Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

daughter's laptop infected


  • This topic is locked This topic is locked
54 replies to this topic

#1 jckbredwards

jckbredwards

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 31 January 2010 - 09:14 PM

Had the "internet security 2010" virus/malware trojan. Now google chrome gets redirected after showing legit addresses. Firefox crashes constantly, task manager won't work. Am now running MBM and superanti spyware. HAve Defender adn AVG installed. Running windows xp sp3 on a dell latitude 820 laptop. Here is the hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:48 PM, on 1/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\unzipped\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 3599 bytes


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 PM

Posted 31 January 2010 - 09:20 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  7. Push
  8. A report will open. Copy and Paste that report in your next reply.
  9. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

===========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

===========

With your next post please provide:

* OTL.txt
* Extra.txt
* Gmer log

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 jckbredwards

jckbredwards
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 31 January 2010 - 09:49 PM

just wanted to make sure this is ok. I'm seeking to repair/fix my daughter's laptop but I am not using that to communicate with you. I am using my desk top. So I am downloaidng the OTL etc to a flash drive using my computer then taking the flash and plugging it in her laptop and installing to her desktop. That is ok correct?

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 PM

Posted 31 January 2010 - 10:18 PM

That is ok but not necessary. If you are going to use a flash drive we better immunize that flash drive just in case the laptop has an autorun infection onboard. It would be a bummer if you infected your PC too.

It would probably be easiest for you to execute my instructions directly on the infected computer though. There is going to be specific instructions that will require you to use that computer.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Kind regards,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 jckbredwards

jckbredwards
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 31 January 2010 - 10:19 PM

Bad news. I installed the OTL adn ran the scan. It completed but when I tried to save it to attache to a reply the computer froze. The mouse would move but clicking on anything did not work. So I could not save the otl and other log and could not run the remaining program and get that log. So I have no logs for you. I had to shut the laptop off and am now trying to reboot. If the material is still there on the desktop I will try to save it and attach it to my next reply.

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 PM

Posted 31 January 2010 - 10:22 PM

We cross posted. Please do not miss my previous post!!!

Before you re-run the applications I recommended do this 1st.

RKill by Grinler
Link #1
Link #2
Link #3
Link #4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 jckbredwards

jckbredwards
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 31 January 2010 - 10:56 PM

I rebooted, got all the anti stuff stopped adn then the computer froze again. This is happening all the time now. I open a program click a couple of times on something then it all freezes up and I have manually shut it down and start over. I am rebooting and have olt and extra and had a gmer scan ready to start when it froze. Is the freezing the virus "defending" itself?

#8 jckbredwards

jckbredwards
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 01 February 2010 - 12:53 AM

Good news and bad news. The good news is that I have otl extra and gmer results. They are on the laptop desktop. I can open them in note pad. The bad news is that every time I try to copy and paste them (or copy and save them to a flash drive) the computer freezes up and nothing happens. Can't go to task mananger or do anything other than turn off the power. That is the only way to shut it down once it freezes. Any sugggestions as to how I can save these and get them to you? Any microsoft product causes a freez/lock up. I've tried word pad notepad and word 2003. Same result each time.



#9 jckbredwards

jckbredwards
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 01 February 2010 - 01:16 AM

Ok, I copied the logs into a separate file and will attach that folder to this, I hope. You'll have to open these b/c every time I try to copy and paste this freezes up. If this doesn't work I'll take the flash drive to the desktop computer and try it from there.

Attached Files



#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 PM

Posted 01 February 2010 - 09:09 AM

Very well done. clapping.gif

I am going to copy and paste the logs for you. It is easier for me to evaluate that way. My instructions will follow in the next post.

