smargarita
Posts: 17 +0
I’m also having the Google (and Yahoo) redirect issue that seems to be a problem for so many on this forum. Thanks so much to all of you experts who are spending your free time helping people fix their issues!
My logs:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3930
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
12/21/2010 2:46:30 PM
mbam-log-2010-12-21 (14-46-30).txt
Scan type: Quick scan
Objects scanned: 135838
Time elapsed: 16 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
DDS (Ver_10-12-12.02) - NTFSx86
Run by Margaret at 14:59:16.78 on Tue 12/21/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1041 [GMT -5:00]
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\MotionBased\Agent\MBAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Margaret\My Documents\Downloads\dds.scr
C:\Program Files\Internet Explorer\iexplore.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: File Print FedEx Kinko's: {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: {be5c5dfe-f009-4eec-a96e-0b7b441cb835} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: File Print FedEx Kinko's: {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Regscan] c:\windows\system32\regscan.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe
mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\margaret\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\margaret\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\margaret\startm~1\programs\startup\motion~1.lnk - c:\program files\motionbased\agent\MBAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secure~1.lnk - c:\program files\securebackupshare\ComcastSecureBackupSharestat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3E230861-5C87-11D3-A1C6-00105A1B41B8} - {83B28A74-640D-48F4-9F51-E80EED7CC7E0}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/OneClickFix/tgctlsr.cab
DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - hxxp://survey.otxresearch.com/Preloader.dll
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - hxxp://www.sidestep.com/get/k42037/sb02b.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173741447941
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195508015711
DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - hxxp://www.snapfish.com/SnapfishUpload.cab
DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - hxxp://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMeter_preinstaller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} - hxxp://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.308904167760062&file=stamps.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5165/mcfscan.cab
AppInit_DLLs: c:\windows\system32\nobiwole.dll c:\windows\system32\vopegobi.dll c:\windows\system32\yagatezi.dll c:\windows\system32\zifutoro.dll
SSODL: IneUEjX - {806692E9-2ACC-3843-A6D0-552289C94C46} - c:\windows\system32\oc.dll
LSA: Notification Packages = scecli c:\windows\system32\nobiwole.dll
Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
Hosts: 195.245.119.131 browser-security.microsoft.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\margaret\applic~1\mozilla\firefox\profiles\ksd0iqt0.default\
FF - plugin: c:\documents and settings\margaret\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
FF - Ext: XUL Cache: {056B84C7-14C1-422C-AF9C-4E1C348838EF} - c:\documents and settings\margaret\local settings\application data\{056B84C7-14C1-422C-AF9C-4E1C348838EF}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-4 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-21 165584]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-21 11608]
R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\windows\system32\drivers\ComcastSecureBackupShare.sys [2010-3-16 54776]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-4-2 214664]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-21 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-21 267944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-21 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-21 40384]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-21 61960]
R2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;c:\program files\securebackupshare\ComcastSecureBackupSharebackup.exe [2010-2-9 45896]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-21 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-21 40384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-15 38224]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-7 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-4-2 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-4-2 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-4-2 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-4-2 40552]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 WCG200V2XP;Linksys WCG200 ver. 2 Wireless-G Cable Gateway;c:\windows\system32\drivers\WCG200V2XP.sys [2007-10-8 14336]
=============== Created Last 30 ================
2010-12-21 19:22:41 38848 ----a-w- c:\windows\avastSS.scr
2010-12-21 17:43:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-12-21 16:40:45 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-21 16:40:45 -------- d-----w- c:\program files\Avira
