Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijack this log


  • This topic is locked This topic is locked
71 replies to this topic

#1 smvoelk

smvoelk

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 25 August 2009 - 08:38 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:18:33 PM, on 8/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Sprint music manager\MEMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pair.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-08.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU "C:\WINDOWS\TEMP\E_SD5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU "C:\WINDOWS\TEMP\E_SA7.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-21-378831066-972945493-2530127344-500\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Administrator')
O4 - Startup: MEMonitor.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1116561757562
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} (Image Uploader Control) - http://www.evite.com/html/imageUpload/ImageUploader4.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 10551 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:50 AM

Posted 27 August 2009 - 11:23 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 smvoelk

smvoelk
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 27 August 2009 - 05:19 PM

OTL logfile created on: 8/27/2009 6:13:32 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Susan Voelker\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 86.05 Mb Available Physical Memory | 16.87% Memory free
1.22 Gb Paging File | 0.40 Gb Available in Paging File | 32.56% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.24 Gb Total Space | 54.97 Gb Free Space | 78.27% Space Free | Partition Type: NTFS
Drive D: | 52.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUZ
Current User Name: Susan Voelker
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/07/03 10:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2004/10/14 20:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2005/04/13 03:48:52 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
PRC - [2003/09/03 21:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2004/10/12 17:54:30 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/12/06 02:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2005/09/20 10:32:24 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/19 18:59:31 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/07/22 22:44:48 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/08/19 19:01:47 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/19 19:01:27 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/07/22 22:44:50 | 01,181,064 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/08/19 19:01:12 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/19 19:01:44 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/02/06 12:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2004/08/04 06:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2009/02/06 12:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/07/24 17:12:16 | 02,916,816 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsGui.exe
PRC - [2009/08/04 23:08:13 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/08/10 20:46:20 | 00,755,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\update\update.exe
PRC - [2009/07/03 10:49:06 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/08/27 18:11:26 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan Voelker\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/19 19:01:12 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/08/19 18:59:31 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2004/08/04 06:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/07/03 10:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2003/12/17 14:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2009/07/22 22:44:48 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2002/07/17 08:05:10 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\DRIVERS\ASPI32.sys -- (ASPI [On_Demand | Stopped])
DRV - [2009/08/19 19:01:45 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/08/19 19:01:45 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/19 14:44:38 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2006/10/27 09:48:42 | 00,018,944 | R--- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\Drivers\busbcrw.sys -- (busbcrw [On_Demand | Stopped])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2004/12/01 04:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2004/11/23 03:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2004/02/10 22:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/09/20 11:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2004/03/06 05:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Running])
DRV - [2004/03/06 05:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Running])
DRV - [2004/06/16 04:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Running])
DRV - [2009/07/03 10:49:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2004/03/06 05:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Running])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2003/04/02 19:54:16 | 00,020,648 | R--- | M] (Thomson Inc.) -- C:\WINDOWS\System32\DRIVERS\netrcacm.sys -- (netrcacm [On_Demand | Stopped])
DRV - [2007/11/15 16:30:48 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys -- (npf [Auto | Running])
DRV - [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2008/10/11 12:31:11 | 00,016,694 | ---- | M] (PalmSource, Inc.) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2009/04/03 10:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/08/02 03:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/09/17 15:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
DRV - [2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2005/01/27 22:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2004/07/14 12:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2004/07/14 12:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2004/12/06 02:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2004/12/06 02:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2004/12/06 02:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2004/12/06 02:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2004/12/06 02:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2004/12/06 02:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2004/12/06 02:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2004/12/06 02:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2004/12/06 02:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-21-378831066-972945493-2530127344-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-378831066-972945493-2530127344-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-378831066-972945493-2530127344-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-378831066-972945493-2530127344-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-378831066-972945493-2530127344-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-378831066-972945493-2530127344-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pair.com/
IE - HKU\S-1-5-21-378831066-972945493-2530127344-1006\S-1-5-21-378831066-972945493-2530127344-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/18 18:51:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 23:08:25 | 00,000,000 | ---D | M]