Until we get your computer running better it is alright if you need to attach the logs.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-31 22:20:56
Windows 5.1.2600 Service Pack 3
Running: bs1l3f94.exe; Driver: C:\DOCUME~1\Kelsey1\LOCALS~1\Temp\uxtdqpoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF73AD7A4]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5793360, 0x212B5D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\WLTRYSVC.EXE[460] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 009328F5
.text C:\WINDOWS\System32\WLTRYSVC.EXE[460] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00932781
.text C:\WINDOWS\System32\WLTRYSVC.EXE[460] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00932873
.text C:\WINDOWS\System32\WLTRYSVC.EXE[460] WS2_32.dll!recv 71AB676F 5 Bytes JMP 009327B9
.text C:\WINDOWS\System32\WLTRYSVC.EXE[460] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 009327F1
.text C:\WINDOWS\System32\bcmwltry.exe[476] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 014B28F5
.text C:\WINDOWS\System32\bcmwltry.exe[476] WS2_32.dll!send 71AB4C27 5 Bytes JMP 014B2781
.text C:\WINDOWS\System32\bcmwltry.exe[476] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 014B2873
.text C:\WINDOWS\System32\bcmwltry.exe[476] WS2_32.dll!recv 71AB676F 5 Bytes JMP 014B27B9
.text C:\WINDOWS\System32\bcmwltry.exe[476] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 014B27F1
.text C:\WINDOWS\System32\SCardSvr.exe[584] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00A128F5
.text C:\WINDOWS\System32\SCardSvr.exe[584] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A12781
.text C:\WINDOWS\System32\SCardSvr.exe[584] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00A12873
.text C:\WINDOWS\System32\SCardSvr.exe[584] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00A127B9
.text C:\WINDOWS\System32\SCardSvr.exe[584] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00A127F1
.text C:\WINDOWS\system32\wscntfy.exe[672] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 008828F5
.text C:\WINDOWS\system32\wscntfy.exe[672] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00882781
.text C:\WINDOWS\system32\wscntfy.exe[672] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00882873
.text C:\WINDOWS\system32\wscntfy.exe[672] WS2_32.dll!recv 71AB676F 5 Bytes JMP 008827B9
.text C:\WINDOWS\system32\wscntfy.exe[672] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 008827F1
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[816] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 011928F5
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[816] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01192781
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[816] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01192873
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[816] WS2_32.dll!recv 71AB676F 5 Bytes JMP 011927B9
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[816] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 011927F1
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1036] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 071E28F5
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1036] WS2_32.dll!send 71AB4C27 5 Bytes JMP 071E2781
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1036] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 071E2873
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1036] WS2_32.dll!recv 71AB676F 5 Bytes JMP 071E27B9
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1036] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 071E27F1
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1196] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 015528F5
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1196] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01552781
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1196] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01552873
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1196] WS2_32.dll!recv 71AB676F 5 Bytes JMP 015527B9
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1196] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 015527F1
.text C:\Program Files\Windows Defender\MsMpEng.exe[1308] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01AF28F5
.text C:\Program Files\Windows Defender\MsMpEng.exe[1308] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01AF2781
.text C:\Program Files\Windows Defender\MsMpEng.exe[1308] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01AF2873
.text C:\Program Files\Windows Defender\MsMpEng.exe[1308] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01AF27B9
.text C:\Program Files\Windows Defender\MsMpEng.exe[1308] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01AF27F1
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1620] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 06A528F5
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1620] WS2_32.dll!send 71AB4C27 5 Bytes JMP 06A52781
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1620] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 06A52873
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1620] WS2_32.dll!recv 71AB676F 5 Bytes JMP 06A527B9
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1620] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 06A527F1
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1840] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 017428F5
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1840] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01742781
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1840] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01742873
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1840] WS2_32.dll!recv 71AB676F 5 Bytes JMP 017427B9
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1840] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 017427F1
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1904] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02A128F5
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1904] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02A12781
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1904] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02A12873
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1904] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02A127B9
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1904] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02A127F1
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1980] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 014B28F5
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1980] WS2_32.dll!send 71AB4C27 5 Bytes JMP 014B2781
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1980] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 014B2873
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1980] WS2_32.dll!recv 71AB676F 5 Bytes JMP 014B27B9
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1980] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 014B27F1
.text C:\WINDOWS\system32\SearchIndexer.exe[2284] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2284] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0B1828F5
.text C:\WINDOWS\system32\SearchIndexer.exe[2284] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0B182781
.text C:\WINDOWS\system32\SearchIndexer.exe[2284] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0B182873
.text C:\WINDOWS\system32\SearchIndexer.exe[2284] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0B1827B9
.text C:\WINDOWS\system32\SearchIndexer.exe[2284] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0B1827F1
.text C:\WINDOWS\explorer.exe[2520] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D128F5
.text C:\WINDOWS\explorer.exe[2520] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D12781
.text C:\WINDOWS\explorer.exe[2520] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00D12873
.text C:\WINDOWS\explorer.exe[2520] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D127B9
.text C:\WINDOWS\explorer.exe[2520] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D127F1
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2528] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 018A28F5
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2528] WS2_32.dll!send 71AB4C27 5 Bytes JMP 018A2781
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2528] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 018A2873
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2528] WS2_32.dll!recv 71AB676F 5 Bytes JMP 018A27B9
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2528] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 018A27F1
.text C:\WINDOWS\system32\wuauclt.exe[2576] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 029328F5
.text C:\WINDOWS\system32\wuauclt.exe[2576] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02932781
.text C:\WINDOWS\system32\wuauclt.exe[2576] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02932873
.text C:\WINDOWS\system32\wuauclt.exe[2576] WS2_32.dll!recv 71AB676F 5 Bytes JMP 029327B9
.text C:\WINDOWS\system32\wuauclt.exe[2576] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 029327F1
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[3000] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 009F28F5
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[3000] WS2_32.dll!send 71AB4C27 5 Bytes JMP 009F2781
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[3000] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 009F2873
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[3000] WS2_32.dll!recv 71AB676F 5 Bytes JMP 009F27B9
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[3000] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 009F27F1
.text C:\WINDOWS\system32\ctfmon.exe[3288] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00CD28F5
.text C:\WINDOWS\system32\ctfmon.exe[3288] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00CD2781
.text C:\WINDOWS\system32\ctfmon.exe[3288] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00CD2873
.text C:\WINDOWS\system32\ctfmon.exe[3288] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00CD27B9
.text C:\WINDOWS\system32\ctfmon.exe[3288] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00CD27F1
.text C:\WINDOWS\System32\alg.exe[3460] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E228F5
.text C:\WINDOWS\System32\alg.exe[3460] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E22781
.text C:\WINDOWS\System32\alg.exe[3460] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E22873
.text C:\WINDOWS\System32\alg.exe[3460] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E227B9
.text C:\WINDOWS\System32\alg.exe[3460] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E227F1
.text F:\bs1l3f94.exe[3712] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00FB28F5
.text F:\bs1l3f94.exe[3712] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00FB2781
.text F:\bs1l3f94.exe[3712] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00FB2873
.text F:\bs1l3f94.exe[3712] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00FB27B9
.text F:\bs1l3f94.exe[3712] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00FB27F1
.text C:\WINDOWS\system32\SearchFilterHost.exe[3724] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E128F5
.text C:\WINDOWS\system32\SearchFilterHost.exe[3724] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E12781
.text C:\WINDOWS\system32\SearchFilterHost.exe[3724] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E12873
.text C:\WINDOWS\system32\SearchFilterHost.exe[3724] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E127B9
.text C:\WINDOWS\system32\SearchFilterHost.exe[3724] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E127F1
.text C:\WINDOWS\system32\SearchProtocolHost.exe[3940] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00FA28F5
.text C:\WINDOWS\system32\SearchProtocolHost.exe[3940] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00FA2781
.text C:\WINDOWS\system32\SearchProtocolHost.exe[3940] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00FA2873
.text C:\WINDOWS\system32\SearchProtocolHost.exe[3940] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00FA27B9
.text C:\WINDOWS\system32\SearchProtocolHost.exe[3940] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00FA27F1

