Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG Alert_file infected - Rogue Spyware


  • This topic is locked This topic is locked
20 replies to this topic

#1 echological1

echological1

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Greater Los Angeles area
  • Local time:09:26 AM

Posted 28 March 2011 - 05:41 AM

AVG Alert, as follows:

Accessed file is infected.
Threat was blocked!
File name: defender-fmof.in/scan1/77
Threat name: Exploit Rogue Spyware Scanner (type 140)
Process name: C:\Program Files\Mozilla Firefox\firefox.exe
Process ID: 2756
_______________________________________

BACKGROUND INFORMATION

Within last 48 hours:
Upgraded browser from Mozilla Firefox 3.6 to Firefox 4.0

Previously-installed Add-ons not compatible with Firefox 4.0, now (disabled):
Aging Tabs 0.7.1
AVG SafeSearch 9.0.0.872
Smart Bookmarks 2.0 *(Love this Add-on; searched for similar)

Installed (after reading positive reviews):
samfind Bookmarks Bar 2.2.1
Attempted to customize interface; was prompted to register at:
http://samfind.com/
Created account; received email confirmation; activated account via link in email

ALMOST IMMEDIATELY computer became very slow; then (Not responding); then Firefox crashed.
Restarted Firefox; within seconds received AVG Alert, as described above.

For reference, it is AVG 9 Anti-Virus Free Edition (see attached printscreen, in Word doc)
_______________________________________

System:
Microsoft Windows XP Professional (32-bit)
Version 2002
Service Pack 3

Computer:
AMD Athlon™ Processor
1.04GHz, 512MB of RAM
_______________________________________


_______________________________________
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Melinda at 21:37:03.46 on Sun 03/27/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.54 [GMT -7:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\chatsupport.palm.com\bin\tgsrvc.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\HPHipm11.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Melinda\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp:/www.my.yahoo.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn5\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes.dll
uRun: [Yahoo! Pager] 1
uRun: [PPWebCap] c:\progra~1\scansoft\paperp~1\PPWebCap.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HPHUPD04] "c:\program files\hp photosmart 11\hphinstall\unipatch\hphupd04.exe"
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
mRun: [OneTouch Monitor] c:\progra~1\vision~1\ONETOU~2.EXE
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\melinda\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: applicationentry.com\www
Trusted Zone: careerbuilder.com\www
Trusted Zone: edison.com\www
Trusted Zone: gcu.edu\www
Trusted Zone: gcu.edu\www.angel
Trusted Zone: gcu.edu\www.my
Trusted Zone: google.com\www
Trusted Zone: https
Trusted Zone: knowlagentondemand.com
Trusted Zone: knowlagentondemand.com\jm01
Trusted Zone: lavasoft.com\www
Trusted Zone: monster.com\www
Trusted Zone: mozilla.com\www
Trusted Zone: proveit2.com\www
Trusted Zone: simplyhired.com\www
Trusted Zone: timewarner.com\careers
Trusted Zone: turnitin.com\www
Trusted Zone: volt.com
Trusted Zone: yahoo.com\www.bookmarks
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Yahoo! Pinochle - hxxp://origin.games.yahoo.net/games/clients/y/ut2_x.cab
DPF: Yahoo! Pyramids - hxxp://origin.games.yahoo.net/games/clients/y/pyt1_x.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - hxxp://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093029703710
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://download.playfirst.com/play/game/dreamchronicles/dreamweb.1.0.0.10.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38114.2911226852
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} - hxxp://l.yimg.com/jh/games/web_games/sony/davinci/DVCDownloadControl.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} - hxxp://download.playfirst.com/play/game/zenerchi/ZenerchiWeb.1.0.0.10.cab
DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} - hxxp://l.yimg.com/jh/games/web_games/sony/bewitched/main.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F46BD8B1-DE4C-4A4F-B6F6-8FB68D25342D} - hxxp://download.playfirst.com/play/game/mahjongroadshow/MahjongRoadshowWeb.1.0.0.16.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\melinda\applic~1\mozilla\firefox\profiles\1zkb61vw.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\documents and settings\melinda\application data\mozilla\firefox\profiles\1zkb61vw.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol308.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\worldwinner.com, inc\worldwinner games\npwwload.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-19 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-21 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-12 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-12 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-12 243024]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-11 15264]
S3 DVC;USB DVC Svc;c:\windows\system32\drivers\DVC.sys [2004-5-31 38401]
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\melinda\locals~1\temp\ewdmaudn.sys --> c:\docume~1\melinda\locals~1\temp\ewdmaudn.sys [?]
.
=============== Created Last 30 ================
.
2011-03-25 16:41:12 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-25 16:41:11 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-25 16:41:11 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-25 16:41:11 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-25 16:41:11 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-25 16:41:11 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-25 16:41:11 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-25 16:41:11 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-25 02:55:43 -------- d-----w- c:\docume~1\melinda\applic~1\DiskAid
2011-03-25 02:04:30 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-03-25 02:04:23 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-03-15 05:35:30 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-03-15 05:35:30 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-03-14 22:39:33 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-03-07 08:13:45 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 12
.
==================== Find3M ====================
.
2011-02-25 01:19:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
============= FINISH: 21:40:15.00 ===============