2010-12-21 16:40:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-12-15 21:42:26 -------- d-----w- c:\program files\Lexia
2010-12-08 13:57:39 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-08 13:53:41 -------- d-----w- c:\docume~1\margaret\locals~1\applic~1\Sunbelt Software
2010-12-08 13:47:38 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-07 02:31:21 53248 ----a-w- c:\windows\system32\drivers\sst696.sys
2010-12-02 16:43:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-02 16:43:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-02 16:43:08 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-12-02 12:50:03 -------- d-----w- c:\program files\iPod
2010-12-02 12:50:01 -------- d-----w- c:\program files\iTunes
2010-12-02 01:34:05 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2010-12-02 01:34:05 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
==================== Find3M ====================
2010-12-03 09:05:33 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
============= FINISH: 15:09:35.03 ===============
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-21 14:56:58
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.08.0
Running: 9q538qsf.exe; Driver: C:\DOCUME~1\Margaret\LOCALS~1\Temp\uwliapow.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8AEF50A]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA8AEF32E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA8AEF468]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Threads - GMER 1.0.15 ----
Thread System [4:144] 8A3E558D
Thread System [4:148] 8A3E6876
---- EOF - GMER 1.0.15 ----
Avira AntiVir Personal
Report file date: Tuesday, December 21, 2010 12:06
Scanning for 2282993 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Margaret
Computer name : ALLTACKLE
Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 12/13/2010 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/13/2010 13:39:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/13/2010 13:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 17:05:44
VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 17:05:44
VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 17:05:44
VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 17:05:44
VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 17:05:45
VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 17:05:45
VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 17:05:45
VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 17:05:45
VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 17:05:45
VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 17:05:45
VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 17:05:45
VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 17:05:45
VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 17:05:46
VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 17:05:51
VBASE015.VDF : 7.11.0.92 2048 Bytes 12/20/2010 17:05:51
VBASE016.VDF : 7.11.0.93 2048 Bytes 12/20/2010 17:05:51
VBASE017.VDF : 7.11.0.94 2048 Bytes 12/20/2010 17:05:51
VBASE018.VDF : 7.11.0.95 2048 Bytes 12/20/2010 17:05:51
VBASE019.VDF : 7.11.0.96 2048 Bytes 12/20/2010 17:05:51
VBASE020.VDF : 7.11.0.97 2048 Bytes 12/20/2010 17:05:52
VBASE021.VDF : 7.11.0.98 2048 Bytes 12/20/2010 17:05:52
VBASE022.VDF : 7.11.0.99 2048 Bytes 12/20/2010 17:05:52
VBASE023.VDF : 7.11.0.100 2048 Bytes 12/20/2010 17:05:52
VBASE024.VDF : 7.11.0.101 2048 Bytes 12/20/2010 17:05:52
VBASE025.VDF : 7.11.0.102 2048 Bytes 12/20/2010 17:05:52
VBASE026.VDF : 7.11.0.103 2048 Bytes 12/20/2010 17:05:52
VBASE027.VDF : 7.11.0.104 2048 Bytes 12/20/2010 17:05:52
VBASE028.VDF : 7.11.0.105 2048 Bytes 12/20/2010 17:05:53
VBASE029.VDF : 7.11.0.106 2048 Bytes 12/20/2010 17:05:53
VBASE030.VDF : 7.11.0.107 2048 Bytes 12/20/2010 17:05:53
VBASE031.VDF : 7.11.0.119 117248 Bytes 12/21/2010 17:05:54
Engineversion : 8.2.4.126
AEVDF.DLL : 8.1.2.1 106868 Bytes 12/13/2010 13:39:51
AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 12/13/2010 13:39:51
AESCN.DLL : 8.1.7.2 127349 Bytes 12/13/2010 13:39:50
AESBX.DLL : 8.1.3.2 254324 Bytes 12/13/2010 13:39:50
AERDL.DLL : 8.1.9.2 635252 Bytes 12/13/2010 13:39:50
AEPACK.DLL : 8.2.4.5 512375 Bytes 12/21/2010 17:06:03
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 12/13/2010 13:39:49
AEHEUR.DLL : 8.1.2.57 3142008 Bytes 12/21/2010 17:06:02
AEHELP.DLL : 8.1.16.0 246136 Bytes 12/13/2010 13:39:42
AEGEN.DLL : 8.1.5.0 397685 Bytes 12/13/2010 13:39:42
AEEMU.DLL : 8.1.3.0 393589 Bytes 12/13/2010 13:39:42
AECORE.DLL : 8.1.19.0 196984 Bytes 12/13/2010 13:39:41
AEBB.DLL : 8.1.1.0 53618 Bytes 12/13/2010 13:39:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/13/2010 13:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 12/13/2010 13:39:54
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 19:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 12/13/2010 13:39:54
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/13/2010 13:39:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/13/2010 13:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/13/2010 13:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/13/2010 13:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 19:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/13/2010 13:40:20
Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: Tuesday, December 21, 2010 12:06
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'agent.exe' - '1' Module(s) have been scanned
Scan process 'isuspm.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'scrnsave.scr' - '1' Module(s) have been scanned
Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
Scan process 'stxmenumgr.exe' - '1' Module(s) have been scanned
Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
Scan process 'AAWService.exe' - '1' Module(s) have been scanned
Scan process 'agent.exe' - '1' Module(s) have been scanned
Scan process 'isuspm.exe' - '1' Module(s) have been scanned
Scan process 'Pmsb.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'ymsgr_tray.exe' - '1' Module(s) have been scanned
Scan process 'MBAgent.exe' - '1' Module(s) have been scanned
Scan process 'Ding.exe' - '1' Module(s) have been scanned
Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned
Scan process 'ComcastSecureBackupSharestat.exe' - '1' Module(s) have been scanned
Scan process 'AcroTray.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'lexpps.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'OpwareSE2.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned
Scan process 'CTDVDDet.EXE' - '1' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
Scan process 'IntelMEM.exe' - '1' Module(s) have been scanned
Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned
Scan process 'iaanotif.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned
Scan process 'ComcastSecureBackupSharestat.exe' - '1' Module(s) have been scanned
Scan process 'AcroTray.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'OpwareSE2.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned
Scan process 'CTDVDDet.EXE' - '1' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned
Scan process 'iaanotif.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'ComcastSecureBackupSharebackup.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'ComcastSecureBackupSharebackup.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ViewMgr.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'iaantmon.exe' - '1' Module(s) have been scanned
Scan process 'FreeAgentService.exe' - '1' Module(s) have been scanned
Scan process 'CTsvcCDA.exe' - '1' Module(s) have been scanned
Scan process 'ComcastSecureBackupSharebackup.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Starting to scan executable files (registry).
The registry was scanned ( '1870' files ).
End of the scan: Tuesday, December 21, 2010 12:07
Used time: 00:53 Minute(s)
The scan has been done completely.
0 Scanned directories
2415 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2415 Files not concerned
5 Archives were scanned
0 Warnings
0 Notes
My logs:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3930
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
12/21/2010 2:46:30 PM
mbam-log-2010-12-21 (14-46-30).txt
Scan type: Quick scan
Objects scanned: 135838
Time elapsed: 16 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
DDS (Ver_10-12-12.02) - NTFSx86
Run by Margaret at 14:59:16.78 on Tue 12/21/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1041 [GMT -5:00]
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\MotionBased\Agent\MBAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Margaret\My Documents\Downloads\dds.scr
C:\Program Files\Internet Explorer\iexplore.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: File Print FedEx Kinko's: {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: {be5c5dfe-f009-4eec-a96e-0b7b441cb835} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: File Print FedEx Kinko's: {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Regscan] c:\windows\system32\regscan.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe
mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\margaret\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\margaret\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\margaret\startm~1\programs\startup\motion~1.lnk - c:\program files\motionbased\agent\MBAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secure~1.lnk - c:\program files\securebackupshare\ComcastSecureBackupSharestat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3E230861-5C87-11D3-A1C6-00105A1B41B8} - {83B28A74-640D-48F4-9F51-E80EED7CC7E0}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/OneClickFix/tgctlsr.cab
DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - hxxp://survey.otxresearch.com/Preloader.dll
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - hxxp://www.sidestep.com/get/k42037/sb02b.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173741447941
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195508015711
DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - hxxp://www.snapfish.com/SnapfishUpload.cab
DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - hxxp://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMeter_preinstaller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} - hxxp://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.308904167760062&file=stamps.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5165/mcfscan.cab