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI \Device\0000009b 86F70A80

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\ACPI \Device\0000009d 86F70A80
Device \Driver\ACPI \Device\0000009f 86F70A80
Device \Driver\ACPI \Device\00000050 86F70A80
Device \Driver\ACPI \Device\00000051 86F70A80
Device \Driver\ACPI \Device\00000052 86F70A80
Device \Driver\ACPI \Device\00000053 86F70A80
Device \Driver\ACPI \Device\00000054 86F70A80
Device \Driver\ACPI \Device\00000061 86F70A80
Device \Driver\ACPI \Device\00000055 86F70A80

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\atapi \Device\Ide\IdePort0 sdcplh.sys
Device \Driver\atapi \Device\Ide\IdePort1 sdcplh.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sdcplh.sys
Device \Driver\ACPI \Device\00000068 86F70A80
Device \Driver\ACPI \Device\000000a8 86F70A80
Device \Driver\ACPI \Device\00000069 86F70A80
Device \Driver\ACPI \Device\00000077 86F70A80
Device \Driver\ACPI \Device\00000079 86F70A80
Device \Driver\ACPI \Device\00000093 86F70A80
Device \Driver\ACPI \Device\0000005a 86F70A80
Device \Driver\ACPI \Device\0000005b 86F70A80
Device \Driver\ACPI \Device\0000004e 86F70A80
Device \Driver\ACPI \Device\00000095 86F70A80
Device \Driver\ACPI \Device\0000005c 86F70A80

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\ACPI \Device\0000005d 86F70A80

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\ACPI \Device\00000097 86F70A80
Device \Driver\ACPI \Device\0000005e 86F70A80
Device \Driver\ACPI \Device\0000006b 86F70A80
Device \Driver\ACPI \Device\0000005f 86F70A80
Device \Driver\ACPI \Device\00000099 86F70A80
Device \Driver\ACPI \Device\0000006d 86F70A80
Device \Driver\ACPI \Device\0000007a 86F70A80
Device \Driver\ACPI \Device\0000006e 86F70A80
Device \Driver\ACPI \Device\0000006f 86F70A80
Device \Driver\ACPI \Device\0000008c 86F70A80
Device \Driver\ACPI \Device\0000008d 86F70A80

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device -> \Driver\atapi \Device\Harddisk0\DR0 8734B618

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Services\MRxDAV\EncryptedDirectories@

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

==========

OTL Extras logfile created on: 1/31/2010 8:23:40 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Kelsey1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 451.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 43.73 Gb Free Space | 58.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1.92 Gb Total Space | 0.89 Gb Free Space | 46.57% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KELSEY
Current User Name: Kelsey1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"8648:TCP" = 8648:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"8648:TCP" = 8648:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe" = C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe:*:Enabled:Creator Home -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- File not found
"C:\Program Files\Wave Systems Corp\Security Wizards\bin\Secure 8021x.exe" = C:\Program Files\Wave Systems Corp\Security Wizards\bin\Secure 8021x.exe:*:Enabled:802.1x Authenication Setup Wizard -- (Wave Systems Corp)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}" = EPSON Stylus CX8400 Series Scanner Driver Update
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6CDAED1C-5B60-4818-88A7-E4A90CD367AF}" = Wave Support Software
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A35F91E-1D16-454F-A248-B9B782A2327C}" = Dell Support 3.2.1
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{85DD724B-15E5-4572-81BF-CF9031D83848}" = Ventrilo Server
"{88B32652-CAE0-4909-A463-5840D2689D93}" = FUJIFILM FinePixViewer S Ver.2.1
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AE765884-4770-4A92-82D9-AB3192512B31}" = Preboot Manager
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5AB9CB4-4AAE-44CC-A6AF-37388326E85F}" = Wave Infrastructure Installer
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D1183FA8-AA29-4C82-B998-9593D7AF42FE}" = NTRU Hybrid TSS v2.0.7
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AnyDVD" = AnyDVD
"AVG8Uninstall" = AVG Free 8.5
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner (remove only)
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"FrRefEng" = French Spelling Settings
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{6CDAED1C-5B60-4818-88A7-E4A90CD367AF}" = Wave Support Software
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Move Player_is1" = Move Networks Player for Firefox
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel® PROSet/Wireless Software
"Silent Package Run-Time Sample" = EPSON CX8400 User's Guide
"Tetris Worlds" = Tetris Worlds
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 3 Free 3.73
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/31/2010 2:39:35 PM | Computer Name = KELSEY | Source = WinDefendRtp | ID = 3002
Description = %%827 Real-Time Protection agent has encountered an error and failed
to start. User: KELSEY\Kelsey1 Agent: IEAddInsAgent Error Code: 0x8007139f Error description:
The group or resource is not in the correct state to perform the requested operation.


Error - 1/31/2010 2:39:35 PM | Computer Name = KELSEY | Source = WinDefendRtp | ID = 3002
Description = %%827 Real-Time Protection agent has encountered an error and failed
to start. User: KELSEY\Kelsey1 Agent: IEDownloadsAndOutlookAttachmentsAgent Error
Code: 0x8007139f Error description: The group or resource is not in the correct state
to perform the requested operation.

Error - 1/31/2010 5:06:18 PM | Computer Name = KELSEY | Source = WinDefendRtp | ID = 3002
Description = %%827 Real-Time Protection agent has encountered an error and failed
to start. User: KELSEY\Kelsey1 Agent: IEConfigurationAgent Error Code: 0x8007139f Error
description: The group or resource is not in the correct state to perform the requested
operation.