Thank you in advance for your time in assisting me with this matter. I truly appreciate your help.

~Melinda

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:26 PM

Posted 03 April 2011 - 08:57 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 echological1

echological1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Greater Los Angeles area
  • Local time:09:26 AM

Posted 04 April 2011 - 05:19 AM

Hello,

Thank you for responding.
---------------------------------------
My computer information is as follows:

System:
Microsoft Windows XP Professional (32-bit)
Version 2002
Service Pack 3

Computer:
AMD Athlon™ Processor
1.04GHz, 512MB of RAM
---------------------------------------
Unfortunately, I do not have any of the original disks for my computer; they were lost when I moved from from one city to another. I'd like to backup my data, but I have not yet done so as I didn't want to save any corrupted files. However, if you advise, I will back up per the information in the Preparation Guide.

The OTL Report you requested appears at the end of this post.
---------------------------------------
Here is a description of the problem, with some background information in case it is useful:

PROBLEM

Received AVG Alert, as follows:

Accessed file is infected.
Threat was blocked!
File name: defender-fmof.in/scan1/77
Threat name: Exploit Rogue Spyware Scanner (type 140)
Process name: C:\Program Files\Mozilla Firefox\firefox.exe
Process ID: 2756
_______________________________________

BACKGROUND INFORMATION

Within 48 hours prior to aforementioned alert, I upgraded my browser from Mozilla Firefox 3.6 to Firefox 4.0

Previously-installed Add-ons not compatible with Firefox 4.0, now (disabled):
Aging Tabs 0.7.1
AVG SafeSearch 9.0.0.872
Smart Bookmarks 2.0 *(love this Add-on so I searched for something similar)

Installed samfind Bookmarks Bar 2.2.1
Registered at http://samfind.com/ and activated account via link in confirmation email.

ALMOST IMMEDIATELY computer became very slow/stuck (Not responding); then Firefox crashed.
Restarted Firefox; within seconds received AVG Alert, as described above.

For reference, it is AVG 9 Anti-Virus Free Edition (see attached printscreen, in Word doc, for details)
_______________________________________

OTL logfile created on: 4/4/2011 2:16:43 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Melinda\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 191.00 Mb Available Physical Memory | 37.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 56.75 Gb Free Space | 60.92% Space Free | Partition Type: NTFS

Computer Name: MELINDA-C0BC9LY | User Name: Melinda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/04 02:09:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Melinda\Desktop\OTL.exe
PRC - [2011/03/18 10:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/11 19:33:27 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2011/03/11 19:29:09 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2011/02/24 18:19:10 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2011/02/24 18:18:46 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2011/02/24 18:18:24 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/20 11:54:08 | 000,150,016 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 02:06:42 | 000,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\chatsupport.palm.com\bin\tgsrvc.exe
PRC - [2007/10/30 23:37:22 | 001,654,784 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
PRC - [2002/06/20 12:06:12 | 000,339,968 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon04.exe
PRC - [2002/05/24 05:46:16 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
PRC - [2002/05/24 05:46:13 | 000,077,824 | ---- | M] (HP) -- C:\WINDOWS\system32\hphipm11.exe
PRC - [2001/10/31 09:27:24 | 000,086,016 | ---- | M] (Visioneer Inc) -- C:\Program Files\Visioneer OneTouch\OneTouchMon.exe