[2009/01/27 20:25:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Susan Voelker\Application Data\mozilla\Extensions
[2009/01/27 20:25:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Susan Voelker\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/27 18:08:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Susan Voelker\Application Data\mozilla\Firefox\Profiles\jb1fzdtn.default\extensions
[2008/12/11 20:06:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Susan Voelker\Application Data\mozilla\Firefox\Profiles\jb1fzdtn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/01/27 20:25:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/05/26 21:23:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/08/04 23:08:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/04 23:08:13 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 23:08:13 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/08/04 23:08:15 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/05/20 22:32:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/05/20 22:32:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/05/20 22:32:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/05/20 22:32:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/05/20 22:32:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/05/20 22:32:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/05/20 22:32:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/08/26 20:14:48 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2009/01/27 20:22:35 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/27 20:22:36 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/22 15:10:48 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/01/27 20:22:36 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/27 20:22:36 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/27 20:22:36 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/27 20:22:36 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/27 20:22:36 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-378831066-972945493-2530127344-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-378831066-972945493-2530127344-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-378831066-972945493-2530127344-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-378831066-972945493-2530127344-1006..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-378831066-972945493-2530127344-1006..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-378831066-972945493-2530127344-1006..\Run: [EPSON Stylus CX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-378831066-972945493-2530127344-1006..\Run: [EPSON Stylus CX8400 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-378831066-972945493-2530127344-1006..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-378831066-972945493-2530127344-1006..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKU\S-1-5-21-378831066-972945493-2530127344-1006..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\Susan Voelker\Start Menu\Programs\Startup\MEMonitor.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe (Smith Micro Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-378831066-972945493-2530127344-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1116561757562 (WUWebControl Class)
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} http://www.evite.com/html/imageUpload/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (tapi.nfo) - C:\WINDOWS\System32\tapi.nfo ()
O20 - HKLM Winlogon: Shell - (beforeglav) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3834d83a-10e1-11dd-a734-00132000a3fc}\Shell - "" = AutoRun
O33 - MountPoints2\{3834d83a-10e1-11dd-a734-00132000a3fc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3834d83a-10e1-11dd-a734-00132000a3fc}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (/p) - File not found
O34 - HKLM BootExecute: (\??\C:) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[1 C:\Documents and Settings\Susan Voelker\Desktop\*.tmp files]
[2009/08/27 18:11:22 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Susan Voelker\Desktop\OTL.exe
[2009/08/25 19:29:05 | 00,000,262 | -H-- | C] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/08/25 19:29:05 | 00,000,262 | -H-- | C] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/08/25 19:26:29 | 00,025,088 | ---- | C] () -- C:\WINDOWS\System32\tapi.nfo
[2009/08/25 18:12:52 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Susan Voelker\Desktop\HijackThis.lnk
[2009/08/25 18:12:51 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/25 18:12:10 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Susan Voelker\Desktop\HJTInstall.exe
[2009/08/25 00:53:25 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/08/25 00:47:01 | 26,171,928 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Susan Voelker\Desktop\sdsetup(2).exe
[2009/08/25 00:06:19 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/08/25 00:06:15 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2009/08/25 00:06:08 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/08/24 23:41:56 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/08/24 23:41:05 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/08/24 23:41:05 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/08/24 23:40:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/08/24 23:40:17 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/08/24 23:39:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Susan Voelker\Application Data\PC Tools
[2009/08/24 23:39:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/08/24 23:38:08 | 26,171,928 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Susan Voelker\Desktop\sdsetup.exe