Error - 1/31/2010 5:06:18 PM | Computer Name = KELSEY | Source = WinDefendRtp | ID = 3002
Description = %%827 Real-Time Protection agent has encountered an error and failed
to start. User: KELSEY\Kelsey1 Agent: IEAddInsAgent Error Code: 0x8007139f Error description:
The group or resource is not in the correct state to perform the requested operation.


Error - 1/31/2010 5:06:18 PM | Computer Name = KELSEY | Source = WinDefendRtp | ID = 3002
Description = %%827 Real-Time Protection agent has encountered an error and failed
to start. User: KELSEY\Kelsey1 Agent: IEDownloadsAndOutlookAttachmentsAgent Error
Code: 0x8007139f Error description: The group or resource is not in the correct state
to perform the requested operation.

Error - 1/31/2010 7:12:58 PM | Computer Name = KELSEY | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft Office FrontPage 2003 - Update '{F6701F19-C0ED-4BCF-8451-D51419A2E0CB}'
could not be installed. Error code 1642. Additional information is available in
the log file C:\DOCUME~1\Kelsey1\LOCALS~1\Temp\OHotfix\OHotfix(00001)_Msi.log.

Error - 1/31/2010 7:22:34 PM | Computer Name = KELSEY | Source = Windows Search Service | ID = 3038
Description = The gatherer is unable to read the registry DocIdMapFile. Context:
Application, SystemIndex Catalog Details: The system cannot find the file specified.
(0x80070002)

Error - 1/31/2010 7:22:40 PM | Computer Name = KELSEY | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The registry value cannot be read because the configuration
is invalid. Recreate the content index configuration by removing the content index.
(0x80040d03)

Error - 1/31/2010 7:22:40 PM | Computer Name = KELSEY | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
registry value cannot be read because the configuration is invalid. Recreate the
content index configuration by removing the content index. (0x80040d03)

Error - 1/31/2010 9:27:50 PM | Computer Name = KELSEY | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft Office FrontPage 2003 - Update 'Office 2003 Service
Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Additional information
is available in the log file C:\DOCUME~1\Kelsey1\LOCALS~1\Temp\OHotfix\OHotfix(00002)_Msi.log.

[ Application Events ]
Error - 1/31/2010 2:39:35 PM | Computer Name = KELSEY | Source = WinDefendRtp | ID = 3002
Description = %%827 Real-Time Protection agent has encountered an error and failed
to start. User: KELSEY\Kelsey1 Agent: IEAddInsAgent Error Code: 0x8007139f Error description:
The group or resource is not in the correct state to perform the requested operation.


Error - 1/31/2010 2:39:35 PM | Computer Name = KELSEY | Source = WinDefendRtp | ID = 3002
Description = %%827 Real-Time Protection agent has encountered an error and failed
to start. User: KELSEY\Kelsey1 Agent: IEDownloadsAndOutlookAttachmentsAgent Error
Code: 0x8007139f Error description: The group or resource is not in the correct state
to perform the requested operation.

Error - 1/31/2010 5:06:18 PM | Computer Name = KELSEY | Source = WinDefendRtp | ID = 3002
Description = %%827 Real-Time Protection agent has encountered an error and failed
to start. User: KELSEY\Kelsey1 Agent: IEConfigurationAgent Error Code: 0x8007139f Error
description: The group or resource is not in the correct state to perform the requested
operation.

Error - 1/31/2010 5:06:18 PM | Computer Name = KELSEY | Source = WinDefendRtp | ID = 3002
Description = %%827 Real-Time Protection agent has encountered an error and failed
to start. User: KELSEY\Kelsey1 Agent: IEAddInsAgent Error Code: 0x8007139f Error description:
The group or resource is not in the correct state to perform the requested operation.


Error - 1/31/2010 5:06:18 PM | Computer Name = KELSEY | Source = WinDefendRtp | ID = 3002
Description = %%827 Real-Time Protection agent has encountered an error and failed
to start. User: KELSEY\Kelsey1 Agent: IEDownloadsAndOutlookAttachmentsAgent Error
Code: 0x8007139f Error description: The group or resource is not in the correct state
to perform the requested operation.

Error - 1/31/2010 7:12:58 PM | Computer Name = KELSEY | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft Office FrontPage 2003 - Update '{F6701F19-C0ED-4BCF-8451-D51419A2E0CB}'
could not be installed. Error code 1642. Additional information is available in
the log file C:\DOCUME~1\Kelsey1\LOCALS~1\Temp\OHotfix\OHotfix(00001)_Msi.log.

Error - 1/31/2010 7:22:34 PM | Computer Name = KELSEY | Source = Windows Search Service | ID = 3038
Description = The gatherer is unable to read the registry DocIdMapFile. Context:
Application, SystemIndex Catalog Details: The system cannot find the file specified.
(0x80070002)

Error - 1/31/2010 7:22:40 PM | Computer Name = KELSEY | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The registry value cannot be read because the configuration
is invalid. Recreate the content index configuration by removing the content index.
(0x80040d03)

Error - 1/31/2010 7:22:40 PM | Computer Name = KELSEY | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
registry value cannot be read because the configuration is invalid. Recreate the
content index configuration by removing the content index. (0x80040d03)

Error - 1/31/2010 9:27:50 PM | Computer Name = KELSEY | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft Office FrontPage 2003 - Update 'Office 2003 Service
Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Additional information
is available in the log file C:\DOCUME~1\Kelsey1\LOCALS~1\Temp\OHotfix\OHotfix(00002)_Msi.log.