========== Modules (SafeList) ==========

MOD - [2011/04/04 02:09:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Melinda\Desktop\OTL.exe
MOD - [2008/04/14 06:42:52 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2006/10/22 13:22:00 | 001,470,464 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/10/22 13:22:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2001/08/23 05:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\serwvdrv.dll
MOD - [2001/08/23 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\umdmxfrm.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AOLService)
SRV - [2011/02/24 18:18:46 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2011/02/09 03:29:41 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/01/21 14:08:06 | 001,095,560 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 13:40:56 | 000,348,752 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/11 02:06:44 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/01/11 02:06:42 | 000,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\chatsupport.palm.com\bin\tgsrvc.exe -- (tgsrvc_chatsupport.palm.com) SupportSoft Repair Service (chatsupport.palm.com)
SRV - [2002/05/24 05:46:13 | 000,077,824 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)


========== Driver Services (SafeList) ==========

DRV - [2011/02/24 18:19:14 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/02/24 18:19:09 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/02/24 18:18:29 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/06 10:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/09/11 12:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 12:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 12:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 12:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/07/16 13:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/04/03 12:18:26 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/04/08 11:35:51 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/10/28 02:32:19 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/10/02 05:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/08/11 10:07:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/11 15:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/10/30 20:58:42 | 000,030,848 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2002/05/24 05:46:13 | 000,050,896 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11)
DRV - [2002/05/24 05:46:13 | 000,050,276 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphs2k11.sys -- (Dot4Storage HPH11) Storage Class Driver for IEEE-1284.4 (HPH11)
DRV - [2002/05/24 05:46:13 | 000,018,928 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11)
DRV - [2002/05/24 05:46:13 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11)
DRV - [2002/05/10 06:31:48 | 000,633,220 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Intels51.sys -- (Intels51) Intel®
DRV - [2001/09/09 17:43:58 | 000,038,401 | ---- | M] (Samsung Electronics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DVC.sys -- (DVC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =


IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:/www.my.yahoo.com
IE - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: last-tab-close-button@victor.sacharin:0.3.3
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: hootsuite@hootsuite.com:0.6.1
FF - prefs.js..extensions.enabledItems: amznUWL@amazon.com:2.12
FF - prefs.js..extensions.enabledItems: {1b8cc170-8c85-11db-b606-0800200c9a66}:3.4.2
FF - prefs.js..extensions.enabledItems: {FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}:5.0.3
FF - prefs.js..extensions.enabledItems: quickdrag@mozilla.ktechcomputing.com:2.1.0.1
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.3
FF - prefs.js..extensions.enabledItems: laviesaint@gmail.com:2.0
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: properties@darktrojan.net:6
FF - prefs.js..extensions.enabledItems: aging-tabs@design-noir.de:0.7.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.118
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: runtime@panda3d.org:1.0.1
FF - prefs.js..extensions.enabledItems: amznUWL2@amazon.com:1.4

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/03/11 19:38:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 09:41:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/30 04:16:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2011/03/07 01:13:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins

[2010/06/25 16:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Melinda\Application Data\Mozilla\Extensions
[2010/06/25 16:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Melinda\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/10/03 01:23:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Melinda\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/30 13:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Melinda\Application Data\Mozilla\Firefox\Profiles\1zkb61vw.default\extensions
[2010/03/24 11:18:17 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Documents and Settings\Melinda\Application Data\Mozilla\Firefox\Profiles\1zkb61vw.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2011/03/07 06:28:46 | 000,000,000 | ---D | M] ("Yoono") -- C:\Documents and Settings\Melinda\Application Data\Mozilla\Firefox\Profiles\1zkb61vw.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
[2011/03/25 09:43:18 | 000,000,000 | ---D | M] (New Tab King) -- C:\Documents and Settings\Melinda\Application Data\Mozilla\Firefox\Profiles\1zkb61vw.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2010/04/09 05:34:07 | 000,000,000 | ---D | M] (Aging Tabs) -- C:\Documents and Settings\Melinda\Application Data\Mozilla\Firefox\Profiles\1zkb61vw.default\extensions\aging-tabs@design-noir.de
[2011/03/06 03:34:11 | 000,000,000 | ---D | M] ("Amazon Toolbar") -- C:\Documents and Settings\Melinda\Application Data\Mozilla\Firefox\Profiles\1zkb61vw.default\extensions\amznUWL@amazon.com
[2011/03/12 22:46:50 | 000,000,000 | ---D | M] (Add to Amazon Wish List Button) -- C:\Documents and Settings\Melinda\Application Data\Mozilla\Firefox\Profiles\1zkb61vw.default\extensions\amznUWL2@amazon.com
[2010/08/24 11:30:38 | 000,000,000 | ---D | M] (Last tab close button) -- C:\Documents and Settings\Melinda\Application Data\Mozilla\Firefox\Profiles\1zkb61vw.default\extensions\last-tab-close-button@victor.sacharin
[2010/04/09 05:34:28 | 000,000,000 | ---D | M] (Smart Bookmarks 2.0) -- C:\Documents and Settings\Melinda\Application Data\Mozilla\Firefox\Profiles\1zkb61vw.default\extensions\laviesaint@gmail.com
[2010/04/09 05:34:17 | 000,000,000 | ---D | M] (Element Properties) -- C:\Documents and Settings\Melinda\Application Data\Mozilla\Firefox\Profiles\1zkb61vw.default\extensions\properties@darktrojan.net
[2011/03/07 06:28:53 | 000,000,000 | ---D | M] (Panda3D Game Engine Plug-In) -- C:\Documents and Settings\Melinda\Application Data\Mozilla\Firefox\Profiles\1zkb61vw.default\extensions\runtime@panda3d.org
[2011/03/25 10:25:39 | 000,000,000 | ---D | M] (samfind Bookmarks Bar) -- C:\Documents and Settings\Melinda\Application Data\Mozilla\Firefox\Profiles\1zkb61vw.default\extensions\sam@samfind.com
[2010/08/27 03:52:27 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\Melinda\Application Data\Mozilla\Firefox\Profiles\1zkb61vw.default\searchplugins\bing.xml
[2010/04/08 21:47:16 | 000,002,053 | ---- | M] () -- C:\Documents and Settings\Melinda\Application Data\Mozilla\Firefox\Profiles\1zkb61vw.default\searchplugins\eccellio-arts.xml
[2011/03/31 20:02:07 | 000,002,025 | ---- | M] () -- C:\Documents and Settings\Melinda\Application Data\Mozilla\Firefox\Profiles\1zkb61vw.default\searchplugins\green-maven-search.xml
[2011/03/25 09:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/14 20:39:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/14 08:24:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MELINDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1ZKB61VW.DEFAULT\EXTENSIONS\{1B8CC170-8C85-11DB-B606-0800200C9A66}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MELINDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1ZKB61VW.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MELINDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1ZKB61VW.DEFAULT\EXTENSIONS\HOOTSUITE@HOOTSUITE.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MELINDA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1ZKB61VW.DEFAULT\EXTENSIONS\QUICKDRAG@MOZILLA.KTECHCOMPUTING.COM.XPI
[2009/02/25 23:59:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 10:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/04/23 19:15:18 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol308.dll
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/17 06:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2009/07/02 12:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2001/08/23 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD04] C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003..\Run: [PPWebCap] C:\Program Files\ScanSoft\PaperPort\PPWEBCAP.EXE (Scansoft Inc.)
O4 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003..\Run: [Yahoo! Pager] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00 [binary data]
O7 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
O15 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..Trusted Domains: applicationentry.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..Trusted Domains: careerbuilder.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..Trusted Domains: edison.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..Trusted Domains: gcu.edu ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..Trusted Domains: gcu.edu ([www.angel] https in Trusted sites)
O15 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..Trusted Domains: gcu.edu ([www.my] https in Trusted sites)
O15 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..Trusted Domains: https ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..Trusted Domains: knowlagentondemand.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..Trusted Domains: knowlagentondemand.com ([jm01] http in Trusted sites)
