2004/03/20 12:58:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/03/15 20:40:56 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/12/21 17:40:34 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/12/21 18:44:33 | 000,019,609 | ---- | M] () -- C:\ComboFix.txt
    [2004/03/20 12:58:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2004/07/26 23:54:10 | 000,006,039 | RH-- | M] () -- C:\DELL.SDR
    [2010/12/21 22:42:05 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
    [2004/03/20 12:58:32 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2010/03/30 22:35:57 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2004/03/20 12:58:32 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2007/10/08 14:27:02 | 000,001,102 | ---- | M] () -- C:\net_save.dna
    [2007/11/19 17:00:46 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/11/26 10:42:40 | 000,250,048 | RHS- | M] () -- C:\NTLDR
    [2010/12/21 22:42:04 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2007/02/16 14:03:27 | 000,001,785 | ---- | M] () -- C:\photodex-presenter-install.log
    [2005/03/23 22:48:44 | 000,000,890 | ---- | M] () -- C:\RegAll.log
    [2004/07/27 00:12:23 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
    [2007/05/21 17:15:52 | 000,017,378 | ---- | M] () -- C:\WinZipErrorReportLog.Txt

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/03/20 12:58:06 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2005/10/31 00:00:00 | 000,020,992 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPD7R.DLL
    [2005/10/31 00:00:00 | 000,059,392 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPP7R.DLL
    [2004/06/07 11:43:00 | 000,078,336 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\DLBCPP5C.DLL
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\mdippr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2002/09/29 10:56:44 | 000,139,264 | ---- | M] (ArcSoft Inc.) -- C:\WINDOWS\PhotoBase Screen Saver.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2009/06/12 08:04:03 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/03/20 12:49:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
    [2004/03/20 12:49:04 | 000,626,688 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
    [2004/03/20 12:49:02 | 000,421,888 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/11/26 10:47:24 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2008/11/26 11:04:01 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
    [2004/10/17 20:57:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/12/21 17:24:12 | 003,995,873 | R--- | M] () -- C:\Documents and Settings\Margaret\Desktop\ComboFix.exe
    [2009/10/07 13:59:17 | 000,570,032 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Margaret\Desktop\GoogleEarthPluginSetup.exe
    [2010/12/21 17:17:50 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Margaret\Desktop\MBRCheck.exe
    [2010/12/21 22:27:01 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\Margaret\Desktop\NTBR_CD.exe
    [2010/12/22 07:57:50 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Margaret\Desktop\OTL.exe
    [2010/09/01 15:33:48 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Documents and Settings\Margaret\Desktop\remover.exe
    [2008/11/27 11:22:25 | 004,310,568 | ---- | M] () -- C:\Documents and Settings\Margaret\Desktop\WebUpdater_241.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/03/19 17:37:26 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\FXSEXT.ECF

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/03/09 23:23:02 | 000,000,510 | ---- | M] () -- C:\Documents and Settings\Margaret\Favorites\Alltackle.lnk
    [2008/11/26 11:04:01 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Margaret\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/12/22 08:07:41 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\Margaret\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2004/09/22 18:46:10 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\INF\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2002/12/17 09:23:28 | 000,015,692 | ---- | M] () -- C:\Program Files\Messenger\license.txt
    [2002/12/17 09:23:22 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2002/12/17 09:23:22 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2002/12/17 09:23:28 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2003/04/14 18:00:16 | 000,142,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc(2).dll
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2003/04/14 18:01:28 | 000,224,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang(2).dll
    [2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2002/08/20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\MSMSGSIN.EXE
    [2002/12/17 09:23:18 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2002/12/17 09:23:18 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2002/12/17 09:23:18 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2002/12/17 09:23:24 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/07/17 13:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  13. smargarita

    smargarita TS Rookie Topic Starter Posts: 17

    And Extras.txt:

    OTL Extras logfile created on: 12/22/2010 8:10:56 AM - Run 1
    OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Margaret\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 145.95 Gb Total Space | 46.59 Gb Free Space | 31.92% Space Free | Partition Type: NTFS
    Drive F: | 1397.26 Gb Total Space | 1260.02 Gb Free Space | 90.18% Space Free | Partition Type: NTFS