[ System Events ]
Error - 1/31/2010 7:58:59 PM | Computer Name = KELSEY | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/31/2010 7:58:59 PM | Computer Name = KELSEY | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/31/2010 8:11:13 PM | Computer Name = KELSEY | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/31/2010 8:11:13 PM | Computer Name = KELSEY | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/31/2010 8:26:26 PM | Computer Name = KELSEY | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/31/2010 8:26:26 PM | Computer Name = KELSEY | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/31/2010 10:52:06 PM | Computer Name = KELSEY | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/31/2010 10:52:06 PM | Computer Name = KELSEY | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/31/2010 11:19:02 PM | Computer Name = KELSEY | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/31/2010 11:19:02 PM | Computer Name = KELSEY | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >


==========

OTL logfile created on: 1/31/2010 8:23:40 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Kelsey1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 451.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 43.73 Gb Free Space | 58.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1.92 Gb Total Space | 0.89 Gb Free Space | 46.57% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KELSEY
Current User Name: Kelsey1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/31 19:41:30 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelsey1\Desktop\OTL.exe
PRC - [2009/12/28 15:26:01 | 000,761,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgscanx.exe
PRC - [2009/08/19 17:04:22 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/19 17:04:21 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/19 17:04:15 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/19 17:04:10 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/19 17:03:43 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/11/01 10:48:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2006/11/01 10:48:10 | 001,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2006/10/18 16:05:18 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/10/18 16:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/10/18 15:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/10/18 15:49:52 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/01/19 13:14:00 | 000,143,428 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/11/30 11:33:04 | 000,180,224 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe


========== Modules (SafeList) ==========

MOD - [2010/01/31 19:41:30 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelsey1\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/08/19 17:04:10 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/19 17:03:43 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/08/26 18:35:41 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2008/04/13 17:12:02 | 000,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation)
SRV - [2007/03/16 17:55:24 | 000,138,168 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/11/01 10:48:12 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2006/10/18 16:05:18 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/10/18 16:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/10/18 15:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/10/18 15:49:52 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/04/06 12:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/03/25 15:24:04 | 000,315,392 | ---- | M] (Wave Systems Corp.) [Disabled | Stopped] -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe -- (DataSvr2)
SRV - [2006/01/19 13:14:00 | 000,143,428 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/11/30 11:33:04 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2005/04/03 22:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/11 15:11:27 | 000,295,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\termsrv32.dll -- (TermService)
SRV - [2003/07/28 10:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/08/19 17:04:21 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/19 17:04:21 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/19 14:35:52 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/04/29 17:57:35 | 000,103,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/02/17 10:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:34:12 | 000,163,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwrdr.sys -- (NWRDR)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/23 16:15:19 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2007/11/13 03:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/03/16 16:50:25 | 000,021,425 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2007/02/27 11:39:26 | 000,032,256 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2006/10/19 07:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/10/17 09:55:28 | 001,711,104 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/10/10 12:53:48 | 000,005,632 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/06/14 11:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2006/05/16 13:23:54 | 000,046,080 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/03/24 21:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/02/16 16:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2006/01/19 13:14:00 | 003,595,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/01/10 09:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/09 13:35:00 | 000,018,816 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pbadrv.sys -- (PBADRV)
DRV - [2005/12/05 04:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/01 05:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 05:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 05:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/10 14:25:14 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/10/05 02:57:08 | 000,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/09/28 23:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/09/12 01:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 03:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 03:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 03:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 03:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 03:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 03:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 03:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 10:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 10:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 15:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/12 03:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/08/11 18:01:33 | 000,040,576 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sdcplh.sys -- (sdcplh)
DRV - [2005/02/23 12:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/04 03:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 03:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 03:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/06/15 12:55:56 | 000,007,882 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTKCMOS.sys -- (GTKCMOS)
DRV - [2004/06/09 06:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2003/09/19 13:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 10:12:10 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2265459671-2948306729-781115041-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2265459671-2948306729-781115041-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\S-1-5-21-2265459671-2948306729-781115041-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2265459671-2948306729-781115041-1005\S-1-5-21-2265459671-2948306729-781115041-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1226624165&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Fn%3D21498859&id=64855"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.1.0.7
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07051001

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 15:32:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\Program Files\AVG\AVG8\ToolbarFF [2009/05/19 14:38:43 | 000,000,000 | ---D | M]

[2008/11/13 18:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Mozilla\Extensions
[2010/01/31 15:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Mozilla\Firefox\Profiles\m17q9rh7.default\extensions
[2009/07/10 14:48:29 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Kelsey1\Application Data\Mozilla\Firefox\Profiles\m17q9rh7.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2007/10/21 17:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kelsey1\Application Data\Mozilla\Firefox\Profiles\m17q9rh7.default\extensions\{0648699b-b886-4011-99d4-04f1de459696}
[2007/10/21 17:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kelsey1\Application Data\Mozilla\Firefox\Profiles\m17q9rh7.default\extensions\{5c434b90-6318-11da-8cd6-0800200c9a69}
[2006/08/13 14:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kelsey1\Application Data\Mozilla\Firefox\Profiles\m17q9rh7.default\extensions\{904524FC-3F89-11DA-8BDE-F66BAD1E3F3A}
[2008/04/10 05:54:50 | 000,000,000 | ---D | M] (Aluminium Kai 2) -- C:\Documents and Settings\Kelsey1\Application Data\Mozilla\Firefox\Profiles\m17q9rh7.default\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c}
[2009/07/10 14:38:35 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Kelsey1\Application Data\Mozilla\Firefox\Profiles\m17q9rh7.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010/01/07 19:31:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Kelsey1\Application Data\Mozilla\Firefox\Profiles\m17q9rh7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2007/05/18 08:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Mozilla\Firefox\Profiles\m17q9rh7.default\extensions\moveplayer@movenetworks.com
[2008/06/23 20:00:24 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\Kelsey1\Application Data\Mozilla\Firefox\Profiles\m17q9rh7.default\searchplugins\ask.com.xml
[2010/01/31 17:35:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/19 05:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/01/09 12:03:02 | 000,658,056 | ---- | M] (Move Networks) -- C:\Program Files\Mozilla Firefox\plugins\npmnqmp07010901.dll