O15 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..Trusted Domains: lavasoft.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..Trusted Domains: monster.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..Trusted Domains: mozilla.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..Trusted Domains: proveit2.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..Trusted Domains: simplyhired.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..Trusted Domains: timewarner.com ([careers] https in Trusted sites)
O15 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..Trusted Domains: turnitin.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..Trusted Domains: volt.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..Trusted Domains: yahoo.com ([*.music] http in Trusted sites)
O15 - HKU\S-1-5-21-1004336348-507921405-1957994488-1003\..Trusted Domains: yahoo.com ([www.bookmarks] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab (SolitaireRush Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093029703710 (WUWebControl Class)
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} http://download.playfirst.com/play/game/dreamchronicles/dreamweb.1.0.0.10.cab (CPlayFirstdreamControl Object)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38114.2911226852 (Reg Error: Key error.)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} http://l.yimg.com/jh/games/web_games/sony/davinci/DVCDownloadControl.cab (DVCDownloadControl)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (Reg Error: Key error.)
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab (RealArcadeRdxIE Class)
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} http://download.playfirst.com/play/game/zenerchi/ZenerchiWeb.1.0.0.10.cab (CPlayFirstzenerchiControl Object)
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} http://l.yimg.com/jh/games/web_games/sony/bewitched/main.cab (BewitchedGameClass Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (PhotosCtrl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F46BD8B1-DE4C-4A4F-B6F6-8FB68D25342D} http://download.playfirst.com/play/game/mahjongroadshow/MahjongRoadshowWeb.1.0.0.16.cab (CPlayFirstMahjongRoaControl Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pinochle http://origin.games.yahoo.net/games/clients/y/ut2_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pyramids http://origin.games.yahoo.net/games/clients/y/pyt1_x.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/07 22:31:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk - - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootMin: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - Reg Error: Value error.
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - Reg Error: Value error.
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - Reg Error: Value error.
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{19FB76C6-DBEF-44B5-A053-ECDF5F855A07} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.aasc - C:\WINDOWS\System32\aasc32.dll (Autodesk, Inc.)
Drivers32: vidc.aflc - C:\WINDOWS\System32\flccodec32.dll (Autodesk, Inc.)
Drivers32: vidc.afli - C:\WINDOWS\System32\flccodec32.dll (Autodesk, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/04 02:08:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Melinda\Desktop\OTL.exe
[2011/03/27 21:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melinda\Desktop\gmer
[2011/03/27 19:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melinda\My Documents\My Bookmarks
[2011/03/24 19:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melinda\Application Data\DiskAid
[2011/03/24 19:47:24 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/03/24 19:44:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/03/24 19:04:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2011/03/24 19:04:23 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2011/03/21 00:06:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melinda\My Documents\Renee
[2011/03/14 22:35:30 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/03/14 15:39:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/14 02:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Melinda\My Documents\_Mozilla Labs Test Pilot
[2011/03/11 08:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETWORK & WIRELESS
[2011/03/07 01:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 12
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/04 02:09:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Melinda\Desktop\OTL.exe
[2011/04/03 17:09:34 | 000,088,224 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/03 16:41:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/03 16:40:58 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/01 18:48:12 | 073,619,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/04/01 13:49:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/03/31 22:05:00 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Melinda\My Documents\spider.sav
[2011/03/28 22:24:49 | 000,012,218 | ---- | M] () -- C:\WINDOWS\Run32A50.mch
[2011/03/28 22:23:36 | 000,000,035 | ---- | M] () -- C:\WINDOWS\A5W.INI
[2011/03/27 21:49:06 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\Melinda\Desktop\gmer.zip
[2011/03/27 21:35:31 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Melinda\Desktop\dds.scr
[2011/03/27 21:33:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Melinda\defogger_reenable
[2011/03/27 21:32:16 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Melinda\Desktop\Defogger.exe
