Solved Google redirect, too

Status
Not open for further replies.
S

smargarita

Posts: 17   +0
I’m also having the Google (and Yahoo) redirect issue that seems to be a problem for so many on this forum. Thanks so much to all of you experts who are spending your free time helping people fix their issues!

My logs:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

12/21/2010 2:46:30 PM
mbam-log-2010-12-21 (14-46-30).txt

Scan type: Quick scan
Objects scanned: 135838
Time elapsed: 16 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





DDS (Ver_10-12-12.02) - NTFSx86
Run by Margaret at 14:59:16.78 on Tue 12/21/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1041 [GMT -5:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\MotionBased\Agent\MBAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Margaret\My Documents\Downloads\dds.scr
C:\Program Files\Internet Explorer\iexplore.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: File Print FedEx Kinko's: {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: {be5c5dfe-f009-4eec-a96e-0b7b441cb835} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: File Print FedEx Kinko's: {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Regscan] c:\windows\system32\regscan.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe
mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\margaret\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\margaret\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\margaret\startm~1\programs\startup\motion~1.lnk - c:\program files\motionbased\agent\MBAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secure~1.lnk - c:\program files\securebackupshare\ComcastSecureBackupSharestat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3E230861-5C87-11D3-A1C6-00105A1B41B8} - {83B28A74-640D-48F4-9F51-E80EED7CC7E0}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/OneClickFix/tgctlsr.cab
DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - hxxp://survey.otxresearch.com/Preloader.dll
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - hxxp://www.sidestep.com/get/k42037/sb02b.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173741447941
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195508015711
DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - hxxp://www.snapfish.com/SnapfishUpload.cab
DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - hxxp://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMeter_preinstaller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} - hxxp://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.308904167760062&file=stamps.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5165/mcfscan.cab
AppInit_DLLs: c:\windows\system32\nobiwole.dll c:\windows\system32\vopegobi.dll c:\windows\system32\yagatezi.dll c:\windows\system32\zifutoro.dll
SSODL: IneUEjX - {806692E9-2ACC-3843-A6D0-552289C94C46} - c:\windows\system32\oc.dll
LSA: Notification Packages = scecli c:\windows\system32\nobiwole.dll
Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
Hosts: 195.245.119.131 browser-security.microsoft.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\margaret\applic~1\mozilla\firefox\profiles\ksd0iqt0.default\
FF - plugin: c:\documents and settings\margaret\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
FF - Ext: XUL Cache: {056B84C7-14C1-422C-AF9C-4E1C348838EF} - c:\documents and settings\margaret\local settings\application data\{056B84C7-14C1-422C-AF9C-4E1C348838EF}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-4 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-21 165584]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-21 11608]
R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\windows\system32\drivers\ComcastSecureBackupShare.sys [2010-3-16 54776]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-4-2 214664]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-21 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-21 267944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-21 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-21 40384]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-21 61960]
R2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;c:\program files\securebackupshare\ComcastSecureBackupSharebackup.exe [2010-2-9 45896]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-21 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-21 40384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-15 38224]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-7 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-4-2 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-4-2 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-4-2 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-4-2 40552]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 WCG200V2XP;Linksys WCG200 ver. 2 Wireless-G Cable Gateway;c:\windows\system32\drivers\WCG200V2XP.sys [2007-10-8 14336]

=============== Created Last 30 ================

2010-12-21 19:22:41 38848 ----a-w- c:\windows\avastSS.scr
2010-12-21 17:43:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-12-21 16:40:45 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-21 16:40:45 -------- d-----w- c:\program files\Avira
2010-12-21 16:40:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-12-15 21:42:26 -------- d-----w- c:\program files\Lexia
2010-12-08 13:57:39 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-08 13:53:41 -------- d-----w- c:\docume~1\margaret\locals~1\applic~1\Sunbelt Software
2010-12-08 13:47:38 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-07 02:31:21 53248 ----a-w- c:\windows\system32\drivers\sst696.sys
2010-12-02 16:43:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-02 16:43:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-02 16:43:08 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-12-02 12:50:03 -------- d-----w- c:\program files\iPod
2010-12-02 12:50:01 -------- d-----w- c:\program files\iTunes
2010-12-02 01:34:05 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2010-12-02 01:34:05 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe

==================== Find3M ====================

2010-12-03 09:05:33 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

============= FINISH: 15:09:35.03 ===============



GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-21 14:56:58
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.08.0
Running: 9q538qsf.exe; Driver: C:\DOCUME~1\Margaret\LOCALS~1\Temp\uwliapow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8AEF50A]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA8AEF32E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA8AEF468]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Threads - GMER 1.0.15 ----

Thread System [4:144] 8A3E558D
Thread System [4:148] 8A3E6876

---- EOF - GMER 1.0.15 ----



Avira AntiVir Personal
Report file date: Tuesday, December 21, 2010 12:06

Scanning for 2282993 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Margaret
Computer name : ALLTACKLE

Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 12/13/2010 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/13/2010 13:39:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/13/2010 13:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 17:05:44
VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 17:05:44
VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 17:05:44
VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 17:05:44
VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 17:05:45
VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 17:05:45
VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 17:05:45
VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 17:05:45
VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 17:05:45
VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 17:05:45
VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 17:05:45
VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 17:05:45
VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 17:05:46
VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 17:05:51
VBASE015.VDF : 7.11.0.92 2048 Bytes 12/20/2010 17:05:51
VBASE016.VDF : 7.11.0.93 2048 Bytes 12/20/2010 17:05:51
VBASE017.VDF : 7.11.0.94 2048 Bytes 12/20/2010 17:05:51
VBASE018.VDF : 7.11.0.95 2048 Bytes 12/20/2010 17:05:51
VBASE019.VDF : 7.11.0.96 2048 Bytes 12/20/2010 17:05:51
VBASE020.VDF : 7.11.0.97 2048 Bytes 12/20/2010 17:05:52
VBASE021.VDF : 7.11.0.98 2048 Bytes 12/20/2010 17:05:52
VBASE022.VDF : 7.11.0.99 2048 Bytes 12/20/2010 17:05:52
VBASE023.VDF : 7.11.0.100 2048 Bytes 12/20/2010 17:05:52
VBASE024.VDF : 7.11.0.101 2048 Bytes 12/20/2010 17:05:52
VBASE025.VDF : 7.11.0.102 2048 Bytes 12/20/2010 17:05:52
VBASE026.VDF : 7.11.0.103 2048 Bytes 12/20/2010 17:05:52
VBASE027.VDF : 7.11.0.104 2048 Bytes 12/20/2010 17:05:52
VBASE028.VDF : 7.11.0.105 2048 Bytes 12/20/2010 17:05:53
VBASE029.VDF : 7.11.0.106 2048 Bytes 12/20/2010 17:05:53
VBASE030.VDF : 7.11.0.107 2048 Bytes 12/20/2010 17:05:53
VBASE031.VDF : 7.11.0.119 117248 Bytes 12/21/2010 17:05:54
Engineversion : 8.2.4.126
AEVDF.DLL : 8.1.2.1 106868 Bytes 12/13/2010 13:39:51
AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 12/13/2010 13:39:51
AESCN.DLL : 8.1.7.2 127349 Bytes 12/13/2010 13:39:50
AESBX.DLL : 8.1.3.2 254324 Bytes 12/13/2010 13:39:50
AERDL.DLL : 8.1.9.2 635252 Bytes 12/13/2010 13:39:50
AEPACK.DLL : 8.2.4.5 512375 Bytes 12/21/2010 17:06:03
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 12/13/2010 13:39:49
AEHEUR.DLL : 8.1.2.57 3142008 Bytes 12/21/2010 17:06:02
AEHELP.DLL : 8.1.16.0 246136 Bytes 12/13/2010 13:39:42
AEGEN.DLL : 8.1.5.0 397685 Bytes 12/13/2010 13:39:42
AEEMU.DLL : 8.1.3.0 393589 Bytes 12/13/2010 13:39:42
AECORE.DLL : 8.1.19.0 196984 Bytes 12/13/2010 13:39:41
AEBB.DLL : 8.1.1.0 53618 Bytes 12/13/2010 13:39:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/13/2010 13:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 12/13/2010 13:39:54
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 19:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 12/13/2010 13:39:54
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/13/2010 13:39:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/13/2010 13:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/13/2010 13:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/13/2010 13:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 19:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/13/2010 13:40:20

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, December 21, 2010 12:06

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'agent.exe' - '1' Module(s) have been scanned
Scan process 'isuspm.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'scrnsave.scr' - '1' Module(s) have been scanned
Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
Scan process 'stxmenumgr.exe' - '1' Module(s) have been scanned
Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
Scan process 'AAWService.exe' - '1' Module(s) have been scanned
Scan process 'agent.exe' - '1' Module(s) have been scanned
Scan process 'isuspm.exe' - '1' Module(s) have been scanned
Scan process 'Pmsb.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'ymsgr_tray.exe' - '1' Module(s) have been scanned
Scan process 'MBAgent.exe' - '1' Module(s) have been scanned
Scan process 'Ding.exe' - '1' Module(s) have been scanned
Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned
Scan process 'ComcastSecureBackupSharestat.exe' - '1' Module(s) have been scanned
Scan process 'AcroTray.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'lexpps.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'OpwareSE2.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned
Scan process 'CTDVDDet.EXE' - '1' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
Scan process 'IntelMEM.exe' - '1' Module(s) have been scanned
Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned
Scan process 'iaanotif.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned
Scan process 'ComcastSecureBackupSharestat.exe' - '1' Module(s) have been scanned
Scan process 'AcroTray.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'OpwareSE2.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned
Scan process 'CTDVDDet.EXE' - '1' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned
Scan process 'iaanotif.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'ComcastSecureBackupSharebackup.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'ComcastSecureBackupSharebackup.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ViewMgr.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'iaantmon.exe' - '1' Module(s) have been scanned
Scan process 'FreeAgentService.exe' - '1' Module(s) have been scanned
Scan process 'CTsvcCDA.exe' - '1' Module(s) have been scanned
Scan process 'ComcastSecureBackupSharebackup.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '1870' files ).