O1 HOSTS File: ([2009/09/18 22:49:16 | 000,331,779 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 11363 more lines...
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKU\S-1-5-21-2265459671-2948306729-781115041-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll File not found
O3 - HKU\S-1-5-21-2265459671-2948306729-781115041-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2265459671-2948306729-781115041-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2265459671-2948306729-781115041-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2265459671-2948306729-781115041-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKU\S-1-5-21-2265459671-2948306729-781115041-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2265459671-2948306729-781115041-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2265459671-2948306729-781115041-1005\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.65
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kelsey1\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\\WINDOWS\\system32\\pmnll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 15:02:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (70935087155249152)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/31 19:54:02 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kelsey1\Desktop\OTL.exe
[2010/01/31 17:19:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kelsey1\IECompatCache
[2010/01/31 17:17:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kelsey1\PrivacIE
[2010/01/31 16:13:16 | 000,000,000 | ---D | C] -- C:\d04b699f18c66a6d31
[2010/01/31 12:51:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kelsey1\Recent
[2010/01/24 08:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2010/01/23 22:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2010/01/23 22:48:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/23 22:48:31 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/23 22:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/23 22:48:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/23 17:01:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/23 16:45:33 | 000,181,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/01/23 16:40:42 | 000,000,000 | ---D | C] -- C:\28e24bb6f6d910f070
[2010/01/18 16:29:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010/01/18 16:29:39 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2010/01/18 16:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\FinePixViewerS
[2010/01/18 16:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelsey1\Application Data\FUJIFILM
[2010/01/16 11:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/01/12 16:02:36 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2008/11/22 18:28:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/11/22 18:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/11/13 16:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/11/13 16:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/12/23 16:15:19 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Kelsey1\Application Data\pcouffin.sys
[2007/08/21 05:26:52 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HiJackThis.exe
[2007/03/16 16:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2007/03/16 16:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[6 C:\Documents and Settings\Kelsey1\My Documents\*.tmp files -> C:\Documents and Settings\Kelsey1\My Documents\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/31 20:22:06 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/31 20:22:01 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Kelsey1\NTUSER.DAT
[2010/01/31 20:20:50 | 000,029,311 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/01/31 20:20:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2010/01/31 20:20:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/31 20:19:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/31 20:18:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/31 20:18:56 | 1071,767,552 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/31 19:41:30 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelsey1\Desktop\OTL.exe
[2010/01/31 19:24:02 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/31 17:22:28 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Kelsey1\ntuser.ini
[2010/01/31 16:23:23 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Kelsey1\Desktop\Microsoft Office Word 2003.lnk
[2010/01/31 11:44:16 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Kelsey1\My Documents\~$bd3.doc
[2010/01/31 10:31:32 | 054,915,603 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/30 21:38:24 | 000,345,600 | ---- | M] () -- C:\Documents and Settings\Kelsey1\My Documents\bd2.doc
[2010/01/30 20:42:44 | 000,365,568 | ---- | M] () -- C:\Documents and Settings\Kelsey1\My Documents\bd1.doc
[2010/01/30 18:30:29 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/01/29 08:57:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/27 22:19:28 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Kelsey1\My Documents\coloradohist.doc
[2010/01/27 20:48:37 | 000,115,200 | ---- | M] () -- C:\Documents and Settings\Kelsey1\My Documents\scripy.doc
[2010/01/26 18:42:40 | 020,009,472 | ---- | M] () -- C:\Documents and Settings\Kelsey1\My Documents\funny junk.doc
[2010/01/25 22:06:51 | 000,147,968 | ---- | M] () -- C:\Documents and Settings\Kelsey1\My Documents\author.doc
[2010/01/23 22:48:38 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/23 20:13:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
[2010/01/23 14:49:14 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/23 11:54:56 | 000,189,440 | ---- | M] () -- C:\Documents and Settings\Kelsey1\My Documents\youtube.doc
[2010/01/20 20:51:29 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Kelsey1\My Documents\dir.doc
[2010/01/19 16:25:55 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/18 16:24:58 | 000,001,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\User's Guide.lnk
[2010/01/18 16:24:58 | 000,001,644 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FinePixViewer S.lnk
[2010/01/17 10:37:02 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Kelsey1\My Documents\sch2010.doc
[2010/01/15 22:15:56 | 000,387,584 | ---- | M] () -- C:\Documents and Settings\Kelsey1\My Documents\movie quotes 5.doc
[2010/01/14 11:12:06 | 000,181,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/01/13 21:27:10 | 000,082,432 | ---- | M] () -- C:\Documents and Settings\Kelsey1\My Documents\schoolbooks.doc
[2010/01/11 16:31:57 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\Kelsey1\My Documents\funny.doc
[2010/01/10 20:28:52 | 000,380,416 | ---- | M] () -- C:\Documents and Settings\Kelsey1\My Documents\tvq3.doc
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[6 C:\Documents and Settings\Kelsey1\My Documents\*.tmp files -> C:\Documents and Settings\Kelsey1\My Documents\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/31 11:44:16 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Kelsey1\My Documents\~$bd3.doc
[2010/01/24 19:19:27 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Kelsey1\My Documents\coloradohist.doc
[2010/01/23 22:59:35 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/23 22:48:38 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/23 20:13:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe
[2010/01/23 14:49:14 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/20 20:51:29 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Kelsey1\My Documents\dir.doc
[2010/01/18 16:24:58 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\User's Guide.lnk
[2010/01/18 16:24:58 | 000,001,644 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FinePixViewer S.lnk
[2010/01/17 10:37:01 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\Kelsey1\My Documents\sch2010.doc
[2010/01/11 21:14:23 | 000,082,432 | ---- | C] () -- C:\Documents and Settings\Kelsey1\My Documents\schoolbooks.doc
[2009/05/02 10:57:25 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/04/09 11:12:33 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX8400.ini
[2008/01/14 20:03:16 | 000,040,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdcplh.sys
[2007/12/31 21:28:03 | 000,000,294 | -HS- | C] () -- C:\WINDOWS\System32\yytlbafj.ini
[2007/12/23 16:22:13 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2007/12/23 16:15:39 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Kelsey1\Application Data\pcouffin.log
[2007/12/23 16:15:19 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Kelsey1\Application Data\ezpinst.exe
[2007/12/23 16:15:19 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\Kelsey1\Application Data\pcouffin.cat
[2007/12/23 16:15:19 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Kelsey1\Application Data\pcouffin.inf
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/17 16:28:26 | 000,002,059 | ---- | C] () -- C:\WINDOWS\wp2.ini
[2007/09/13 10:52:46 | 000,000,019 | ---- | C] () -- C:\WINDOWS\wp.ini
[2007/08/21 05:28:36 | 000,008,911 | ---- | C] () -- C:\Program Files\hijackthis82107.txt
[2007/08/21 05:28:05 | 000,011,125 | ---- | C] () -- C:\Program Files\hijackthis.log
[2007/08/17 16:49:35 | 000,000,090 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/17 14:54:09 | 001,237,317 | -HS- | C] () -- C:\WINDOWS\System32\vipcaqqx.ini
[2007/08/16 08:58:02 | 001,671,037 | -HS- | C] () -- C:\WINDOWS\System32\srutv.ini
[2007/03/16 16:47:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/03/16 16:47:05 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/01/02 18:58:15 | 000,000,114 | ---- | C] () -- C:\WINDOWS\FGODMOM.INI
[2006/08/28 09:47:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/23 15:03:46 | 000,003,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/19 08:43:15 | 000,004,027 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/08/13 17:25:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/07/13 19:41:25 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/07/13 19:36:48 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini
[2006/07/13 19:27:12 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Kelsey1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/12 16:46:45 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Kelsey1\Local Settings\Application Data\fusioncache.dat
[2006/07/06 18:05:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/06 18:00:43 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/07/06 17:58:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/07/06 17:58:06 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/07/06 17:33:24 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/06 17:33:24 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/06 17:33:20 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/07/06 17:33:12 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/06 17:32:58 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/06 17:32:00 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/25 15:19:50 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll
[2006/03/24 13:19:22 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2006/03/24 13:14:34 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2006/03/24 13:14:28 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2006/03/24 13:14:22 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2006/03/24 13:14:18 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2006/03/24 13:14:12 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2006/03/24 13:14:08 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2006/03/24 13:14:02 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2006/03/24 13:13:58 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2006/03/24 13:13:52 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2006/03/24 13:13:46 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2006/03/09 10:25:24 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2006/03/09 10:24:10 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2005/12/01 12:41:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2005/11/30 11:33:06 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll
[2005/11/30 11:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll
[2005/11/30 11:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll
[2005/11/30 11:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll
[2005/11/30 11:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll
[2005/11/30 11:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll
[2005/11/30 11:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll
[2005/11/30 11:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll
[2005/11/10 06:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/20 11:36:06 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2004/08/11 15:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 15:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/21 13:03:14 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/07/20 12:27:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2007/12/23 15:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astonsoft
[2008/04/09 11:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/11/22 18:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/05/02 10:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/11/13 16:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2009/09/18 11:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2006/07/06 17:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2008/11/22 18:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\AVGTOOLBAR
[2007/12/23 15:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\DeepBurner
[2010/01/18 16:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\FUJIFILM
[2009/05/02 10:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\ImgBurn
[2006/07/12 17:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Leadertech
[2009/09/18 22:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Uniblue
[2008/01/13 09:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Vso
[2008/11/22 18:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Windows Desktop Search
[2008/11/22 18:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Windows Search
[2010/01/31 20:22:06 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2009/12/29 19:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006/08/13 14:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2007/12/23 15:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astonsoft
[2009/01/28 17:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2008/04/09 11:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2006/11/21 22:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2007/03/16 16:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2006/07/06 18:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2007/03/16 16:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/09/17 20:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/23 22:56:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/09/21 20:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/01/24 08:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2008/11/22 18:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2004/08/11 15:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/05/02 10:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/11/13 16:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2009/09/18 06:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/09/18 11:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2007/11/21 16:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2006/07/06 17:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2006/07/12 17:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2007/08/21 17:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2007/01/11 02:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
[2007/03/16 18:01:07 | 000,123,138 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\MakeDesktopShortcut.EXE
[2007/07/18 18:45:25 | 000,064,512 | ---- | M] (Gteko Ltd.) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\item_templ\coach\RunGdp.exe
[2007/03/16 16:42:37 | 000,123,138 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\MakeDesktopShortcut.EXE
[2007/03/16 16:42:37 | 000,068,608 | ---- | M] (Dell Inc) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\fix\DellSupportLauncher.exe
[2007/03/16 16:42:37 | 000,072,704 | ---- | M] (Dell Inc) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\fix\DellSupportODBK.exe
[2009/09/21 17:27:35 | 001,925,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