[2011/03/27 16:54:49 | 000,011,341 | ---- | M] () -- C:\WINDOWS\System\CmiCnfg.ini
[2011/03/25 11:30:22 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/03/25 10:15:56 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/25 09:41:26 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Melinda\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/24 19:54:14 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/24 19:54:14 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/07 01:13:56 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Melinda\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 12.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,011,168 | -H-- | C] () -- C:\WINDOWS\System32\nodorido
[2011/03/27 21:49:01 | 000,293,019 | ---- | C] () -- C:\Documents and Settings\Melinda\Desktop\gmer.zip
[2011/03/27 21:35:31 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Melinda\Desktop\dds.scr
[2011/03/27 21:33:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Melinda\defogger_reenable
[2011/03/27 21:32:08 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Melinda\Desktop\Defogger.exe
[2011/03/25 10:15:56 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/25 09:41:25 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/07 01:13:56 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Melinda\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 12.lnk
[2011/01/07 20:52:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\UpdateDriver.exe
[2011/01/07 20:52:05 | 000,005,224 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2010/03/22 06:10:32 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/03/22 06:10:32 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/01/19 05:44:50 | 000,000,405 | ---- | C] () -- C:\WINDOWS\Sniffy.ini
[2009/12/12 18:07:51 | 000,001,042 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/12/12 18:07:51 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2009/12/12 18:07:31 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2009/12/12 18:07:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2009/12/12 18:07:31 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2009/12/12 18:06:06 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2009/12/12 15:45:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Melinda\Local Settings\Application Data\prvlcl.dat
[2009/05/26 09:18:58 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/14 17:55:44 | 000,019,605 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2009/04/12 18:21:10 | 000,000,097 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/12/29 16:42:53 | 000,000,505 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008/08/10 19:55:32 | 000,031,776 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2008/05/23 14:09:01 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2008/04/20 14:03:54 | 000,030,048 | ---- | C] () -- C:\WINDOWS\UNCANDY.EXE
[2008/04/20 14:02:54 | 000,000,081 | ---- | C] () -- C:\WINDOWS\CANDYLND.INI
[2008/04/11 16:56:49 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2007/11/11 19:34:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/08/23 13:05:18 | 000,001,071 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2007/05/16 21:54:27 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/06/21 21:27:17 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/13 19:00:02 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/06/02 13:39:46 | 000,402,736 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2005/12/14 13:09:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/11/12 17:21:32 | 000,002,632 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/11/12 01:02:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/08/28 02:19:42 | 000,000,105 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/08/28 02:19:42 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/07/19 01:31:05 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/05/08 11:48:10 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/03/20 00:11:46 | 000,000,313 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2005/03/13 16:48:52 | 000,000,146 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2005/03/09 01:56:48 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2005/03/07 22:37:33 | 000,000,281 | ---- | C] () -- C:\WINDOWS\PROVW.INI
[2005/03/07 22:37:32 | 000,000,712 | ---- | C] () -- C:\WINDOWS\KPSTUDIO.INI
[2005/03/04 00:15:27 | 000,000,199 | ---- | C] () -- C:\WINDOWS\importclient.INI
[2005/03/04 00:07:52 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2005/03/04 00:07:46 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2005/03/04 00:07:46 | 000,030,080 | ---- | C] () -- C:\WINDOWS\System32\Ptabimp3.exe
[2005/02/21 22:24:38 | 000,000,042 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2005/02/20 22:21:26 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2005/02/06 21:41:00 | 000,000,842 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/11/27 23:00:10 | 000,000,062 | ---- | C] () -- C:\WINDOWS\TassWin.INI
[2004/11/27 22:47:26 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\CETNUASM.DLL
[2004/11/06 02:56:04 | 000,000,221 | ---- | C] () -- C:\WINDOWS\MVPCRIB.INI
[2004/10/28 13:47:14 | 000,000,102 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2004/10/28 13:46:39 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2004/10/28 13:46:39 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2004/09/25 20:53:32 | 000,000,954 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2004/09/25 20:48:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2004/09/19 00:52:10 | 000,000,107 | ---- | C] () -- C:\WINDOWS\MVPEUCHR.INI