End of the scan: Tuesday, December 21, 2010 12:07
Used time: 00:53 Minute(s)

The scan has been done completely.

0 Scanned directories
2415 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2415 Files not concerned
5 Archives were scanned
0 Warnings
0 Notes
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

Attach.txt part of DDS is missing, so please provide that.

Then, you're running two AV programs, Avast and Avira.
One of them has to go.
Your choice.

You also have some McAfee leftovers.
Please, run this tool to remove them: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml

=====================================================================

When done....

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Thanks so much Broni! I'm not tech-savvy, but I can get by, so I apologize in advance if I'm a little high-maintenance. I really really appreciate your help. Here's the missing file. Not sure how I missed that the first time.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/17/2004 9:55:40 PM
System Uptime: 12/21/2010 2:10:49 PM (2 hours ago)

Motherboard: Dell Inc. | | 0J3492
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 146 GiB total, 46.64 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is FIXED (NTFS) - 1397 GiB total, 1263.247 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP502: 9/23/2010 10:26:51 AM - System Checkpoint
RP503: 9/24/2010 1:12:57 PM - System Checkpoint
RP504: 9/25/2010 7:09:42 PM - System Checkpoint
RP505: 9/26/2010 8:24:25 PM - System Checkpoint
RP506: 9/27/2010 8:51:28 PM - System Checkpoint
RP507: 9/28/2010 9:51:28 PM - System Checkpoint
RP508: 9/29/2010 10:24:24 PM - System Checkpoint
RP509: 9/30/2010 11:22:22 PM - System Checkpoint
RP510: 10/1/2010 11:51:32 PM - System Checkpoint
RP511: 10/3/2010 12:51:27 AM - System Checkpoint
RP512: 10/4/2010 1:51:17 AM - System Checkpoint
RP513: 10/5/2010 2:51:27 AM - System Checkpoint
RP514: 10/6/2010 3:51:25 AM - System Checkpoint
RP515: 10/7/2010 4:51:18 AM - System Checkpoint
RP516: 10/8/2010 5:51:27 AM - System Checkpoint
RP517: 10/9/2010 6:51:26 AM - System Checkpoint
RP518: 10/10/2010 7:51:25 AM - System Checkpoint
RP519: 10/11/2010 8:51:26 AM - System Checkpoint
RP520: 10/12/2010 8:52:31 AM - System Checkpoint
RP521: 10/13/2010 11:56:19 AM - System Checkpoint
RP522: 10/14/2010 12:17:30 PM - System Checkpoint
RP523: 10/15/2010 12:51:19 PM - System Checkpoint
RP524: 10/16/2010 1:51:27 PM - System Checkpoint
RP525: 10/17/2010 2:46:25 PM - System Checkpoint
RP526: 10/18/2010 3:16:37 PM - System Checkpoint
RP527: 10/19/2010 4:28:36 PM - System Checkpoint
RP528: 10/20/2010 5:16:36 PM - System Checkpoint
RP529: 10/21/2010 6:16:36 PM - System Checkpoint
RP530: 10/22/2010 7:16:35 PM - System Checkpoint
RP531: 10/23/2010 9:43:50 PM - System Checkpoint
RP532: 10/24/2010 10:50:15 PM - System Checkpoint
RP533: 10/25/2010 11:10:10 PM - System Checkpoint
RP534: 10/27/2010 7:35:20 AM - System Checkpoint
RP535: 10/28/2010 8:09:59 AM - System Checkpoint
RP536: 10/29/2010 8:11:54 AM - System Checkpoint
RP537: 10/30/2010 8:44:25 AM - System Checkpoint
RP538: 11/1/2010 11:40:30 PM - System Checkpoint
RP539: 11/2/2010 11:43:47 PM - System Checkpoint
RP540: 11/3/2010 11:48:30 PM - System Checkpoint
RP541: 11/5/2010 7:49:35 PM - System Checkpoint
RP542: 11/6/2010 8:36:24 PM - System Checkpoint
RP543: 11/7/2010 8:36:13 PM - System Checkpoint
RP544: 11/9/2010 5:36:21 AM - System Checkpoint
RP545: 11/10/2010 6:36:21 AM - System Checkpoint
RP546: 11/11/2010 7:18:02 AM - Software Distribution Service 3.0
RP547: 11/12/2010 7:37:26 AM - System Checkpoint
RP548: 11/13/2010 8:36:24 AM - System Checkpoint
RP549: 11/14/2010 9:35:12 AM - System Checkpoint
RP550: 11/15/2010 9:36:12 AM - System Checkpoint
RP551: 11/16/2010 9:52:40 AM - System Checkpoint
RP552: 11/17/2010 10:35:11 AM - System Checkpoint
RP553: 11/18/2010 11:29:24 AM - System Checkpoint
RP554: 11/19/2010 11:35:26 AM - System Checkpoint
RP555: 11/20/2010 12:29:24 PM - System Checkpoint
RP556: 11/21/2010 1:29:23 PM - System Checkpoint
RP557: 11/22/2010 2:29:23 PM - System Checkpoint
RP558: 11/23/2010 3:29:21 PM - System Checkpoint
RP559: 11/24/2010 5:13:00 PM - System Checkpoint
RP560: 11/25/2010 5:29:24 PM - System Checkpoint
RP561: 11/26/2010 6:29:15 PM - System Checkpoint
RP562: 11/27/2010 7:29:26 PM - System Checkpoint
RP563: 11/28/2010 8:30:33 PM - System Checkpoint
RP564: 11/29/2010 10:59:04 PM - System Checkpoint
RP565: 11/30/2010 11:57:45 PM - System Checkpoint
RP566: 12/2/2010 12:00:43 AM - System Checkpoint
RP567: 12/2/2010 11:42:52 AM - Installed Java(TM) 6 Update 22
RP568: 12/3/2010 11:51:53 AM - System Checkpoint
RP569: 12/4/2010 12:03:41 PM - System Checkpoint
RP570: 12/5/2010 12:56:41 PM - System Checkpoint
RP571: 12/6/2010 2:09:09 PM - System Checkpoint
RP572: 12/7/2010 2:47:36 PM - System Checkpoint
RP573: 12/8/2010 3:05:53 PM - System Checkpoint
RP574: 12/9/2010 3:15:16 PM - System Checkpoint
RP575: 12/10/2010 3:16:31 PM - System Checkpoint
RP576: 12/11/2010 3:35:31 PM - System Checkpoint
RP577: 12/12/2010 4:35:21 PM - System Checkpoint
RP578: 12/13/2010 5:35:20 PM - System Checkpoint
RP579: 12/14/2010 5:37:09 PM - System Checkpoint
RP580: 12/15/2010 6:34:50 PM - System Checkpoint
RP581: 12/16/2010 6:35:24 PM - System Checkpoint
RP582: 12/17/2010 7:35:31 PM - System Checkpoint
RP583: 12/18/2010 8:35:31 PM - System Checkpoint
RP584: 12/19/2010 9:36:48 PM - System Checkpoint
RP585: 12/20/2010 9:42:07 PM - System Checkpoint
RP586: 12/21/2010 12:43:01 PM - avast! Free Antivirus Setup

==== Installed Programs ======================

Ad-Aware
Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe PageMaker 7.0
Adobe Photoshop 7.0.1
Adobe Reader 7.0.7
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Type Manager 4.1
AdwareAlert
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
Avira AntiVir Personal - Free Antivirus
Banctec Service Agreement
Bonjour
Broadcom Advanced Control Suite 2
BUM
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator 2.2
Canon MP530
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CleanUp!
Clickables Online
Compatibility Pack for the 2007 Office system
Creative MediaSource
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Photo Printer 720
Dell Solution Center
Dell Support
DellSupport
DING!
EarthLink Setup Files
Easy-WebPrint
ESPNMotion
File, Print FedEx Kinko's
Flickr Uploadr 2.5.0.15
Garmin Communicator Plugin
Garmin Training Center v5
Garmin WebUpdater
Google Chrome
Google Earth
Google Update Helper
Google Updater
Help and Support Customization
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
iDisk Utility for Windows
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
ISO Recorder
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 22
JumpStart Learning Games Phonics
KODAK EASYSHARE Gallery Easy Upload, v2.1
KODAK EASYSHARE Gallery Upload ActiveX Control
Learn2 Player (Uninstall Only)
Lexia Reading
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Basic Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
MotionBased Agent
Mozilla Firefox (3.6.13)
MSN Music Assistant
MyFonts Order M901961
Norton WMI Update
OmniPage SE 2.0
Personalized Learning Center
Photodex Presenter
PowerDVD 5.1
Presto! PageManager 7.15.11
Qualxserve Service Agreement
QuickTime
Reader Rabbit Thinking Adventures Ages 4-6
RealPlayer Basic
Safari
Seagate Manager Installer
Secure Backup and Share
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SideStep
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Audigy 2
Spybot - Search & Destroy
Symantec Network Drivers Update
TestDrive Client
Uniblue RegistryBooster 2009
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
USB Driver for Panasonic DVC
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinZip 11.1
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/21/2010 11:34:59 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
12/21/2010 11:34:59 AM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Margaret\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
12/21/2010 11:34:59 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
12/14/2010 12:17:02 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

==== End Of File ===========================


Working on other instructions, thanks so much!
 