[2009/08/24 23:13:37 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/08/24 23:07:22 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/24 23:06:12 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/08/24 23:04:43 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/08/24 23:04:14 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/08/24 23:02:01 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/08/24 23:02:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/08/24 22:45:08 | 60,857,536 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Susan Voelker\Desktop\Ad-AwareAE.exe
[2009/08/24 21:59:46 | 00,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2009/08/24 21:57:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\13025784
[2009/08/24 21:57:37 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
[2009/08/24 21:57:08 | 00,028,164 | ---- | C] () -- C:\WINDOWS\System32\logon.exe
[2009/08/24 19:36:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Susan Voelker\Desktop\temporary
[2009/08/13 01:11:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/08/12 20:48:10 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/12 20:47:03 | 00,655,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2009/08/12 20:40:24 | 09,231,872 | ---- | C] () -- C:\Documents and Settings\Susan Voelker\Desktop\portfolio.ppt
[2009/08/07 10:57:18 | 00,046,826 | ---- | C] () -- C:\Documents and Settings\Susan Voelker\Desktop\Tentacle.jpg
[2009/08/07 10:56:45 | 00,027,229 | ---- | C] () -- C:\Documents and Settings\Susan Voelker\Desktop\octo.jpg
[2009/08/05 05:11:47 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/05/26 19:37:42 | 00,000,040 | ---- | C] () -- C:\WINDOWS\Emblite.INI
[2008/10/07 23:48:24 | 00,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/05/03 16:00:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/05/03 15:58:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2008/03/21 15:29:45 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/03/21 15:27:18 | 00,000,044 | ---- | C] () -- C:\WINDOWS\EPCX8400.ini
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/03 19:22:58 | 00,000,588 | ---- | C] () -- C:\WINDOWS\VIEWER.INI
[2006/08/03 19:29:17 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/04/22 19:00:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/02/09 11:01:38 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2006/02/09 11:01:31 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2005/06/12 22:17:45 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/06/02 15:08:57 | 00,000,860 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/05/15 13:50:19 | 00,001,350 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/05/15 12:30:00 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/05/05 08:53:39 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/05 08:45:33 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/05/05 08:40:50 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/05 08:11:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/05/05 08:10:58 | 00,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 09:08:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:51:28 | 00,000,699 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 13:51:26 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/10 13:51:06 | 00,062,976 | ---- | C] () -- C:\WINDOWS\System32\eventlog.dll
[1999/01/22 22:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 12:00:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[1 C:\Documents and Settings\Susan Voelker\My Documents\*.tmp files]
[1 C:\Documents and Settings\Susan Voelker\Desktop\*.tmp files]
[2009/08/27 18:15:00 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/08/27 18:11:26 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Susan Voelker\Desktop\OTL.exe
[2009/08/27 18:00:03 | 00,000,262 | -H-- | M] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/08/27 18:00:03 | 00,000,262 | -H-- | M] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/08/27 17:49:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/27 17:49:47 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/27 17:49:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/26 01:11:36 | 40,158,011 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/26 01:11:36 | 00,068,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/25 19:24:53 | 00,025,088 | ---- | M] () -- C:\WINDOWS\System32\tapi.nfo
[2009/08/25 18:12:52 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Susan Voelker\Desktop\HijackThis.lnk
[2009/08/25 18:12:16 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Susan Voelker\Desktop\HJTInstall.exe
[2009/08/25 00:53:25 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/08/25 00:47:09 | 26,171,928 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Susan Voelker\Desktop\sdsetup(2).exe
[2009/08/25 00:06:20 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/08/24 23:38:44 | 26,171,928 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Susan Voelker\Desktop\sdsetup.exe
[2009/08/24 23:07:22 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/24 23:04:15 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/08/24 22:54:00 | 60,857,536 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Susan Voelker\Desktop\Ad-AwareAE.exe
[2009/08/24 21:56:46 | 00,028,164 | ---- | M] () -- C:\WINDOWS\System32\logon.exe
[2009/08/19 19:01:48 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/19 19:01:45 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/19 19:01:45 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/13 01:20:14 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/13 01:03:50 | 09,231,872 | ---- | M] () -- C:\Documents and Settings\Susan Voelker\Desktop\portfolio.ppt
[2009/08/07 10:57:18 | 00,046,826 | ---- | M] () -- C:\Documents and Settings\Susan Voelker\Desktop\Tentacle.jpg
[2009/08/07 10:56:47 | 00,027,229 | ---- | M] () -- C:\Documents and Settings\Susan Voelker\Desktop\octo.jpg
[2009/08/05 05:11:47 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 05:11:47 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/07/29 20:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