< %APPDATA%\*. >
[2009/12/29 19:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Adobe
[2006/09/05 12:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Apple Computer
[2008/07/20 08:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\ArcSoft
[2008/11/22 18:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\AVGTOOLBAR
[2006/08/19 13:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Creative
[2006/07/14 15:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\CyberLink
[2007/12/23 15:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\DeepBurner
[2010/01/18 16:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\FUJIFILM
[2009/05/29 21:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Google
[2007/03/16 16:42:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kelsey1\Application Data\GTek
[2008/07/23 13:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Help
[2004/08/11 15:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Identities
[2009/05/02 10:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\ImgBurn
[2008/04/09 11:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\InstallShield
[2007/03/16 16:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Intel
[2006/08/19 08:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Lavasoft
[2006/07/12 17:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Leadertech
[2006/08/14 09:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Macromedia
[2009/09/17 20:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Malwarebytes
[2009/12/29 19:05:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Kelsey1\Application Data\Microsoft
[2007/05/18 07:10:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Move Networks
[2008/11/13 18:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Mozilla
[2006/07/12 17:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Sonic
[2007/11/22 10:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Spybot - Search & Destroy
[2006/07/06 17:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Sun
[2007/11/21 16:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\SUPERAntiSpyware.com
[2009/09/18 22:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Uniblue
[2008/01/13 09:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Vso
[2008/11/22 18:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Windows Desktop Search
[2008/11/22 18:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Windows Search
[2007/01/06 03:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelsey1\Application Data\Xfire