OK, new set of logs. Whew, that Combofix took forever. My computer must be a big mess.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 162):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF74D9000 pcmcia.sys
0xF7607000 MountMgr.sys
0xF74BA000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF74A2000 atapi.sys
0xF742F000 iaStor.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF740F000 fltmgr.sys
0xF7885000 sr.sys
0xF7647000 Lbd.sys
0xF7870000 drvmcdb.sys
0xF7717000 PxHelp20.sys
0xF7859000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF782C000 NDIS.sys
0xF7657000 ohci1394.sys
0xF7667000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xBAFE6000 Mup.sys
0xF7687000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xB9691000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB0E8C000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xB0E78000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xB0E4A000 \SystemRoot\System32\DRIVERS\b57xp32.sys
0xB1CAE000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB0E26000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xB1CA6000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB262F000 \SystemRoot\System32\DRIVERS\IntelC53.sys
0xB0E03000 \SystemRoot\System32\DRIVERS\ks.sys
0xB0CDC000 \SystemRoot\System32\DRIVERS\IntelC51.sys
0xB0C47000 \SystemRoot\System32\DRIVERS\IntelC52.sys
0xB1C9E000 \SystemRoot\System32\DRIVERS\mohfilt.sys
0xB1C96000 \SystemRoot\System32\Drivers\Modem.SYS
0xB0BD7000 \SystemRoot\system32\drivers\ctaud2k.sys
0xB0BB3000 \SystemRoot\system32\drivers\portcls.sys
0xB261F000 \SystemRoot\system32\drivers\drmk.sys
0xB0B88000 \SystemRoot\system32\drivers\ctoss2k.sys
0xB9283000 \SystemRoot\System32\drivers\ctprxy2k.sys
0xB1C8E000 \SystemRoot\System32\DRIVERS\fdc.sys
0xB260F000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xB19D1000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xB0B74000 \SystemRoot\System32\DRIVERS\parport.sys
0xB25FF000 \SystemRoot\System32\DRIVERS\serial.sys
0xB27A3000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB25EF000 \SystemRoot\System32\DRIVERS\imapi.sys
0xB9281000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xB25DF000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xB25CF000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB19C9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB2685000 \SystemRoot\System32\DRIVERS\audstub.sys
0xB1AC4000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xB240B000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB0B5D000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xB1AB4000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xB1AA4000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xB19C1000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB0B4C000 \SystemRoot\System32\DRIVERS\psched.sys
0xB1A94000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xB19B9000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xB19B1000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB0B1C000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xB1A84000 \SystemRoot\System32\DRIVERS\termdd.sys
0xB19A9000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xB927F000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB0ABE000 \SystemRoot\System32\DRIVERS\update.sys
0xB19A1000 \SystemRoot\System32\DRIVERS\omci.sys
0xB23F3000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xB1A54000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB1A34000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xB9277000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xB1486000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xA89E1000 \SystemRoot\System32\drivers\ha10kx2k.sys
0xA89C6000 \SystemRoot\System32\drivers\emupia2k.sys
0xA89A7000 \SystemRoot\System32\drivers\ctsfm2k.sys
0xA8987000 \SystemRoot\System32\drivers\ctac32k.sys
0xA8967000 \SystemRoot\System32\drivers\hap16v2k.sys
0xB1991000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xB1472000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA8954000 \SystemRoot\system32\DRIVERS\ComcastSecureBackupShare.sys
0xB9275000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB8BFA000 \SystemRoot\System32\Drivers\Null.SYS
0xB9273000 \SystemRoot\System32\Drivers\Beep.SYS
0xB1046000 \SystemRoot\system32\drivers\ssrtln.sys
0xB103E000 \SystemRoot\System32\drivers\vga.sys
0xB9271000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB926F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB1036000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB102E000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB146A000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA8921000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xA88C8000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB13E0000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xB13D0000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xA88A0000 \SystemRoot\System32\DRIVERS\netbt.sys
0xA887E000 \SystemRoot\System32\drivers\afd.sys
0xB13C0000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xB13B0000 \SystemRoot\System32\DRIVERS\netbios.sys
0xA8853000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xA87E3000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xB1390000 \SystemRoot\System32\Drivers\Fips.SYS
0xA87BC000 \SystemRoot\System32\Drivers\aswSP.SYS
0xB101E000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xBAA4F000 \SystemRoot\system32\drivers\grmnusb.sys
0xB1016000 \SystemRoot\system32\drivers\GRMNGEN.SYS
0xBAA4B000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xB1360000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xB100E000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xB9681000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB94F8000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xB94F0000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xBAFB6000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xB9482000 \SystemRoot\System32\DRIVERS\usbscan.sys
0xB94E8000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xA8749000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB9476000 \SystemRoot\System32\drivers\Dxapi.sys
0xB9719000 \SystemRoot\System32\watchdog.sys
0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
0xBA62D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D6000 \SystemRoot\System32\ati2dvag.dll
0xBFA0D000 \SystemRoot\System32\ati2cqag.dll
0xBFA47000 \SystemRoot\System32\ati3duag.dll
0xBFC1B000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB6D3F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xBA666000 \SystemRoot\system32\drivers\drvnddm.sys
0xB936D000 \SystemRoot\system32\dla\tfsndres.sys
0xA7734000 \SystemRoot\system32\dla\tfsnifs.sys
0xB6D2B000 \SystemRoot\system32\dla\tfsnopio.sys
0xB91AD000 \SystemRoot\system32\dla\tfsnpool.sys
0xB9729000 \SystemRoot\system32\dla\tfsnboio.sys
0xBA656000 \SystemRoot\system32\dla\tfsncofs.sys
0xB160D000 \SystemRoot\system32\dla\tfsndrct.sys
0xA771B000 \SystemRoot\system32\dla\tfsnudf.sys
0xA7702000 \SystemRoot\system32\dla\tfsnudfa.sys
0xB9462000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xA7673000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA7366000 \SystemRoot\system32\drivers\wdmaud.sys
0xB8DB7000 \SystemRoot\system32\drivers\sysaudio.sys
0xA708B000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xB9330000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB923F000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xB8D41000 \SystemRoot\System32\DRIVERS\dsunidrv.sys
0xA6C8A000 \SystemRoot\System32\Drivers\HTTP.sys
0xA6C0B000 \SystemRoot\System32\DRIVERS\srv.sys
0xA6DAB000 \??\C:\WINDOWS\System32\drivers\PfModNT.sys
0xB6A8B000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA6350000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 70):
0 System Idle Process
4 System
672 C:\WINDOWS\SYSTEM32\smss.exe
744 csrss.exe
768 C:\WINDOWS\SYSTEM32\winlogon.exe
812 C:\WINDOWS\SYSTEM32\services.exe
824 C:\WINDOWS\SYSTEM32\lsass.exe
1028 C:\WINDOWS\SYSTEM32\ati2evxx.exe
1044 C:\WINDOWS\SYSTEM32\svchost.exe
1156 svchost.exe
1252 C:\WINDOWS\SYSTEM32\svchost.exe
1344 svchost.exe
1452 svchost.exe
1528 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1616 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1824 C:\WINDOWS\explorer.exe
372 C:\WINDOWS\SYSTEM32\LEXBCES.EXE
500 C:\WINDOWS\SYSTEM32\LEXPPS.EXE
520 C:\WINDOWS\SYSTEM32\spoolsv.exe
708 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1224 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
1232 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
1240 C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
1312 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
1320 C:\WINDOWS\SYSTEM32\CTHELPER.EXE
1360 C:\Program Files\Dell\Media Experience\PCMService.exe
1404 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
1376 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
1468 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1556 C:\Program Files\Mozilla Firefox\firefox.exe
1664 C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
1744 svchost.exe
1904 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1916 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
2060 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
2084 C:\Program Files\iTunes\iTunesHelper.exe
2104 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2168 C:\WINDOWS\SYSTEM32\ctfmon.exe
2180 C:\Program Files\Bonjour\mDNSResponder.exe
2192 C:\Program Files\Messenger\msmsgs.exe
2248 C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe
2280 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2436 C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
2444 C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
2512 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
2532 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
2860 C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
2876 C:\Program Files\Java\jre6\bin\jqs.exe
2892 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
2916 C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe
3000 C:\Program Files\WinZip\WZQKPICK.EXE
3064 C:\WINDOWS\SYSTEM32\svchost.exe
3096 wdfmgr.exe
3204 C:\Program Files\Viewpoint\Common\ViewpointService.exe
3228 C:\Program Files\Southwest Airlines\Ding\Ding.exe
3236 C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
3392 C:\Program Files\MotionBased\Agent\MBAgent.exe
3556 C:\Program Files\Canon\CAL\CALMAIN.exe
3644 C:\WINDOWS\SYSTEM32\wuauclt.exe
1332 UNSECAPP.EXE
2384 C:\Program Files\iPod\bin\iPodService.exe
3888 wmiprvse.exe
4024 C:\WINDOWS\SYSTEM32\svchost.exe
788 C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
2320 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
1248 C:\WINDOWS\SYSTEM32\wuauclt.exe
256 C:\WINDOWS\SYSTEM32\ctfmon.exe
1516 C:\Program Files\Internet Explorer\iexplore.exe
960 C:\Program Files\Mozilla Firefox\plugin-container.exe
1476 C:\Documents and Settings\Margaret\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600JD-75HBB0, Rev: 08.02D08
PhysicalDrive1 Model Number: SeagateFreeAgent, Rev: 0132

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E66C176942DF42CCFE7A0113EAFF39E82F8B0047
1397 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!