    Computer Name: ALLTACKLE | User Name: Margaret | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- Reg Error: Key error. File not found
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "64411:TCP" = 64411:TCP:*:Enabled:pORT_64411
    "23353:TCP" = 23353:TCP:*:Enabled:pORT_23353
    "21521:TCP" = 21521:TCP:*:Enabled:pORT_21521
    "42391:TCP" = 42391:TCP:*:Enabled:pORT_42391
    "61090:TCP" = 61090:TCP:*:Enabled:pORT_61090
    "56363:TCP" = 56363:TCP:*:Enabled:pORT_56363
    "10648:TCP" = 10648:TCP:*:Enabled:pORT_10648
    "17087:TCP" = 17087:TCP:*:Enabled:pORT_17087
    "20018:TCP" = 20018:TCP:*:Enabled:pORT_20018
    "34688:TCP" = 34688:TCP:*:Enabled:pORT_34688
    "6705:TCP" = 6705:TCP:*:Enabled:pORT_6705
    "44154:TCP" = 44154:TCP:*:Enabled:pORT_44154
    "47858:TCP" = 47858:TCP:*:Enabled:pORT_47858
    "54820:TCP" = 54820:TCP:*:Enabled:pORT_54820
    "65505:TCP" = 65505:TCP:*:Enabled:pORT_65505
    "37770:TCP" = 37770:TCP:*:Enabled:pORT_37770
    "62120:TCP" = 62120:TCP:*:Enabled:pORT_62120
    "15145:TCP" = 15145:TCP:*:Enabled:pORT_15145
    "24861:TCP" = 24861:TCP:*:Enabled:pORT_24861
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "59605:TCP" = 59605:TCP:*:Enabled:pORT_59605
    "40086:TCP" = 40086:TCP:*:Enabled:pORT_40086
    "38042:TCP" = 38042:TCP:*:Enabled:pORT_38042
    "18258:TCP" = 18258:TCP:*:Enabled:pORT_18258
    "41110:TCP" = 41110:TCP:*:Enabled:pORT_41110
    "51612:TCP" = 51612:TCP:*:Enabled:pORT_51612
    "10915:TCP" = 10915:TCP:*:Enabled:pORT_10915
    "20582:TCP" = 20582:TCP:*:Enabled:pORT_20582
    "8352:TCP" = 8352:TCP:*:Enabled:pORT_8352
    "50897:TCP" = 50897:TCP:*:Enabled:pORT_50897
    "24373:TCP" = 24373:TCP:*:Enabled:pORT_24373
    "12516:TCP" = 12516:TCP:*:Enabled:pORT_12516
    "7260:TCP" = 7260:TCP:*:Enabled:pORT_7260