AppInit_DLLs: c:\windows\system32\nobiwole.dll c:\windows\system32\vopegobi.dll c:\windows\system32\yagatezi.dll c:\windows\system32\zifutoro.dll
SSODL: IneUEjX - {806692E9-2ACC-3843-A6D0-552289C94C46} - c:\windows\system32\oc.dll
LSA: Notification Packages = scecli c:\windows\system32\nobiwole.dll
Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
Hosts: 195.245.119.131 browser-security.microsoft.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\margaret\applic~1\mozilla\firefox\profiles\ksd0iqt0.default\
FF - plugin: c:\documents and settings\margaret\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
FF - Ext: XUL Cache: {056B84C7-14C1-422C-AF9C-4E1C348838EF} - c:\documents and settings\margaret\local settings\application data\{056B84C7-14C1-422C-AF9C-4E1C348838EF}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-4 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-21 165584]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-21 11608]
R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\windows\system32\drivers\ComcastSecureBackupShare.sys [2010-3-16 54776]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-4-2 214664]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-21 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-21 267944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-21 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-21 40384]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-21 61960]
R2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;c:\program files\securebackupshare\ComcastSecureBackupSharebackup.exe [2010-2-9 45896]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-21 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-21 40384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-15 38224]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-7 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-4-2 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-4-2 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-4-2 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-4-2 40552]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 WCG200V2XP;Linksys WCG200 ver. 2 Wireless-G Cable Gateway;c:\windows\system32\drivers\WCG200V2XP.sys [2007-10-8 14336]
=============== Created Last 30 ================
2010-12-21 19:22:41 38848 ----a-w- c:\windows\avastSS.scr
2010-12-21 17:43:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-12-21 16:40:45 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-21 16:40:45 -------- d-----w- c:\program files\Avira
2010-12-21 16:40:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-12-15 21:42:26 -------- d-----w- c:\program files\Lexia
2010-12-08 13:57:39 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-08 13:53:41 -------- d-----w- c:\docume~1\margaret\locals~1\applic~1\Sunbelt Software
2010-12-08 13:47:38 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-07 02:31:21 53248 ----a-w- c:\windows\system32\drivers\sst696.sys
2010-12-02 16:43:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-02 16:43:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-02 16:43:08 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-12-02 12:50:03 -------- d-----w- c:\program files\iPod
2010-12-02 12:50:01 -------- d-----w- c:\program files\iTunes
2010-12-02 01:34:05 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2010-12-02 01:34:05 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
==================== Find3M ====================
2010-12-03 09:05:33 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
============= FINISH: 15:09:35.03 ===============
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-21 14:56:58
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.08.0
Running: 9q538qsf.exe; Driver: C:\DOCUME~1\Margaret\LOCALS~1\Temp\uwliapow.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8AEF50A]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA8AEF32E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA8AEF468]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Threads - GMER 1.0.15 ----
Thread System [4:144] 8A3E558D
Thread System [4:148] 8A3E6876
---- EOF - GMER 1.0.15 ----
Avira AntiVir Personal
Report file date: Tuesday, December 21, 2010 12:06
Scanning for 2282993 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Margaret
Computer name : ALLTACKLE
Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 12/13/2010 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/13/2010 13:39:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/13/2010 13:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 17:05:44
VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 17:05:44
VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 17:05:44
VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 17:05:44
VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 17:05:45
VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 17:05:45
VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 17:05:45
VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 17:05:45
VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 17:05:45
VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 17:05:45
VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 17:05:45
VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 17:05:45
VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 17:05:46
VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 17:05:51
VBASE015.VDF : 7.11.0.92 2048 Bytes 12/20/2010 17:05:51
VBASE016.VDF : 7.11.0.93 2048 Bytes 12/20/2010 17:05:51
VBASE017.VDF : 7.11.0.94 2048 Bytes 12/20/2010 17:05:51
VBASE018.VDF : 7.11.0.95 2048 Bytes 12/20/2010 17:05:51
VBASE019.VDF : 7.11.0.96 2048 Bytes 12/20/2010 17:05:51
VBASE020.VDF : 7.11.0.97 2048 Bytes 12/20/2010 17:05:52
VBASE021.VDF : 7.11.0.98 2048 Bytes 12/20/2010 17:05:52
VBASE022.VDF : 7.11.0.99 2048 Bytes 12/20/2010 17:05:52
VBASE023.VDF : 7.11.0.100 2048 Bytes 12/20/2010 17:05:52
VBASE024.VDF : 7.11.0.101 2048 Bytes 12/20/2010 17:05:52
VBASE025.VDF : 7.11.0.102 2048 Bytes 12/20/2010 17:05:52
VBASE026.VDF : 7.11.0.103 2048 Bytes 12/20/2010 17:05:52
VBASE027.VDF : 7.11.0.104 2048 Bytes 12/20/2010 17:05:52
VBASE028.VDF : 7.11.0.105 2048 Bytes 12/20/2010 17:05:53
VBASE029.VDF : 7.11.0.106 2048 Bytes 12/20/2010 17:05:53
VBASE030.VDF : 7.11.0.107 2048 Bytes 12/20/2010 17:05:53
VBASE031.VDF : 7.11.0.119 117248 Bytes 12/21/2010 17:05:54
Engineversion : 8.2.4.126
AEVDF.DLL : 8.1.2.1 106868 Bytes 12/13/2010 13:39:51
AESCRIPT.DLL : 8.1.3.48 1286524 Bytes 12/13/2010 13:39:51
AESCN.DLL : 8.1.7.2 127349 Bytes 12/13/2010 13:39:50
AESBX.DLL : 8.1.3.2 254324 Bytes 12/13/2010 13:39:50
AERDL.DLL : 8.1.9.2 635252 Bytes 12/13/2010 13:39:50
AEPACK.DLL : 8.2.4.5 512375 Bytes 12/21/2010 17:06:03
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 12/13/2010 13:39:49
AEHEUR.DLL : 8.1.2.57 3142008 Bytes 12/21/2010 17:06:02
AEHELP.DLL : 8.1.16.0 246136 Bytes 12/13/2010 13:39:42
AEGEN.DLL : 8.1.5.0 397685 Bytes 12/13/2010 13:39:42
AEEMU.DLL : 8.1.3.0 393589 Bytes 12/13/2010 13:39:42
AECORE.DLL : 8.1.19.0 196984 Bytes 12/13/2010 13:39:41
AEBB.DLL : 8.1.1.0 53618 Bytes 12/13/2010 13:39:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/13/2010 13:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 12/13/2010 13:39:54
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 19:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 12/13/2010 13:39:54
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/13/2010 13:39:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/13/2010 13:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/13/2010 13:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/13/2010 13:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 19:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/13/2010 13:40:20
Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: Tuesday, December 21, 2010 12:06
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'agent.exe' - '1' Module(s) have been scanned
Scan process 'isuspm.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'scrnsave.scr' - '1' Module(s) have been scanned
Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
Scan process 'stxmenumgr.exe' - '1' Module(s) have been scanned
Scan process 'AAWTray.exe' - '1' Module(s) have been scanned
Scan process 'AAWService.exe' - '1' Module(s) have been scanned
Scan process 'agent.exe' - '1' Module(s) have been scanned
Scan process 'isuspm.exe' - '1' Module(s) have been scanned
Scan process 'Pmsb.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'ymsgr_tray.exe' - '1' Module(s) have been scanned
Scan process 'MBAgent.exe' - '1' Module(s) have been scanned
Scan process 'Ding.exe' - '1' Module(s) have been scanned
Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned
Scan process 'ComcastSecureBackupSharestat.exe' - '1' Module(s) have been scanned
Scan process 'AcroTray.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'lexpps.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'OpwareSE2.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned
Scan process 'CTDVDDet.EXE' - '1' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
Scan process 'IntelMEM.exe' - '1' Module(s) have been scanned
Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned
Scan process 'iaanotif.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned
Scan process 'ComcastSecureBackupSharestat.exe' - '1' Module(s) have been scanned
Scan process 'AcroTray.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'OpwareSE2.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned
Scan process 'CTDVDDet.EXE' - '1' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned
Scan process 'iaanotif.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'ComcastSecureBackupSharebackup.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'ComcastSecureBackupSharebackup.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ViewMgr.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'iaantmon.exe' - '1' Module(s) have been scanned
Scan process 'FreeAgentService.exe' - '1' Module(s) have been scanned
Scan process 'CTsvcCDA.exe' - '1' Module(s) have been scanned
Scan process 'ComcastSecureBackupSharebackup.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Starting to scan executable files (registry).
The registry was scanned ( '1870' files ).
End of the scan: Tuesday, December 21, 2010 12:07
Used time: 00:53 Minute(s)
The scan has been done completely.
0 Scanned directories
2415 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2415 Files not concerned
5 Archives were scanned
0 Warnings
0 Notes