ComboFix 10-12-21.01 - Margaret 12/21/2010 17:47:27.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1537 [GMT -5:00]
Running from: c:\documents and settings\Margaret\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Margaret\Local Settings\Application Data\{056B84C7-14C1-422C-AF9C-4E1C348838EF}
c:\documents and settings\Margaret\Local Settings\Application Data\{056B84C7-14C1-422C-AF9C-4E1C348838EF}\chrome.manifest
c:\documents and settings\Margaret\Local Settings\Application Data\{056B84C7-14C1-422C-AF9C-4E1C348838EF}\chrome\content\_cfg.js
c:\documents and settings\Margaret\Local Settings\Application Data\{056B84C7-14C1-422C-AF9C-4E1C348838EF}\chrome\content\overlay.xul
c:\documents and settings\Margaret\Local Settings\Application Data\{056B84C7-14C1-422C-AF9C-4E1C348838EF}\install.rdf
c:\documents and settings\Margaret\My Documents\Files\From Jim's computer\Alltackle emails\Alltackle.eml
c:\documents and settings\Margaret\My Documents\Files\From Jim's computer\Jim\Legal\Emails\Alltackle.eml
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common
c:\windows\system32\drivers\sst696.sys
c:\windows\system32\Oeminfo.ini
c:\windows\wiaserviv.log
F:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.comj+|Cv+@J:NGD_DQ{zGD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cv Settings\Margaret\Local Settings\Application Data\Temp\{102975CE-855C-40DD-A2F7-FA717EAD7EF7}Google Update
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_sst696
-------\Service_sst696


((((((((((((((((((((((((( Files Created from 2010-11-21 to 2010-12-21 )))))))))))))))))))))))))))))))
.

2010-12-21 22:05 . 2010-12-21 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-12-21 19:22 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-21 17:44 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-21 17:44 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-21 17:44 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-21 17:44 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-21 17:44 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-21 17:44 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-21 17:44 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-21 17:43 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-21 17:43 . 2010-12-21 17:43 -------- d-----w- c:\program files\Alwil Software
2010-12-21 17:43 . 2010-12-21 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-12-15 21:42 . 2010-12-15 21:46 -------- d-----w- c:\program files\Lexia
2010-12-08 13:57 . 2010-12-08 13:57 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-08 13:53 . 2010-12-08 13:53 -------- d-----w- c:\documents and settings\Margaret\Local Settings\Application Data\Sunbelt Software
2010-12-08 13:47 . 2010-12-08 13:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-02 16:43 . 2010-12-02 16:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-02 16:43 . 2010-12-02 16:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-02 16:43 . 2010-12-02 16:42 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-02 12:50 . 2010-12-02 12:50 -------- d-----w- c:\program files\iPod
2010-12-02 12:50 . 2010-12-02 12:50 -------- d-----w- c:\program files\iTunes
2010-12-02 12:46 . 2010-12-02 12:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-02 01:34 . 2010-12-11 18:38 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-12-02 01:34 . 2010-12-11 18:38 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-03 09:05 . 2009-03-05 00:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-03 09:05 . 2009-03-05 01:07 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-28 20:44 . 2010-06-22 00:22 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 20:44 . 2010-06-22 00:22 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare]
@="{72bcb80d-7778-eb4a-ec51-22340ad33e07}"
[HKEY_CLASSES_ROOT\CLSID\{72bcb80d-7778-eb4a-ec51-22340ad33e07}]
2010-02-09 13:02 2848584 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare2]
@="{b723586e-9ca0-5b27-341a-4990a8c342cf}"
[HKEY_CLASSES_ROOT\CLSID\{b723586e-9ca0-5b27-341a-4990a8c342cf}]
2010-02-09 13:02 2848584 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare3]
@="{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}"
[HKEY_CLASSES_ROOT\CLSID\{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}]
2010-02-09 13:02 2848584 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-26 335872]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"CTHelper"="CTHELPER.EXE" [2003-02-20 28672]
"AsioReg"="CTASIO.DLL" [2003-02-20 110592]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-12-03 930032]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Margaret\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-2-15 113664]
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
MotionBased Agent.lnk - c:\program files\MotionBased\Agent\MBAgent.exe [2006-12-30 909312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-12-11 82026]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-2-15 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Secure Backup and Share Status.lnk - c:\program files\SecureBackupShare\ComcastSecureBackupSharestat.exe [2010-2-9 2861896]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-5-15 394856]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
2006-09-06 15:05 1891416 ----a-w- c:\garmin\gStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2004-07-27 05:11 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\agent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"64411:TCP"= 64411:TCP:pORT_64411
"23353:TCP"= 23353:TCP:pORT_23353
"21521:TCP"= 21521:TCP:pORT_21521
"42391:TCP"= 42391:TCP:pORT_42391
"61090:TCP"= 61090:TCP:pORT_61090
"56363:TCP"= 56363:TCP:pORT_56363
"10648:TCP"= 10648:TCP:pORT_10648
"17087:TCP"= 17087:TCP:pORT_17087
"20018:TCP"= 20018:TCP:pORT_20018
"34688:TCP"= 34688:TCP:pORT_34688
"6705:TCP"= 6705:TCP:pORT_6705
"44154:TCP"= 44154:TCP:pORT_44154
"47858:TCP"= 47858:TCP:pORT_47858
"54820:TCP"= 54820:TCP:pORT_54820
"65505:TCP"= 65505:TCP:pORT_65505
"37770:TCP"= 37770:TCP:pORT_37770
"62120:TCP"= 62120:TCP:pORT_62120
"15145:TCP"= 15145:TCP:pORT_15145
"24861:TCP"= 24861:TCP:pORT_24861
"59605:TCP"= 59605:TCP:pORT_59605
"40086:TCP"= 40086:TCP:pORT_40086
"38042:TCP"= 38042:TCP:pORT_38042
"18258:TCP"= 18258:TCP:pORT_18258
"41110:TCP"= 41110:TCP:pORT_41110
"51612:TCP"= 51612:TCP:pORT_51612
"10915:TCP"= 10915:TCP:pORT_10915
"20582:TCP"= 20582:TCP:pORT_20582
"8352:TCP"= 8352:TCP:pORT_8352
"50897:TCP"= 50897:TCP:pORT_50897
"24373:TCP"= 24373:TCP:pORT_24373
"12516:TCP"= 12516:TCP:pORT_12516
"7260:TCP"= 7260:TCP:pORT_7260

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [3/4/2009 7:53 PM 64288]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [12/21/2010 12:44 PM 165584]
R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\windows\SYSTEM32\DRIVERS\ComcastSecureBackupShare.sys [3/16/2010 7:23 AM 54776]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [12/21/2010 12:44 PM 17744]
R2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;c:\program files\SecureBackupShare\ComcastSecureBackupSharebackup.exe [2/9/2010 8:02 AM 45896]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 1:35 PM 181544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 4:05 AM 1389400]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 2:51 AM 24652]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/7/2009 1:59 PM 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/3/2010 4:05 AM 15264]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [8/21/2008 10:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [8/21/2008 10:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [6/18/2007 7:18 PM 23680]
S3 WCG200V2XP;Linksys WCG200 ver. 2 Wireless-G Cable Gateway;c:\windows\SYSTEM32\DRIVERS\WCG200V2XP.sys [10/8/2007 2:58 PM 14336]
.
Contents of the 'Scheduled Tasks' folder

2010-12-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 09:05]

2010-12-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-14 22:27]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-07 18:59]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-07 18:59]

2010-12-21 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-27 16:24]

2010-12-21 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
DPF: {084F552D-19EB-4668-9788-984CBC781A8F}
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - hxxp://www.sidestep.com/get/k42037/sb02b.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542}
FF - ProfilePath - c:\documents and settings\Margaret\Application Data\Mozilla\Firefox\Profiles\ksd0iqt0.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -

BHO-{be5c5dfe-f009-4eec-a96e-0b7b441cb835} - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Run-MBkLogOnHook - c:\program files\McAfee\MBK\LogOnHook.exe
SSODL-IneUEjX-{806692E9-2ACC-3843-A6D0-552289C94C46} - c:\windows\system32\oc.dll
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-21 18:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3156)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\wdfmgr.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2010-12-21 18:44:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-21 23:43

Pre-Run: 50,163,339,264 bytes free
Post-Run: 50,149,105,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - FF91ADE91F9B222CD89F15CEF9438724


Thanks again!
 
We're on the way to fix it :)

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Moving right along...

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00
Boot sector MD5 is: 58ecce6ee11c762f12393e1a4f86f16a

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

Thanks a ton! Glad to hear we're making progress.
 
OK, we have to fix your MBR first....

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
 
Okey dokey, next round of Greek...