#4 smvoelk

smvoelk
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 27 August 2009 - 05:21 PM

OTL Extras logfile created on: 8/27/2009 6:13:32 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Susan Voelker\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 86.05 Mb Available Physical Memory | 16.87% Memory free
1.22 Gb Paging File | 0.40 Gb Available in Paging File | 32.56% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.24 Gb Total Space | 54.97 Gb Free Space | 78.27% Space Free | Partition Type: NTFS
Drive D: | 52.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUZ
Current User Name: Susan Voelker
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"80:TCP" = 80:TCP:*:Disabled:Promo
"53:UDP" = 53:UDP:*:Disabled:Promo

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Microsoft Office\Office\FRONTPG.EXE" = C:\Program Files\Microsoft Office\Office\FRONTPG.EXE:*:Enabled:Microsoft FrontPage -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found
"C:\Documents and Settings\Susan Voelker\Desktop\LimeWire\LimeWire.exe" = C:\Documents and Settings\Susan Voelker\Desktop\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- (LimeWire)
"C:\WINDOWS\Temp\_ex-08.exe" = C:\WINDOWS\Temp\_ex-08.exe:*:Disabled:Promo -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}" = EPSON Stylus CX8400 Series Scanner Driver Update
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{32EF6F81-583E-4127-918D-D3768A8957C4}" = Palm
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{44A91B04-3D0C-47F9-B644-7F682869AFF3}" = MobileMe Control Panel
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}" = Safari
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{C989423B-D6BB-4E0D-AEFC-251A27668053}" = PE-DESIGN Lite
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AVG8Uninstall" = AVG Free 8.5
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"KeyboardPublishing" = Utilities
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MyWaySearchAssistantDE" = My Way Search Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"PROSet" = Intel® PRO Network Adapters and Drivers
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Shockwave" = Shockwave
"ShockwaveFlash" = Macromedia Flash Player 8
"Silent Package Run-Time Sample" = EPSON CX8400 User's Guide
"SOLVERTABLE" = SolverTable for Excel
"SprintMusicManagerA" = Sprint music manager
"Spyware Doctor" = Spyware Doctor 6.1
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/24/2009 10:06:21 PM | Computer Name = SUZ | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3498, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/24/2009 10:40:12 PM | Computer Name = SUZ | Source = Application Error | ID = 1000
Description = Faulting application memonitor.exe, version 1.1.0.4, faulting module
memonitor.exe, version 1.1.0.4, fault address 0x0002dd95.

Error - 8/24/2009 11:05:20 PM | Computer Name = SUZ | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 8/24/2009 11:29:21 PM | Computer Name = SUZ | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3498, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/24/2009 11:57:20 PM | Computer Name = SUZ | Source = Application Hang | ID = 1002
Description = Hanging application pctsGui.exe, version 6.1.0.447, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/25/2009 12:00:42 AM | Computer Name = SUZ | Source = Application Hang | ID = 1002
Description = Hanging application pctsGui.exe, version 6.1.0.447, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/25/2009 12:32:17 AM | Computer Name = SUZ | Source = Application Error | ID = 1000
Description = Faulting application memonitor.exe, version 1.1.0.4, faulting module
memonitor.exe, version 1.1.0.4, fault address 0x0002dd95.