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" = C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe:*:Enabled:agent -- (InstallShield Software Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
    "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
    "{191FD01E-1AB7-49BD-A88D-67244297950A}" = iDisk Utility for Windows
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
    "{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
    "{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
    "{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
    "{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
    "{6304CCF6-3343-4DA5-96B6-84B3A644B93B}" = USB Driver for Panasonic DVC
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
    "{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
    "{70C4EFA5-F8B8-4015-9378-FCAA9000DF19}" = MotionBased Agent
    "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{76B91C9C-BBEE-5196-AF0E-502219CE16CE}" = MyFonts Order M901961
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
    "{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
    "{7D971BEA-756F-4E13-AA21-1B946E7ED11D}" = AdwareAlert
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
    "{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
    "{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
    "{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
    "{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}" = EarthLink Setup Files
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
    "{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
    "{C352ADD9-A3FC-4B89-BFBE-48B8E4B7C861}" = ArcSoft Software Suite
    "{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
    "{DBD90220-6A77-F6F0-6CCB-39FB90FE290B}" = Secure Backup and Share
    "{DE659AC8-EEF0-4115-AA0C-6500D194FB10}" = Garmin Training Center v5
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
    "{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
    "{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}" = Presto! PageManager 7.15.11
    "{EBA09A1B-8D0A-4D65-BF5F-96186DAA6628}" = File, Print FedEx Kinko's
    "{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
    "{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
    "{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "Ad-Aware" = Ad-Aware
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Illustrator CS2" = Adobe Illustrator CS2
    "Adobe PageMaker 7.0" = Adobe PageMaker 7.0
    "Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "Adobe Type Manager 4.1" = Adobe Type Manager 4.1
    "ATI Display Driver" = ATI Display Driver
    "avast5" = avast! Free Antivirus
    "CAL" = Canon Camera Access Library
    "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
    "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
    "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "CleanUp!" = CleanUp!
    "Clickables Online" = Clickables Online
    "CSCLIB" = Canon Camera Support Core Library
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "Dell Photo Printer 720" = Dell Photo Printer 720
    "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
    "Easy-WebPrint" = Easy-WebPrint
    "EOS Utility" = Canon Utilities EOS Utility
    "ESPNMotion" = ESPNMotion
    "Flickr Uploadr" = Flickr Uploadr 2.5.0.15
    "Google Chrome" = Google Chrome
    "Google Updater" = Google Updater
    "InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
    "InstallShield_{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
    "Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
    "JSLG_PH" = JumpStart Learning Games Phonics
    "Lexia Reading 7.0.1" = Lexia Reading
    "LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "MP Navigator 2.2" = Canon MP Navigator 2.2
    "MSN Music Assistant" = MSN Music Assistant
    "OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
    "Personalized Learning Center" = Personalized Learning Center
    "Photodex Presenter" = Photodex Presenter
    "PhotoStitch" = Canon Utilities PhotoStitch
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "Reader Rabbit Thinking Adventures Ages 4-6" = Reader Rabbit Thinking Adventures Ages 4-6
    "RealPlayer 6.0" = RealPlayer Basic
    "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
    "SideStep" = SideStep
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/11/2010 4:50:53 PM | Computer Name = ALLTACKLE | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
    module mshtml.dll, version 6.0.2900.5921, fault address 0x000bf28a.

    Error - 12/12/2010 11:17:17 PM | Computer Name = ALLTACKLE | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3989, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

    Error - 12/15/2010 4:36:41 PM | Computer Name = ALLTACKLE | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3989, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

    Error - 12/15/2010 4:53:45 PM | Computer Name = ALLTACKLE | Source = Application Hang | ID = 1002
    Description = Hanging application OUTLOOK.EXE, version 11.0.8312.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 12/15/2010 4:53:46 PM | Computer Name = ALLTACKLE | Source = Application Hang | ID = 1002
    Description = Hanging application OUTLOOK.EXE, version 11.0.8312.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 12/15/2010 4:53:48 PM | Computer Name = ALLTACKLE | Source = Application Hang | ID = 1002
    Description = Hanging application OUTLOOK.EXE, version 11.0.8312.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 12/15/2010 4:56:07 PM | Computer Name = ALLTACKLE | Source = Application Hang | ID = 1002
    Description = Hanging application Illustrator.exe, version 12.1.128.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 12/18/2010 11:01:08 AM | Computer Name = ALLTACKLE | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
    module yt.dll, version 2007.12.18.1, fault address 0x00067646.

    Error - 12/18/2010 11:01:13 AM | Computer Name = ALLTACKLE | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
    module yt.dll, version 2007.12.18.1, fault address 0x00067646.

    Error - 12/19/2010 9:01:33 PM | Computer Name = ALLTACKLE | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3989, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

    [ System Events ]
    Error - 12/14/2010 11:10:43 AM | Computer Name = ALLTACKLE | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 12/14/2010 1:17:02 PM | Computer Name = ALLTACKLE | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 12/15/2010 10:25:32 PM | Computer Name = ALLTACKLE | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 12/19/2010 6:29:56 PM | Computer Name = ALLTACKLE | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 12/20/2010 4:16:30 PM | Computer Name = ALLTACKLE | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 12/21/2010 1:05:06 AM | Computer Name = ALLTACKLE | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 12/21/2010 12:34:59 PM | Computer Name = ALLTACKLE | Source = SideBySide | ID = 16842784
    Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
    Error was The referenced assembly is not installed on your system.