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 168):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF74D9000 pcmcia.sys
0xF7607000 MountMgr.sys
0xF74BA000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF74A2000 atapi.sys
0xF742F000 iaStor.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF740F000 fltmgr.sys
0xF7885000 sr.sys
0xF7647000 Lbd.sys
0xF7870000 drvmcdb.sys
0xF7717000 PxHelp20.sys
0xF7859000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF782C000 NDIS.sys
0xF7657000 ohci1394.sys
0xF7667000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xBAFE6000 Mup.sys
0xF7687000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xBAF66000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB98C1000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xB98AD000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xB987F000 \SystemRoot\System32\DRIVERS\b57xp32.sys
0xBA428000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB985B000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xBA420000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xBAF56000 \SystemRoot\System32\DRIVERS\IntelC53.sys
0xB9838000 \SystemRoot\System32\DRIVERS\ks.sys
0xB9711000 \SystemRoot\System32\DRIVERS\IntelC51.sys
0xB967C000 \SystemRoot\System32\DRIVERS\IntelC52.sys
0xF7797000 \SystemRoot\System32\DRIVERS\mohfilt.sys
0xF779F000 \SystemRoot\System32\Drivers\Modem.SYS
0xB960C000 \SystemRoot\system32\drivers\ctaud2k.sys
0xB95E8000 \SystemRoot\system32\drivers\portcls.sys
0xBAF46000 \SystemRoot\system32\drivers\drmk.sys
0xB95BD000 \SystemRoot\system32\drivers\ctoss2k.sys
0xF79E7000 \SystemRoot\System32\drivers\ctprxy2k.sys
0xF77A7000 \SystemRoot\System32\DRIVERS\fdc.sys
0xBAF36000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF77AF000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xB95A9000 \SystemRoot\System32\DRIVERS\parport.sys
0xBAF26000 \SystemRoot\System32\DRIVERS\serial.sys
0xBAFAA000 \SystemRoot\System32\DRIVERS\serenum.sys
0xBAF16000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF79E9000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xBAF06000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xBAEF6000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA9DB000 \SystemRoot\System32\DRIVERS\audstub.sys
0xB9BE8000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBAF9E000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB9592000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xB9BD8000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xB9BC8000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF77BF000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB9581000 \SystemRoot\System32\DRIVERS\psched.sys
0xB9BB8000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF77C7000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF77CF000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB9551000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xB9BA8000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF77D7000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF79EB000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB94CB000 \SystemRoot\System32\DRIVERS\update.sys
0xB99D6000 \SystemRoot\System32\DRIVERS\omci.sys
0xBAF7A000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xBA5F6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA5D6000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF79F5000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xBAFB2000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xAF9A7000 \SystemRoot\System32\drivers\ha10kx2k.sys
0xAF98C000 \SystemRoot\System32\drivers\emupia2k.sys
0xAF96D000 \SystemRoot\System32\drivers\ctsfm2k.sys
0xAF94D000 \SystemRoot\System32\drivers\ctac32k.sys
0xAF92D000 \SystemRoot\System32\drivers\hap16v2k.sys
0xF7757000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xB9539000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xAE6C7000 \SystemRoot\system32\DRIVERS\ComcastSecureBackupShare.sys
0xF79A3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A6E000 \SystemRoot\System32\Drivers\Null.SYS
0xF79A5000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7767000 \SystemRoot\system32\drivers\ssrtln.sys
0xF776F000 \SystemRoot\System32\drivers\vga.sys
0xF79A7000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79A9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7777000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA460000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9531000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xAE694000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xAE63B000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB0AD8000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA2CA6000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xA6A12000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xA2C7E000 \SystemRoot\System32\DRIVERS\netbt.sys
0xA6AF4000 \SystemRoot\system32\drivers\grmnusb.sys
0xA74D6000 \SystemRoot\system32\drivers\GRMNGEN.SYS
0xA2C5C000 \SystemRoot\System32\drivers\afd.sys
0xA6A02000 \SystemRoot\System32\DRIVERS\netbios.sys
0xA69E2000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xA2C31000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xA2BC1000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xA69D2000 \SystemRoot\System32\Drivers\Fips.SYS
0xA6AF0000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xA5F58000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xA74BE000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xA24F8000 \SystemRoot\System32\Drivers\aswSP.SYS
0xA6796000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA678E000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xA6786000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xA66E4000 \SystemRoot\System32\DRIVERS\mouhid.sys
0x9CDDE000 \SystemRoot\System32\DRIVERS\usbscan.sys
0x9CBE6000 \SystemRoot\System32\DRIVERS\usbprint.sys
0x9CA4E000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9B8DE000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0x9C97F000 \SystemRoot\System32\drivers\Dxapi.sys
0x9CBCE000 \SystemRoot\System32\watchdog.sys
0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
0xA6BEB000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D6000 \SystemRoot\System32\ati2dvag.dll
0xBFA0D000 \SystemRoot\System32\ati2cqag.dll
0xBFA47000 \SystemRoot\System32\ati3duag.dll
0xBFC1B000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA3AD5000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA67F6000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7A85000 \SystemRoot\system32\dla\tfsndres.sys
0x9A8C9000 \SystemRoot\system32\dla\tfsnifs.sys
0xA3AC9000 \SystemRoot\system32\dla\tfsnopio.sys
0x9CF08000 \SystemRoot\system32\dla\tfsnpool.sys
0x9B9EB000 \SystemRoot\system32\dla\tfsnboio.sys
0xA67E6000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7A86000 \SystemRoot\system32\dla\tfsndrct.sys
0x9A8B0000 \SystemRoot\system32\dla\tfsnudf.sys
0x9A897000 \SystemRoot\system32\dla\tfsnudfa.sys
0xBA7B3000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0x9A880000 \SystemRoot\System32\Drivers\aswMon2.SYS
0x9A72B000 \SystemRoot\system32\drivers\wdmaud.sys
0xF76C7000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8E72000
0x9A708000
0xF7527000
0xF7517000
0x9A6DD000
0xA6B2D000
0x9A568000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xA622C000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF79ED000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xF79B7000 \SystemRoot\System32\DRIVERS\dsunidrv.sys
0x9A27F000 \SystemRoot\System32\Drivers\HTTP.sys
0x9A1D8000 \SystemRoot\System32\DRIVERS\srv.sys
0x9A263000 \??\C:\WINDOWS\System32\drivers\PfModNT.sys
0xF778F000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 68):
0 System Idle Process
4 System
684 C:\WINDOWS\SYSTEM32\smss.exe
748 csrss.exe
776 C:\WINDOWS\SYSTEM32\winlogon.exe
820 C:\WINDOWS\SYSTEM32\services.exe
832 C:\WINDOWS\SYSTEM32\lsass.exe
1020 C:\WINDOWS\SYSTEM32\ati2evxx.exe
1036 C:\WINDOWS\SYSTEM32\svchost.exe
1120 svchost.exe
1216 C:\WINDOWS\SYSTEM32\svchost.exe
1332 svchost.exe
1384 svchost.exe
1460 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1596 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1920 C:\WINDOWS\SYSTEM32\LEXBCES.EXE
1948 C:\WINDOWS\SYSTEM32\spoolsv.exe
1992 C:\WINDOWS\SYSTEM32\LEXPPS.EXE
192 C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
604 C:\WINDOWS\explorer.exe
1104 svchost.exe
1196 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1248 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1272 C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
1296 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
1320 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
1328 C:\Program Files\Bonjour\mDNSResponder.exe
1364 C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
1436 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
1444 C:\WINDOWS\SYSTEM32\CTHELPER.EXE
1508 C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe
1660 C:\Program Files\Dell\Media Experience\PCMService.exe
1852 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
2060 C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
2108 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
2208 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
2240 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2272 C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
2392 C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
2468 C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
2488 C:\Program Files\Java\jre6\bin\jqs.exe
2516 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
2532 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
2628 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
2680 C:\Program Files\iTunes\iTunesHelper.exe
2700 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2896 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2904 C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
2964 C:\WINDOWS\SYSTEM32\svchost.exe
2996 wdfmgr.exe
3056 C:\Program Files\Viewpoint\Common\ViewpointService.exe
3184 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
3192 C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
3400 C:\Program Files\Canon\CAL\CALMAIN.exe
3480 C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe
3592 C:\Program Files\WinZip\WZQKPICK.EXE
3748 C:\WINDOWS\SYSTEM32\wuauclt.exe
3840 C:\Program Files\Southwest Airlines\Ding\Ding.exe
4088 C:\Program Files\MotionBased\Agent\MBAgent.exe
1068 UNSECAPP.EXE
2612 wmiprvse.exe
2660 C:\Program Files\iPod\bin\iPodService.exe
3140 C:\Documents and Settings\Margaret\Desktop\MBRCheck.exe
3664 wmiprvse.exe
3604 C:\WINDOWS\SYSTEM32\ctfmon.exe
3740 alg.exe
536 C:\WINDOWS\SYSTEM32\svchost.exe
2164 C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600JD-75HBB0, Rev: 08.02D08
PhysicalDrive1 Model Number: SeagateFreeAgent, Rev: 0132

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
1397 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Thanks!
 
Good job :)

Combofix log looks good :)

How is computer doing?

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

======================================================================

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
I hadn't tried a Google search since we started, but since you asked me, it's working! Thanks a million!

More fun stuff for you:

OTL logfile created on: 12/22/2010 8:10:56 AM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Margaret\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.95 Gb Total Space | 46.59 Gb Free Space | 31.92% Space Free | Partition Type: NTFS
Drive F: | 1397.26 Gb Total Space | 1260.02 Gb Free Space | 90.18% Space Free | Partition Type: NTFS

Computer Name: ALLTACKLE | User Name: Margaret | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/22 07:57:50 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Margaret\Desktop\OTL.exe
PRC - [2010/12/03 04:05:32 | 001,389,400 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/12/03 04:05:32 | 000,930,032 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/09 08:02:34 | 002,861,896 | ---- | M] (Secure Backup and Share) -- C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe
PRC - [2010/02/09 08:02:32 | 000,045,896 | ---- | M] (Secure Backup and Share) -- C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe
PRC - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/05/01 13:35:10 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/15 10:10:00 | 000,394,856 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2006/12/30 10:18:46 | 000,909,312 | ---- | M] (MotionBased Technologies) -- C:\Program Files\MotionBased\Agent\MBAgent.exe
PRC - [2006/06/22 14:15:48 | 000,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe
PRC - [2005/09/30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/08/09 06:03:38 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/03/23 12:16:16 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/03/23 12:15:40 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2003/05/08 11:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
PRC - [2003/02/20 16:45:40 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTHELPER.EXE
PRC - [2002/10/29 09:18:24 | 000,049,152 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2002/09/30 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
PRC - [2001/10/11 16:35:02 | 000,082,026 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe


========== Modules (SafeList) ==========

MOD - [2010/12/22 07:57:50 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Margaret\Desktop\OTL.exe
MOD - [2006/03/24 10:53:30 | 000,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll
MOD - [2003/02/20 16:45:52 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/12/03 04:05:32 | 001,389,400 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/02/09 08:02:32 | 000,045,896 | ---- | M] (Secure Backup and Share) [Auto | Running] -- C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe -- (ComcastSecureBackupSharebackup)
SRV - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/09/30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/11/02 15:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/03/23 12:15:40 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
SRV - [2000/05/24 15:20:36 | 000,015,360 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\ATMsrvc.exe -- (ATMsrvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/12/03 04:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/12/03 04:05:33 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/02/09 08:02:26 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ComcastSecureBackupShare.sys -- (ComcastSecureBackupShareFilter)
DRV - [2008/08/21 22:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 22:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motccgp.sys -- (motccgp)
DRV - [2008/04/13 13:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2008/04/13 13:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2008/04/13 13:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motport.sys -- (motport)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys -- (motmodem)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/07/28 14:52:18 | 000,123,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/07/27 00:11:57 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/07/05 11:06:04 | 000,014,336 | R--- | M] (Cisco-Linksys, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WCG200V2XP.sys -- (WCG200V2XP)
DRV - [2004/05/29 17:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/05/25 23:19:00 | 000,729,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/03/23 12:13:58 | 000,467,200 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2004/03/15 01:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/03/15 01:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/03/15 01:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/03/15 01:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/03/15 01:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/03/15 01:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/03/15 01:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/03/15 01:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/03/15 01:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/02/27 02:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/02/13 03:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/01/14 19:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/01/14 19:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/03/27 10:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/26 15:33:58 | 000,498,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/03/26 15:32:32 | 000,189,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/03/26 15:32:02 | 000,141,536 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hap16v2k.sys -- (hap16v2k)
DRV - [2003/03/26 15:31:40 | 000,823,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/03/06 09:10:34 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfmodnt.sys -- (PfModNT)
DRV - [2003/02/20 16:24:46 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)
DRV - [2003/02/20 16:24:34 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/02/20 16:24:18 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/02/20 16:22:38 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.ssl: ":0"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/21 17:23:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 13:38:45 | 000,000,000 | ---D | M]

[2008/10/30 17:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Mozilla\Extensions
[2010/12/21 14:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Mozilla\Firefox\Profiles\ksd0iqt0.default\extensions
[2010/12/01 21:16:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Margaret\Application Data\Mozilla\Firefox\Profiles\ksd0iqt0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/01 21:16:31 | 000,000,000 | ---D | M] (IE View) -- C:\Documents and Settings\Margaret\Application Data\Mozilla\Firefox\Profiles\ksd0iqt0.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2008/10/30 22:06:59 | 000,000,000 | ---D | M] (IE View Lite) -- C:\Documents and Settings\Margaret\Application Data\Mozilla\Firefox\Profiles\ksd0iqt0.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
[2010/12/21 14:27:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/02 11:43:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/02 11:42:57 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/21 18:18:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (no name) - {be5c5dfe-f009-4eec-a96e-0b7b441cb835} - No CLSID value found.
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secure Backup and Share Status.lnk = C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe (Secure Backup and Share)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Margaret\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Margaret\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O4 - Startup: C:\Documents and Settings\Margaret\Start Menu\Programs\Startup\MotionBased Agent.lnk = C:\Program Files\MotionBased\Agent\MBAgent.exe (MotionBased Technologies)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/OneClickFix/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} http://www.ritzpix.com/net/Uploader/LPUploader45.cab (Image Uploader Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} http://www.sidestep.com/get/k42037/sb02b.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173741447941 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1195508015711 (MUWebControl Class)
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab (Ofoto Upload Manager Class)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} http://www.snapfish.com/SnapfishUpload.cab (Snapfish File Upload ActiveX Control)
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} http://a14.g.akamai.net/f/14/7141/1...taller_activex_en_4.60.38.0_MEGAPANEL_USA.cab (NMInstall Control)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab (FujifilmUploader Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab (ZoneIntro Class)
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.308904167760062&file=stamps.cab (SDCInstaller Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab (CGameManagerCtrl Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5165/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://im1.shutterfly.com/procserv/47b5d929b3127cce92fff0bf12ba00000015108QbNmrZozb6
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Margaret\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Margaret\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/20 12:58:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/12/21 22:42:22 | 000,000,067 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/22 07:57:49 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Margaret\Desktop\OTL.exe
[2010/12/21 22:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Margaret\Desktop\NTBR_CD
[2010/12/21 21:23:51 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Documents and Settings\Margaret\Desktop\remover.exe
[2010/12/21 17:40:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/21 17:31:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/21 17:31:20 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/21 17:31:20 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/21 17:31:20 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/21 17:26:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/21 17:26:18 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/12/21 17:25:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/21 17:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/21 14:22:41 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/12/21 12:44:44 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/12/21 12:44:44 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/12/21 12:44:43 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/12/21 12:44:43 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/12/21 12:44:43 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/12/21 12:44:43 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/12/21 12:44:43 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/12/21 12:43:07 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/12/21 12:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/21 12:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/12/15 16:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\Lexia
[2010/12/08 08:57:39 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/12/08 08:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Margaret\Local Settings\Application Data\Sunbelt Software
[2010/12/08 08:47:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/12/02 11:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/12/02 07:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/02 07:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/02 07:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2004/07/27 00:08:17 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\Documents and Settings\Margaret\My Documents\*.tmp files -> C:\Documents and Settings\Margaret\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/22 07:57:50 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Margaret\Desktop\OTL.exe
[2010/12/22 07:31:01 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/22 06:21:11 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/12/21 23:31:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/21 22:45:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/21 22:43:50 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/12/21 22:43:48 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\3559580329.dat
[2010/12/21 22:42:48 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Margaret\Start Menu\Programs\Startup\MotionBased Agent.lnk
[2010/12/21 22:42:31 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/12/21 22:42:18 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/12/21 22:42:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/12/21 22:42:05 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/21 22:39:35 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/12/21 22:39:35 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/12/21 22:39:35 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/12/21 22:39:35 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/12/21 22:39:35 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/12/21 22:39:35 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/12/21 22:39:35 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2010/12/21 22:39:35 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
[2010/12/21 22:27:01 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\Margaret\Desktop\NTBR_CD.exe
[2010/12/21 21:22:52 | 000,039,605 | ---- | M] () -- C:\Documents and Settings\Margaret\Desktop\bootkit_remover.rar
[2010/12/21 18:22:00 | 000,387,722 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/12/21 18:22:00 | 000,055,782 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/12/21 18:19:05 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-10031102}.CDF
[2010/12/21 18:18:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/12/21 17:40:34 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2010/12/21 17:24:12 | 003,995,873 | R--- | M] () -- C:\Documents and Settings\Margaret\Desktop\ComboFix.exe
[2010/12/21 17:17:50 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Margaret\Desktop\MBRCheck.exe
[2010/12/21 14:50:33 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/12/21 12:44:44 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/15 18:45:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/13 18:18:00 | 001,235,566 | ---- | M] () -- C:\Documents and Settings\Margaret\My Documents\Bulldog Buddy Bumper Sticker.JPG
[2010/12/13 18:15:00 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\Margaret\My Documents\Bulldog Buddy Bumper Sticker.sig
[2010/12/08 08:57:38 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/12/08 08:49:04 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/08 08:47:38 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/08 08:47:38 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/12/07 09:32:00 | 000,541,872 | ---- | M] () -- C:\Documents and Settings\Margaret\My Documents\camp snow
[2010/12/03 04:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/12/03 04:05:33 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/12/02 07:50:38 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/02 07:43:55 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/12/02 07:43:55 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/12/01 20:34:08 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/01 20:34:08 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/28 20:49:28 | 027,776,512 | ---- | M] () -- C:\Documents and Settings\Margaret\My Documents\Doc5.doc
[1 C:\Documents and Settings\Margaret\My Documents\*.tmp files -> C:\Documents and Settings\Margaret\My Documents\*.tmp -> ]
 
Oops, message too long. Part 2 of OTL.txt:

========== Files Created - No Company Name ==========

[2010/12/21 22:26:57 | 002,565,432 | ---- | C] () -- C:\Documents and Settings\Margaret\Desktop\NTBR_CD.exe
[2010/12/21 21:22:52 | 000,039,605 | ---- | C] () -- C:\Documents and Settings\Margaret\Desktop\bootkit_remover.rar
[2010/12/21 17:40:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/21 17:40:20 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/21 17:31:20 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/21 17:31:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/21 17:31:20 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/21 17:31:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/21 17:31:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/21 17:24:08 | 003,995,873 | R--- | C] () -- C:\Documents and Settings\Margaret\Desktop\ComboFix.exe
[2010/12/21 17:17:49 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Margaret\Desktop\MBRCheck.exe
[2010/12/21 12:44:44 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/13 18:19:11 | 001,235,566 | ---- | C] () -- C:\Documents and Settings\Margaret\My Documents\Bulldog Buddy Bumper Sticker.JPG
[2010/12/13 18:16:11 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\Margaret\My Documents\Bulldog Buddy Bumper Sticker.sig
[2010/12/08 08:49:04 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/08 08:47:38 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/08 08:47:38 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/12/07 09:35:37 | 000,541,872 | ---- | C] () -- C:\Documents and Settings\Margaret\My Documents\camp snow
[2010/12/07 08:19:31 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3559580329.dat
[2010/12/02 07:50:38 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/28 20:49:17 | 027,776,512 | ---- | C] () -- C:\Documents and Settings\Margaret\My Documents\Doc5.doc
[2010/04/02 20:13:47 | 000,012,888 | -HS- | C] () -- C:\Documents and Settings\Margaret\Local Settings\Application Data\Wv7V1mEL4UH
[2010/04/02 20:13:47 | 000,012,888 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Wv7V1mEL4UH
[2010/03/30 23:27:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/03/30 22:13:33 | 000,014,436 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2157912310
[2010/03/30 19:33:53 | 000,014,432 | -HS- | C] () -- C:\Documents and Settings\Margaret\Local Settings\Application Data\80AsEM
[2010/03/30 19:33:53 | 000,014,432 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\80AsEM
[2009/09/30 14:37:39 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2008/05/16 03:02:28 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/11/30 19:03:05 | 000,000,247 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/11/30 19:03:03 | 000,000,232 | ---- | C] () -- C:\WINDOWS\KA.INI
[2007/11/26 13:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/07/22 20:32:13 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Margaret.ini
[2007/07/18 18:16:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/07/18 18:16:16 | 000,000,209 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/12/02 14:32:28 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7R.DLL
[2006/12/02 14:31:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2006/12/02 14:27:55 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/09/28 12:46:27 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\Margaret\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/27 12:37:44 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/01/12 07:50:18 | 000,000,026 | ---- | C] () -- C:\WINDOWS\FPKPMSV.INI
[2006/01/12 07:46:16 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Margaret\Local Settings\Application Data\fusioncache.dat
[2005/08/30 08:14:00 | 001,227,776 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/12/11 15:33:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2004/12/11 15:32:04 | 000,000,156 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2004/12/11 15:31:55 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2004/12/01 12:51:56 | 000,000,616 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/10/17 21:16:38 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2004/10/17 20:57:31 | 000,000,305 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/07/27 00:20:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/07/27 00:15:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/27 00:11:21 | 000,000,454 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/07/27 00:08:31 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/07/27 00:08:18 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2004/07/27 00:08:18 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/07/27 00:08:17 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/07/27 00:08:17 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/07/27 00:07:59 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/06/16 14:27:10 | 000,000,283 | ---- | C] () -- C:\WINDOWS\System32\DLBCPLC.INI
[2004/06/07 11:43:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2004/06/07 11:42:56 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2004/03/26 16:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/03/20 13:21:34 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/20 12:58:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/03/19 17:37:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/05/30 09:00:02 | 000,132,608 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/12 00:14:32 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[1980/01/01 00:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2010/12/21 12:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/12/02 14:32:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/09/28 16:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2008/10/27 22:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/12/21 17:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/10/09 09:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/05/04 11:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/10/09 09:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009/10/09 09:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2010/12/22 07:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/05/21 17:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/12/08 08:47:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/06/21 19:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/03/05 11:41:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2007/03/27 14:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Canon
[2006/01/12 07:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Downloaded Installations
[2009/09/04 13:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\fhnetwork.com
[2007/10/17 14:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Flickr
[2008/10/30 22:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\GARMIN
[2008/09/25 09:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\GetRightToGo
[2007/10/17 09:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Hulabee
[2008/09/25 09:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\ICAClient
[2004/12/11 15:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\InterTrust
[2006/01/12 07:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Kinko's
[2004/12/01 12:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Leadertech
[2008/10/30 22:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\MotionBased
[2007/02/16 14:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Netscape
[2006/12/02 14:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\NewSoft
[2007/04/17 08:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Opera
[2006/01/01 22:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\OurPictures
[2008/09/25 09:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Runaware
[2006/12/02 14:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\ScanSoft
[2007/01/15 19:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Snapfish
[2010/01/20 12:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Southwest Airlines
[2009/03/04 17:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Uniblue
[2010/12/21 22:45:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/12/21 22:42:18 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/12/21 22:42:04 | 000,004,524 | ---- | M] () -- C:\aaw7boot.log
[2004/03/20 12:58:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/15 20:40:56 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/12/21 17:40:34 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/12/21 18:44:33 | 000,019,609 | ---- | M] () -- C:\ComboFix.txt
[2004/03/20 12:58:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/07/26 23:54:10 | 000,006,039 | RH-- | M] () -- C:\DELL.SDR
[2010/12/21 22:42:05 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
[2004/03/20 12:58:32 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010/03/30 22:35:57 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/03/20 12:58:32 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2007/10/08 14:27:02 | 000,001,102 | ---- | M] () -- C:\net_save.dna
[2007/11/19 17:00:46 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/26 10:42:40 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/12/21 22:42:04 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/02/16 14:03:27 | 000,001,785 | ---- | M] () -- C:\photodex-presenter-install.log
[2005/03/23 22:48:44 | 000,000,890 | ---- | M] () -- C:\RegAll.log
[2004/07/27 00:12:23 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2007/05/21 17:15:52 | 000,017,378 | ---- | M] () -- C:\WinZipErrorReportLog.Txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/03/20 12:58:06 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2005/10/31 00:00:00 | 000,020,992 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPD7R.DLL
[2005/10/31 00:00:00 | 000,059,392 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPP7R.DLL
[2004/06/07 11:43:00 | 000,078,336 | ---- | M] () -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\DLBCPP5C.DLL
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2002/09/29 10:56:44 | 000,139,264 | ---- | M] (ArcSoft Inc.) -- C:\WINDOWS\PhotoBase Screen Saver.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/06/12 08:04:03 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/03/20 12:49:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/03/20 12:49:04 | 000,626,688 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/03/20 12:49:02 | 000,421,888 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/11/26 10:47:24 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/11/26 11:04:01 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
[2004/10/17 20:57:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/12/21 17:24:12 | 003,995,873 | R--- | M] () -- C:\Documents and Settings\Margaret\Desktop\ComboFix.exe
[2009/10/07 13:59:17 | 000,570,032 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Margaret\Desktop\GoogleEarthPluginSetup.exe
[2010/12/21 17:17:50 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Margaret\Desktop\MBRCheck.exe
[2010/12/21 22:27:01 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\Margaret\Desktop\NTBR_CD.exe
[2010/12/22 07:57:50 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Margaret\Desktop\OTL.exe
[2010/09/01 15:33:48 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Documents and Settings\Margaret\Desktop\remover.exe
[2008/11/27 11:22:25 | 004,310,568 | ---- | M] () -- C:\Documents and Settings\Margaret\Desktop\WebUpdater_241.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/03/19 17:37:26 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\FXSEXT.ECF

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/03/09 23:23:02 | 000,000,510 | ---- | M] () -- C:\Documents and Settings\Margaret\Favorites\Alltackle.lnk
[2008/11/26 11:04:01 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Margaret\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/12/22 08:07:41 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\Margaret\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/09/22 18:46:10 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\INF\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/12/17 09:23:28 | 000,015,692 | ---- | M] () -- C:\Program Files\Messenger\license.txt
[2002/12/17 09:23:22 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/12/17 09:23:22 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/12/17 09:23:28 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2003/04/14 18:00:16 | 000,142,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc(2).dll
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2003/04/14 18:01:28 | 000,224,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang(2).dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\MSMSGSIN.EXE
[2002/12/17 09:23:18 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/12/17 09:23:18 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/12/17 09:23:18 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/12/17 09:23:24 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 13:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
And Extras.txt:

OTL Extras logfile created on: 12/22/2010 8:10:56 AM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Margaret\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.95 Gb Total Space | 46.59 Gb Free Space | 31.92% Space Free | Partition Type: NTFS
Drive F: | 1397.26 Gb Total Space | 1260.02 Gb Free Space | 90.18% Space Free | Partition Type: NTFS

Computer Name: ALLTACKLE | User Name: Margaret | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"64411:TCP" = 64411:TCP:*:Enabled:pORT_64411
"23353:TCP" = 23353:TCP:*:Enabled:pORT_23353
"21521:TCP" = 21521:TCP:*:Enabled:pORT_21521
"42391:TCP" = 42391:TCP:*:Enabled:pORT_42391
"61090:TCP" = 61090:TCP:*:Enabled:pORT_61090
"56363:TCP" = 56363:TCP:*:Enabled:pORT_56363
"10648:TCP" = 10648:TCP:*:Enabled:pORT_10648
"17087:TCP" = 17087:TCP:*:Enabled:pORT_17087
"20018:TCP" = 20018:TCP:*:Enabled:pORT_20018
"34688:TCP" = 34688:TCP:*:Enabled:pORT_34688
"6705:TCP" = 6705:TCP:*:Enabled:pORT_6705
"44154:TCP" = 44154:TCP:*:Enabled:pORT_44154
"47858:TCP" = 47858:TCP:*:Enabled:pORT_47858
"54820:TCP" = 54820:TCP:*:Enabled:pORT_54820
"65505:TCP" = 65505:TCP:*:Enabled:pORT_65505
"37770:TCP" = 37770:TCP:*:Enabled:pORT_37770
"62120:TCP" = 62120:TCP:*:Enabled:pORT_62120
"15145:TCP" = 15145:TCP:*:Enabled:pORT_15145
"24861:TCP" = 24861:TCP:*:Enabled:pORT_24861
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
"59605:TCP" = 59605:TCP:*:Enabled:pORT_59605
"40086:TCP" = 40086:TCP:*:Enabled:pORT_40086
"38042:TCP" = 38042:TCP:*:Enabled:pORT_38042
"18258:TCP" = 18258:TCP:*:Enabled:pORT_18258
"41110:TCP" = 41110:TCP:*:Enabled:pORT_41110
"51612:TCP" = 51612:TCP:*:Enabled:pORT_51612
"10915:TCP" = 10915:TCP:*:Enabled:pORT_10915
"20582:TCP" = 20582:TCP:*:Enabled:pORT_20582
"8352:TCP" = 8352:TCP:*:Enabled:pORT_8352
"50897:TCP" = 50897:TCP:*:Enabled:pORT_50897
"24373:TCP" = 24373:TCP:*:Enabled:pORT_24373
"12516:TCP" = 12516:TCP:*:Enabled:pORT_12516
"7260:TCP" = 7260:TCP:*:Enabled:pORT_7260