Error - 8/25/2009 1:26:35 AM | Computer Name = SUZ | Source = Application Hang | ID = 1002
Description = Hanging application pctsTray.exe, version 6.1.0.26, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/26/2009 7:39:12 AM | Computer Name = SUZ | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2002 -- Error 1706. Setup cannot find the
required files. Check your connection to the network, or CD-ROM drive. For other
potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 8/26/2009 7:40:26 AM | Computer Name = SUZ | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Word 2002 - Update '{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

[ Application Events ]
Error - 8/24/2009 10:06:21 PM | Computer Name = SUZ | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3498, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/24/2009 10:40:12 PM | Computer Name = SUZ | Source = Application Error | ID = 1000
Description = Faulting application memonitor.exe, version 1.1.0.4, faulting module
memonitor.exe, version 1.1.0.4, fault address 0x0002dd95.

Error - 8/24/2009 11:05:20 PM | Computer Name = SUZ | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 8/24/2009 11:29:21 PM | Computer Name = SUZ | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3498, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/24/2009 11:57:20 PM | Computer Name = SUZ | Source = Application Hang | ID = 1002
Description = Hanging application pctsGui.exe, version 6.1.0.447, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/25/2009 12:00:42 AM | Computer Name = SUZ | Source = Application Hang | ID = 1002
Description = Hanging application pctsGui.exe, version 6.1.0.447, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/25/2009 12:32:17 AM | Computer Name = SUZ | Source = Application Error | ID = 1000
Description = Faulting application memonitor.exe, version 1.1.0.4, faulting module
memonitor.exe, version 1.1.0.4, fault address 0x0002dd95.

Error - 8/25/2009 1:26:35 AM | Computer Name = SUZ | Source = Application Hang | ID = 1002
Description = Hanging application pctsTray.exe, version 6.1.0.26, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/26/2009 7:39:12 AM | Computer Name = SUZ | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2002 -- Error 1706. Setup cannot find the
required files. Check your connection to the network, or CD-ROM drive. For other
potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 8/26/2009 7:40:26 AM | Computer Name = SUZ | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Word 2002 - Update '{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

[ System Events ]
Error - 8/25/2009 9:59:57 PM | Computer Name = SUZ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/25/2009 9:59:57 PM | Computer Name = SUZ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/25/2009 9:59:57 PM | Computer Name = SUZ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/25/2009 9:59:57 PM | Computer Name = SUZ | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/26/2009 7:11:44 AM | Computer Name = SUZ | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 8/26/2009 7:11:44 AM | Computer Name = SUZ | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 8/26/2009 7:40:49 AM | Computer Name = SUZ | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024002d: Office XP Service Pack 3.

Error - 8/26/2009 7:41:43 AM | Computer Name = SUZ | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 8 for Windows XP.

Error - 8/27/2009 5:53:04 PM | Computer Name = SUZ | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 8/27/2009 5:53:07 PM | Computer Name = SUZ | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053


< End of report >

#5 smvoelk

smvoelk
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 27 August 2009 - 06:22 PM

the root repeal is disappearing after the scan happens, not letting me save the report. is that the malware doing that? what can i do to get around it?

#6 smvoelk

smvoelk
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 27 August 2009 - 06:41 PM

when i try to open a new window now, i get an error: cant load driver (0cx00000035)!

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:50 AM

Posted 28 August 2009 - 09:57 AM

Please explain further, a new window?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 smvoelk

smvoelk
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 28 August 2009 - 09:59 AM

i clicked on a new secondary window hoping that i could run a log that it would let me save and then i started getting that error instead of the dissappearing log.

#9 smvoelk

smvoelk
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 28 August 2009 - 10:00 AM

secondary mirror rather, sorry

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:50 AM

Posted 28 August 2009 - 10:20 AM

Let's try something else.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 smvoelk

smvoelk
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 28 August 2009 - 04:01 PM

i got a pop up box that said: Warning GMER has found system modification caused by rootkit activity. log attached

Attached Files

  • Attached File  gmer.txt   281.28KB   8 downloads


#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:50 AM

Posted 28 August 2009 - 04:31 PM

Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 smvoelk

smvoelk
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 28 August 2009 - 05:13 PM