    Error - 12/21/2010 12:34:59 PM | Computer Name = ALLTACKLE | Source = SideBySide | ID = 16842811
    Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
    message: The referenced assembly is not installed on your system. .

    Error - 12/21/2010 12:34:59 PM | Computer Name = ALLTACKLE | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context failed for C:\DOCUME~1\Margaret\LOCALS~1\Temp\RarSFX0\redist.dll.
    Reference
    error message: The operation completed successfully. .

    Error - 12/21/2010 7:14:52 PM | Computer Name = ALLTACKLE | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_SST696\0000 disappeared from the system without
    first being prepared for removal.


    < End of report >
     
  14. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Good news :)

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
      SRV - [2004/11/02 15:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
      DRV - [2005/07/28 14:52:18 | 000,123,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
      O2 - BHO: (no name) - {be5c5dfe-f009-4eec-a96e-0b7b441cb835} - No CLSID value found.
      O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
      O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
      O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
      O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} Reg Error: Value error. (Reg Error: Key error.)
      O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
      O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} http://www.sidestep.com/get/k42037/sb02b.cab (Reg Error: Key error.)
      O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} Reg Error: Value error. (Reg Error: Key error.)
      [1 C:\Documents and Settings\Margaret\My Documents\*.tmp files -> C:\Documents and Settings\Margaret\My Documents\*.tmp -> ]
      [2010/12/22 06:21:11 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
      [2010/12/07 08:19:31 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3559580329.dat
      [2010/12/22 07:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      [2009/03/04 17:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Uniblue
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  15. smargarita

    smargarita TS Rookie Topic Starter Posts: 17

    OK, here's the latest. Thanks again! Hope this did the trick.

    All processes killed
    ========== OTL ==========
    Service SNDSrvc stopped successfully!
    Service SNDSrvc deleted successfully!
    File C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe not found.
    Service SymWSC stopped successfully!
    Service SymWSC deleted successfully!
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe moved successfully.
    Service SymEvent stopped successfully!
    Service SymEvent deleted successfully!
    C:\Program Files\Symantec\SYMEVENT.SYS moved successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{be5c5dfe-f009-4eec-a96e-0b7b441cb835}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be5c5dfe-f009-4eec-a96e-0b7b441cb835}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UpdReg deleted successfully.
    C:\WINDOWS\Updreg.EXE moved successfully.
    Starting removal of ActiveX control {084F552D-19EB-4668-9788-984CBC781A8F}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{084F552D-19EB-4668-9788-984CBC781A8F}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{084F552D-19EB-4668-9788-984CBC781A8F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{084F552D-19EB-4668-9788-984CBC781A8F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{084F552D-19EB-4668-9788-984CBC781A8F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{084F552D-19EB-4668-9788-984CBC781A8F}\ not found.
    Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
    C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
    Starting removal of ActiveX control {640B39C1-D713-464F-92C3-75BD972B95EE}
    C:\WINDOWS\Downloaded Program Files\SbCIe02b.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{640B39C1-D713-464F-92C3-75BD972B95EE}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640B39C1-D713-464F-92C3-75BD972B95EE}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{640B39C1-D713-464F-92C3-75BD972B95EE}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640B39C1-D713-464F-92C3-75BD972B95EE}\ not found.
    Starting removal of ActiveX control {A7EA8AD2-287F-11D3-B120-006008C39542}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A7EA8AD2-287F-11D3-B120-006008C39542}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A7EA8AD2-287F-11D3-B120-006008C39542}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EA8AD2-287F-11D3-B120-006008C39542}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A7EA8AD2-287F-11D3-B120-006008C39542}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EA8AD2-287F-11D3-B120-006008C39542}\ not found.
    C:\Documents and Settings\Margaret\My Documents\~WRL2186.tmp deleted successfully.
    C:\WINDOWS\tasks\Symantec NetDetect.job moved successfully.
    C:\Documents and Settings\All Users\Application Data\3559580329.dat moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    C:\Documents and Settings\Margaret\Application Data\Uniblue\Registry Booster2 folder moved successfully.
    C:\Documents and Settings\Margaret\Application Data\Uniblue folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Isabel
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jim
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Keith
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 65716 bytes
    ->Temporary Internet Files folder emptied: 33012 bytes