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" = C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe:*:Enabled:agent -- (InstallShield Software Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{191FD01E-1AB7-49BD-A88D-67244297950A}" = iDisk Utility for Windows
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{6304CCF6-3343-4DA5-96B6-84B3A644B93B}" = USB Driver for Panasonic DVC
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{70C4EFA5-F8B8-4015-9378-FCAA9000DF19}" = MotionBased Agent
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76B91C9C-BBEE-5196-AF0E-502219CE16CE}" = MyFonts Order M901961
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7D971BEA-756F-4E13-AA21-1B946E7ED11D}" = AdwareAlert
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}" = EarthLink Setup Files
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{C352ADD9-A3FC-4B89-BFBE-48B8E4B7C861}" = ArcSoft Software Suite
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{DBD90220-6A77-F6F0-6CCB-39FB90FE290B}" = Secure Backup and Share
"{DE659AC8-EEF0-4115-AA0C-6500D194FB10}" = Garmin Training Center v5
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}" = Presto! PageManager 7.15.11
"{EBA09A1B-8D0A-4D65-BF5F-96186DAA6628}" = File, Print FedEx Kinko's
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe Type Manager 4.1" = Adobe Type Manager 4.1
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CleanUp!" = CleanUp!
"Clickables Online" = Clickables Online
"CSCLIB" = Canon Camera Support Core Library
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo Printer 720" = Dell Photo Printer 720
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"EOS Utility" = Canon Utilities EOS Utility
"ESPNMotion" = ESPNMotion
"Flickr Uploadr" = Flickr Uploadr 2.5.0.15
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"JSLG_PH" = JumpStart Learning Games Phonics
"Lexia Reading 7.0.1" = Lexia Reading
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator 2.2" = Canon MP Navigator 2.2
"MSN Music Assistant" = MSN Music Assistant
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"Personalized Learning Center" = Personalized Learning Center
"Photodex Presenter" = Photodex Presenter
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Reader Rabbit Thinking Adventures Ages 4-6" = Reader Rabbit Thinking Adventures Ages 4-6
"RealPlayer 6.0" = RealPlayer Basic
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SideStep" = SideStep
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/11/2010 4:50:53 PM | Computer Name = ALLTACKLE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 6.0.2900.5921, fault address 0x000bf28a.

Error - 12/12/2010 11:17:17 PM | Computer Name = ALLTACKLE | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3989, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 12/15/2010 4:36:41 PM | Computer Name = ALLTACKLE | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3989, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 12/15/2010 4:53:45 PM | Computer Name = ALLTACKLE | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8312.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2010 4:53:46 PM | Computer Name = ALLTACKLE | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8312.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2010 4:53:48 PM | Computer Name = ALLTACKLE | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8312.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2010 4:56:07 PM | Computer Name = ALLTACKLE | Source = Application Hang | ID = 1002
Description = Hanging application Illustrator.exe, version 12.1.128.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/18/2010 11:01:08 AM | Computer Name = ALLTACKLE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module yt.dll, version 2007.12.18.1, fault address 0x00067646.

Error - 12/18/2010 11:01:13 AM | Computer Name = ALLTACKLE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module yt.dll, version 2007.12.18.1, fault address 0x00067646.

Error - 12/19/2010 9:01:33 PM | Computer Name = ALLTACKLE | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3989, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

[ System Events ]
Error - 12/14/2010 11:10:43 AM | Computer Name = ALLTACKLE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 12/14/2010 1:17:02 PM | Computer Name = ALLTACKLE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 12/15/2010 10:25:32 PM | Computer Name = ALLTACKLE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 12/19/2010 6:29:56 PM | Computer Name = ALLTACKLE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 12/20/2010 4:16:30 PM | Computer Name = ALLTACKLE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 12/21/2010 1:05:06 AM | Computer Name = ALLTACKLE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 12/21/2010 12:34:59 PM | Computer Name = ALLTACKLE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 12/21/2010 12:34:59 PM | Computer Name = ALLTACKLE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 12/21/2010 12:34:59 PM | Computer Name = ALLTACKLE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\DOCUME~1\Margaret\LOCALS~1\Temp\RarSFX0\redist.dll.
Reference
error message: The operation completed successfully. .

Error - 12/21/2010 7:14:52 PM | Computer Name = ALLTACKLE | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SST696\0000 disappeared from the system without
first being prepared for removal.


< End of report >
 
Good news :)

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/11/02 15:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
DRV - [2005/07/28 14:52:18 | 000,123,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
O2 - BHO: (no name) - {be5c5dfe-f009-4eec-a96e-0b7b441cb835} - No CLSID value found.
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} http://www.sidestep.com/get/k42037/sb02b.cab (Reg Error: Key error.)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} Reg Error: Value error. (Reg Error: Key error.)
[1 C:\Documents and Settings\Margaret\My Documents\*.tmp files -> C:\Documents and Settings\Margaret\My Documents\*.tmp -> ]
[2010/12/22 06:21:11 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/12/07 08:19:31 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3559580329.dat
[2010/12/22 07:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/04 17:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Uniblue


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OK, here's the latest. Thanks again! Hope this did the trick.

All processes killed
========== OTL ==========
Service SNDSrvc stopped successfully!
Service SNDSrvc deleted successfully!
File C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe not found.
Service SymWSC stopped successfully!
Service SymWSC deleted successfully!
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe moved successfully.
Service SymEvent stopped successfully!
Service SymEvent deleted successfully!
C:\Program Files\Symantec\SYMEVENT.SYS moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{be5c5dfe-f009-4eec-a96e-0b7b441cb835}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be5c5dfe-f009-4eec-a96e-0b7b441cb835}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UpdReg deleted successfully.
C:\WINDOWS\Updreg.EXE moved successfully.
Starting removal of ActiveX control {084F552D-19EB-4668-9788-984CBC781A8F}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{084F552D-19EB-4668-9788-984CBC781A8F}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{084F552D-19EB-4668-9788-984CBC781A8F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{084F552D-19EB-4668-9788-984CBC781A8F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{084F552D-19EB-4668-9788-984CBC781A8F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{084F552D-19EB-4668-9788-984CBC781A8F}\ not found.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {640B39C1-D713-464F-92C3-75BD972B95EE}
C:\WINDOWS\Downloaded Program Files\SbCIe02b.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{640B39C1-D713-464F-92C3-75BD972B95EE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640B39C1-D713-464F-92C3-75BD972B95EE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{640B39C1-D713-464F-92C3-75BD972B95EE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640B39C1-D713-464F-92C3-75BD972B95EE}\ not found.
Starting removal of ActiveX control {A7EA8AD2-287F-11D3-B120-006008C39542}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A7EA8AD2-287F-11D3-B120-006008C39542}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A7EA8AD2-287F-11D3-B120-006008C39542}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EA8AD2-287F-11D3-B120-006008C39542}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A7EA8AD2-287F-11D3-B120-006008C39542}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EA8AD2-287F-11D3-B120-006008C39542}\ not found.
C:\Documents and Settings\Margaret\My Documents\~WRL2186.tmp deleted successfully.
C:\WINDOWS\tasks\Symantec NetDetect.job moved successfully.
C:\Documents and Settings\All Users\Application Data\3559580329.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\Margaret\Application Data\Uniblue\Registry Booster2 folder moved successfully.
C:\Documents and Settings\Margaret\Application Data\Uniblue folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Isabel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jim
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Keith
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 33012 bytes

User: Margaret
->Temp folder emptied: 9463536 bytes
->Temporary Internet Files folder emptied: 12536963 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 84872158 bytes
->Flash cache emptied: 6419 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33432 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 102.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Isabel
->Flash cache emptied: 0 bytes

User: Jim
->Flash cache emptied: 0 bytes

User: Keith
->Flash cache emptied: 0 bytes

User: LocalService

User: Margaret
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.18.0 log created on 12222010_133026

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\Z038OZYZ\Order Number not found!
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 7.0.7
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
``````````End of Log````````````


C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP573\A0060594.dll a variant of Win32/Kryptik.DER trojan
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP573\A0060595.dll a variant of Win32/Kryptik.DVQ trojan
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP573\A0060596.dll a variant of Win32/Kryptik.DER trojan
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP573\A0060597.exe Win32/TrojanDownloader.Agent.AZR trojan
 
Update Internet Explorer to at least version 7.
Version 6 is obsolete and thus dangerous.

==========================================================================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

FoxitReaderInstallation.png


make sure, you have both boxes UN-checked AND (important!) click on Decline button

========================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
Everything seems fine now, thanks SO much! Computer is running much faster! Only problem I'm finding is that Internet Explorer won't open so I can install Windows Updates?

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Isabel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jim
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Keith
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Margaret
->Temp folder emptied: 2779 bytes
->Temporary Internet Files folder emptied: 247216 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 74623129 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 438872 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 72.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Isabel
->Flash cache emptied: 0 bytes

User: Jim
->Flash cache emptied: 0 bytes

User: Keith
->Flash cache emptied: 0 bytes

User: LocalService

User: Margaret
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.18.0 log created on 12232010_073014

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\Z038OZYZ\Order Number not found!
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
I think I upgraded to IE8, it wouldn't let me upgrade to IE7 for some reason. But now it won't let me use Explorer. Explorer opens for a few seconds and goes directly to the Yahoo site and then closes again. :confused:
 
Close IE.
Go Start>All Programs>Accessories>System Tools, and click on Internet Explorer (no add-ons). Same problem?
 
That's your problem then...

Start IE normally. Disable all add-ons.
Restart IE.
Start enabling add-ons, BUT only one-by-one, restarting IE each time until you'll find the culprit.

Main suspects - toolbars.

Any other issues?
 
In that case....
Close IE.
Go Start>All Programs>Accessories>System Tools, and click on Internet Explorer (no add-ons).
Go Tools>Internet options>Advanced tab and click on "Reset" button.
You should be able to start IE normally now.
 
That worked! Thanks! Sorry, holiday prep getting in the way. Everything is working MUCH better now. And I'm installing Windows updates. I'll let you know when I'm done. Thanks again so much for your help and Merry Merry Christmas!
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
792
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back