Starting up...
Log file is located at: C:\Documents and Settings\Susan Voelker\Desktop\Win32kDi
ag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Debug\UserMode\UserMode
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ftpcache\ftpcache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C6
48A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary
ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\mui\mui
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ErrorRep\UserDumps\UserDumps
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoi
nt
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKU
s
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Do
wnloaded
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a
3ec79e9aa172e6317f1\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab51935014
84cf5e6884fa1d22f9e\backup\asms\10\policy\policy
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab51935014
84cf5e6884fa1d22f9e\backup\asms\51\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab51935014
84cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab51935014
84cf5e6884fa1d22f9e\backup\asms\52\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab51935014
84cf5e6884fa1d22f9e\backup\asms\52\policy\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab51935014
84cf5e6884fa1d22f9e\backup\asms\60\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab51935014
84cf5e6884fa1d22f9e\backup\asms\70\70
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1025\1025
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1028\1028
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1031\1031
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1037\1037
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1041\1041
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1042\1042
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1054\1054
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\2052\2052
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3076\3076
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D
ata\Adobe\Flash Player\AssetCache\WDDX4FTF\WDDX4FTF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D
ata\Gtek\GTUpdate\AUpdate\Channels\ch1\ch1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D
ata\Gtek\GTUpdate\AUpdate\Channels\ch2\ch2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D
ata\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\{DFF16927-88E6-4EAA-A097-4
60B7E65289B}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D
ata\Macromedia\Flash Player\#SharedObjects\6XJTNBPT\ak.c.ooyala.com\ak.c.ooyala.
com
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D
ata\Macromedia\Flash Player\#SharedObjects\6XJTNBPT\media.scanscout.com\media.sc
anscout.com
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D
ata\Microsoft\AddIns\AddIns
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D
ata\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-
1708537768-616249376-725345543-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D
ata\Microsoft\Credentials\S-1-5-21-378831066-972945493-2530127344-1003\S-1-5-21-
378831066-972945493-2530127344-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D
ata\Microsoft\Crypto\RSA\S-1-5-21-378831066-972945493-2530127344-1003\S-1-5-21-3
78831066-972945493-2530127344-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D
ata\Microsoft\Media Player\Media Player
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D
ata\Microsoft\Proof\Proof
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D
ata\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D
ata\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D
ata\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D
ata\Microsoft\Templates\Templates
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D
ata\Microsoft\Word\STARTUP\STARTUP
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D
ata\Sun\Java\Deployment\javaws\cache\cache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application D
ata\Symantec\Symantec
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Deskt
op
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Setting
s\Application Data\Microsoft\CD Burning\CD Burning
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Setting
s\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543
-1003\S-1-5-21-1708537768-616249376-725345543-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Setting
s\Application Data\Microsoft\Credentials\S-1-5-21-378831066-972945493-2530127344
-1003\S-1-5-21-378831066-972945493-2530127344-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Setting
s\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHo
od
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\Pri
ntHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\dhcp\dhcp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\dumprep.exe

Attached Files

  • Attached File  log.txt   11.45KB   4 downloads


#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:50 AM

Posted 29 August 2009 - 10:57 AM

You've got the new and quite nasty rootkit infection. We're going to need just a bit more info before we start on it.

Download and run a batch file (peek.bat):
  • Download peek.bat from the download link below and save it to your Desktop.
  • Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running.
  • Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.
==========
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 smvoelk

smvoelk
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 29 August 2009 - 02:51 PM

Volume in drive C has no label.
Volume Serial Number is F4B9-6C10

Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e

04/13/2008 08:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e

04/13/2008 08:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e

04/13/2008 08:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

08/04/2004 06:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\system32

08/04/2004 06:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

08/04/2004 06:00 AM 62,976 eventlog.dll
3 File(s) 650,240 bytes

Total Files Listed:
6 File(s) 1,294,848 bytes
0 Dir(s) 58,489,700,352 bytes free


I really appreciate you helping me Sam!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users