    User: Margaret
    ->Temp folder emptied: 9463536 bytes
    ->Temporary Internet Files folder emptied: 12536963 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 84872158 bytes
    ->Flash cache emptied: 6419 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 33432 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 102.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Isabel
    ->Flash cache emptied: 0 bytes

    User: Jim
    ->Flash cache emptied: 0 bytes

    User: Keith
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Margaret
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.18.0 log created on 12222010_133026

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\Z038OZYZ\Order Number not found!
    File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...


    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 6 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    avast! Free Antivirus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 23
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 7.0.7
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.13)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Ad-Aware AAWService.exe
    Ad-Aware AAWTray.exe
    Alwil Software Avast5 AvastSvc.exe
    ALWILS~1 Avast5 avastUI.exe
    ``````````End of Log````````````


    C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP573\A0060594.dll a variant of Win32/Kryptik.DER trojan
    C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP573\A0060595.dll a variant of Win32/Kryptik.DVQ trojan
    C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP573\A0060596.dll a variant of Win32/Kryptik.DER trojan
    C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP573\A0060597.exe Win32/TrojanDownloader.Agent.AZR trojan
     
  16. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Update Internet Explorer to at least version 7.
    Version 6 is obsolete and thus dangerous.

    ==========================================================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button

    ========================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  17. smargarita

    smargarita TS Rookie Topic Starter Posts: 17

    Everything seems fine now, thanks SO much! Computer is running much faster! Only problem I'm finding is that Internet Explorer won't open so I can install Windows Updates?

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Isabel
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jim
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Keith
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 65984 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Margaret
    ->Temp folder emptied: 2779 bytes
    ->Temporary Internet Files folder emptied: 247216 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 74623129 bytes
    ->Flash cache emptied: 456 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 438872 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 72.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Isabel
    ->Flash cache emptied: 0 bytes

    User: Jim
    ->Flash cache emptied: 0 bytes

    User: Keith
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Margaret
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.18.0 log created on 12232010_073014

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\Z038OZYZ\Order Number not found!
    File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  18. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Good news :)

    Did you?
     
  19. smargarita

    smargarita TS Rookie Topic Starter Posts: 17

    I think I upgraded to IE8, it wouldn't let me upgrade to IE7 for some reason. But now it won't let me use Explorer. Explorer opens for a few seconds and goes directly to the Yahoo site and then closes again. :confused:
     
  20. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Close IE.
    Go Start>All Programs>Accessories>System Tools, and click on Internet Explorer (no add-ons). Same problem?
     
  21. smargarita

    smargarita TS Rookie Topic Starter Posts: 17

    Correct. No problem with no add-ons.
     
  22. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    That's your problem then...

    Start IE normally. Disable all add-ons.
    Restart IE.
    Start enabling add-ons, BUT only one-by-one, restarting IE each time until you'll find the culprit.

    Main suspects - toolbars.

    Any other issues?
     
  23. smargarita

    smargarita TS Rookie Topic Starter Posts: 17

    How do I disable the add-ons when it won't stay open? Thanks!
     
  24. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    In that case....
    Close IE.
    Go Start>All Programs>Accessories>System Tools, and click on Internet Explorer (no add-ons).
    Go Tools>Internet options>Advanced tab and click on "Reset" button.
    You should be able to start IE normally now.
     
  25. smargarita

    smargarita TS Rookie Topic Starter Posts: 17

    That worked! Thanks! Sorry, holiday prep getting in the way. Everything is working MUCH better now. And I'm installing Windows updates. I'll let you know when I'm done. Thanks again so much for your help and Merry Merry Christmas!
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.