[2004/09/18 01:32:23 | 000,000,075 | ---- | C] () -- C:\WINDOWS\RPlanner.INI
[2004/09/18 01:32:04 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PlugFile.dll
[2004/09/18 01:32:03 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2004/09/18 01:32:03 | 000,038,688 | ---- | C] () -- C:\WINDOWS\System32\Leaddib.drv
[2004/09/18 01:32:03 | 000,011,136 | ---- | C] () -- C:\WINDOWS\System32\Fprun300.dll
[2004/09/04 17:05:46 | 000,000,265 | ---- | C] () -- C:\WINDOWS\7THLEVEL.INI
[2004/09/02 07:53:26 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/21 18:03:51 | 000,002,221 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2004/08/18 21:09:09 | 000,158,463 | ---- | C] () -- C:\WINDOWS\HP Image Zone Express Uninstaller.exe
[2004/08/06 14:30:11 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2004/08/01 21:25:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/07/27 13:38:44 | 000,002,554 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004/07/27 03:09:02 | 000,007,766 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/07/23 06:08:30 | 000,000,031 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2004/06/27 19:48:25 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/06/22 20:02:23 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2004/06/08 10:35:16 | 000,000,009 | ---- | C] () -- C:\WINDOWS\SSDI_MI.INI
[2004/06/08 10:05:18 | 000,000,444 | ---- | C] () -- C:\WINDOWS\QEFamily.INI
[2004/06/05 16:56:47 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Melinda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/05/27 21:02:29 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2004/05/27 21:02:25 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2004/05/27 21:02:25 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
[2004/05/27 21:02:24 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2004/05/15 01:53:07 | 000,000,266 | ---- | C] () -- C:\WINDOWS\Clubhouse.ini
[2004/05/15 01:47:49 | 000,000,125 | ---- | C] () -- C:\WINDOWS\ka.ini
[2004/05/15 00:47:55 | 000,374,784 | ---- | C] () -- C:\WINDOWS\3DG32.DLL
[2004/05/15 00:47:55 | 000,000,250 | ---- | C] () -- C:\WINDOWS\3dr.ini
[2004/05/10 18:03:20 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2004/05/07 09:00:21 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2004/05/07 08:56:37 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/05/07 08:23:35 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/08 07:24:19 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/04/08 07:23:39 | 000,000,622 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/03/24 10:04:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2004/03/24 10:04:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/02/11 13:22:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\CDVPreviewEx.dll
[2003/08/20 18:46:52 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2003/04/08 14:14:58 | 000,000,015 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2003/04/08 14:08:25 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2003/04/08 14:08:24 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2003/04/08 14:08:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2003/04/08 14:08:14 | 000,212,992 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2003/04/08 14:08:14 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2003/04/08 14:05:09 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2003/04/08 14:05:09 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/04/08 14:05:09 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2003/04/08 14:05:09 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2003/04/08 14:05:09 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/04/08 14:05:09 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2003/04/08 14:05:09 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2003/04/08 13:55:25 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2003/04/08 13:55:23 | 000,028,672 | ---- | C] () -- C:\WINDOWS\htpatch.exe
[2003/04/08 13:55:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\winio.sys
[2003/04/08 06:45:41 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2003/04/08 06:39:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/04/07 23:31:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/07 23:30:23 | 000,401,528 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/02/18 18:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2002/06/20 12:09:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2002/05/24 05:46:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2002/05/24 05:44:47 | 000,004,760 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2002/03/14 13:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2001/08/23 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 05:00:00 | 000,392,296 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 05:00:00 | 000,058,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1997/11/10 15:18:48 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 00:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2002/08/29 03:41:24 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\$NtUninstallKB820291$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Melinda\My Documents\BootVis.exe:SummaryInformation
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E35A81F4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A82AE908
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A6EA835
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C411C08