< %APPDATA%\*.exe /s >
[2008/01/13 09:14:03 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Kelsey1\Application Data\ezpinst.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/13 17:18:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/13 17:18:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 21:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 21:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/13 17:18:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/13 17:18:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2010/01/30 18:30:29 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/01/30 18:30:29 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Files - Unicode (All) ==========
[2007/10/15 10:07:05 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??crosoft.NET) -- C:\Program Files\Common Files\Міcrosoft.NET
[2007/10/15 10:07:05 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??crosoft.NET) -- C:\Program Files\Common Files\Міcrosoft.NET
(C:\Program Files\Common Files\??crosoft.NET) -- C:\Program Files\Common Files\Міcrosoft.NET

========== Alternate Data Streams ==========

@Alternate Data Stream - 72 bytes -> C:\WINDOWS:C6757082D4A6FCAB
< End of report >

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 PM

Posted 01 February 2010 - 09:20 AM

Let's begin,

You have a patched System File that needs to be replaced as well as other malware. Does your daughter do any banking or otherwise use this computer for any sensitive transactions?

==========

Re-Run RKill prior to running each app I recommend please.

==========

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed. When your System is clean you can re-enable those drivers as outlined below.

QUOTE
To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.


==========

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. Click and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press
  5. Click on
  6. Click on
  7. Uncheck this checkbox:
  8. Close/Exit Spybot Search and Destroy

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.
Then run ResetTeaTimer.exe.
This will only take a few seconds.

==========

Download and Run ComboFix (by sUBs)

You must rename it before saving it.





Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

Re-run Gmer

==========

With your next post please provide:

* Answer to question
* Combofix.txt
* Gmer log
* How is it running now? Be specific please.

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 jckbredwards

jckbredwards
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 01 February 2010 - 10:51 AM

I have questions. You mean run rkill then download defogger then run rkill then download combofix then run rkill etc? Do I keep re-running the same version of rkill or must I download a new version each time? I was unable to download defogger, received a message that I am not authorized to download that file. Do I need to deactivate firewalls turn off spybot etc before I can download defogger? Finally, my daughter occasionally uses a debit/credit card on line to pay for text books and did just pay her tuition using an "e-check" . But she does not as far as I know bank online. I think her paychecks are not e-deposited either.

#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 PM

Posted 01 February 2010 - 12:32 PM

Hi,

QUOTE
You mean run rkill then download defogger then run rkill then download combofix then run rkill etc?

RKill will temporarily disable most malware that is designed to interrupt the ability for my applications to run. So after you have downloaded each application to your desktop but before you run that app I would like you to simply Double click RKill that resides on your desktop.

==========

QUOTE
I was unable to download defogger, received a message that I am not authorized to download that file.

I need a clarification. Are you still downloading the apps on your PC and transferring to the sick PC? What OS are you running? What browser are you using? What is the exact message you are receiving and when does the message occur in relation to the downloading steps?

Despite your responses I want you to proceed with the other steps. If needed I will problem solve the Defogger issue later.

==========

QUOTE
Do I need to deactivate firewalls turn off spybot etc before I can download defogger?

Actually that is a good point. Disable Spybot 1st. It might be the culprit but I doubt it.

==========

QUOTE
Finally, my daughter occasionally uses a debit/credit card on line to pay for text books and did just pay her tuition using an "e-check" . But she does not as far as I know bank online. I think her paychecks are not e-deposited either.

It might be an issue. When I see exactly what she is infected with I will guide you with more details. Don't panic yet. Not all malware has the ability to steal passwords, bank info, etc... I will keep you posted!

Thanks,
~ t

Edited by thcbytes, 01 February 2010 - 12:32 PM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 jckbredwards

jckbredwards
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 01 February 2010 - 12:39 PM

I am trying to work from the infected laptop where possible. I am running IE8 on that to access internet via wireless connection to the home PC. If it locks or I cannot d/load then I go the home PC and dload to the clean flash drive I disinfected using the instructions you earlier provided. On the home PC I am running windows xp sp3 using firefox 3.5something. I am trying to run from the infected laptop as much as possible. I am now at work and will try the steps above over the lunch hour (currrently 10:30 am MST) and then I will be available to work on this this evening. Thanks again for your patience and help.

#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 PM

Posted 01 February 2010 - 01:03 PM

thumbup2.gif
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users