< End of report >
_______________________________________

OTL Extras logfile created on: 4/4/2011 2:16:43 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Melinda\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 191.00 Mb Available Physical Memory | 37.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 56.75 Gb Free Space | 60.92% Space Free | Partition Type: NTFS

Computer Name: MELINDA-C0BC9LY | User Name: Melinda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1004336348-507921405-1957994488-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"8370:TCP" = 8370:TCP:*:Disabled:League of Legends Launcher
"8370:UDP" = 8370:UDP:*:Disabled:League of Legends Launcher
"8371:TCP" = 8371:TCP:*:Disabled:League of Legends Launcher
"8371:UDP" = 8371:UDP:*:Disabled:League of Legends Launcher
"8372:TCP" = 8372:TCP:*:Disabled:League of Legends Launcher
"8372:UDP" = 8372:UDP:*:Disabled:League of Legends Launcher
"8373:TCP" = 8373:TCP:*:Disabled:League of Legends Launcher
"8373:UDP" = 8373:UDP:*:Disabled:League of Legends Launcher
"8374:TCP" = 8374:TCP:*:Disabled:League of Legends Launcher
"8374:UDP" = 8374:UDP:*:Disabled:League of Legends Launcher
"8375:TCP" = 8375:TCP:*:Disabled:League of Legends Launcher
"8375:UDP" = 8375:UDP:*:Disabled:League of Legends Launcher
"6933:TCP" = 6933:TCP:*:Disabled:League of Legends Launcher
"6933:UDP" = 6933:UDP:*:Disabled:League of Legends Launcher
"8376:TCP" = 8376:TCP:*:Disabled:League of Legends Launcher
"8376:UDP" = 8376:UDP:*:Disabled:League of Legends Launcher
"6972:TCP" = 6972:TCP:*:Disabled:League of Legends Launcher
"6972:UDP" = 6972:UDP:*:Disabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe" = C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe:*:Disabled:hpgs2wnf Module -- ()
"C:\WINDOWS\system32\hphipm11.exe" = C:\WINDOWS\system32\hphipm11.exe:*:Enabled:HPHipm11 -- (HP)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe" = C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe:*:Enabled:Belkin Wireless Networking Utility -- (Belkin)
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Disabled:League of Legends Game Client -- ()
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Disabled:League of Legends Lobby -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro
"{0D396571-7BBD-44CE-ABB3-518BF86B72F7}" = HP Photo and Imaging 1.0 - HP Photosmart Printer Series
"{1E2D1B31-C0E0-4663-B50A-1C92F696A09F}" = Ben There, Dan That!
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230B9098-A165-491F-B499-8F41AA7139F6}" = WorldWinner Games
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 21
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F50AF3B-8997-4916-0095-99D63DDB785A}" = Harry Potter
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C468F15-CC56-11D5-AA2E-0008C760B784}" = Disney's Magic Artist Cartoon Maker
"{563FE39E-B4D7-4DC0-B443-97313128AEC0}" = Hallmark Card Studio Special Edition
"{5DE1B7CF-7429-40CA-987F-6BEE09B63787}" = Prime95
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6818E2F8-132B-4A68-94EA-CDC8B8132CD4}" = Castlevania & Contra
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745B416E-1796-43E6-9497-BAF7AFE11821}" = Frogger: The Great Quest
"{74BCC862-CCD6-4A58-BDF9-7BB59FC31AB3}" = American Greetings Scrapbooks and More!
"{7B7D1750-582F-11D5-BEAF-0010B5557565}" = Ulead PhotoImpact 7 ESD
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115528390}" = Peggle Nights
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9770A25C-45A7-478E-AF50-4FDE53EED270}" = American Greetings CreataCard Select 6
"{9909CB44-1865-4A9A-AC87-6DBFB59982BA}" = Art Explosion Christian Greeting Card Factory
"{996AB37C-8E5C-4B4D-89EE-4C2043E59C7A}" = PalmAdvancedChatTools_v5_setup
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{AD8780DE-96F5-454B-B551-E063B94AAD4F}" = Homework Helpers
"{D32FA1FF-78EC-4FFB-B339-F6CEFCA1EFE5}" = ConceptDraw Office
"{D5F9E6AA-7075-49EC-992F-A6213C73607F}" = Adobe Photoshop Album
"{D63FAE5C-121F-4D15-AC91-13E4F73DFFBC}" = Family Tree Maker
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AndreaMosaicVersion3" = AndreaMosaic 3.18
"AOL Uninstaller" = AOL Uninstaller
"ATT-AACE" = ATT-AACE
"AVG9Uninstall" = AVG Free 9.0
"BroadJump Client Foundation" = BroadJump Client Foundation
"Catz" = Catz (remove only)
"CleanUp!" = CleanUp!
"Clue" = Clue
"C-Media Audio" = C-Media 3D Audio
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Create Family Trees Quick and Easy" = Create Family Trees Quick and Easy
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"DivX Codec" = DivX 5.0.3 Pro Bundle
"Docx Docm to Doc Converter 3000_is1" = Docx Docm to Doc Converter 3000 7.4
"DrawPlus 3.0" = DrawPlus 3.0
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"EDraw Flowchart Software_is1" = EDraw Flowchart Software v1.6.1
"eMazing Mazes" = eMazing Mazes
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"Franklin The Turtle Club" = Franklin The Turtle Club
"Friendly Forest Math Club" = Friendly Forest Math Club
"HijackThis" = HijackThis 2.0.2
"HP Image Zone Express" = HP Image Zone Express
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"hphuni04" = Photosmart 130,230,7150,7345,7350,7550 (Remove only)
"ie8" = Windows Internet Explorer 8
"jv16 PowerTools_is1" = jv16 PowerTools 2005
"Kid Pix Studio Deluxe 1.0" = Kid Pix Studio Deluxe
"Little Shop Of Treasures_is1" = Little Shop Of Treasures
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Merriam-Webster's Reference Library" = Merriam-Webster's Reference Library
"MGI_PRISM_V3_0" = MGI PhotoSuite III SE (Remove Only)
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"morph.exe" = Morph
"Mosaic 2000" = Mosaic 2000
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Mozilla Firefox 4.0b12 (x86 en-US)" = Mozilla Firefox 4.0b12 (x86 en-US)
"Nero - Burning Rom!UninstallKey" = Ahead Nero 6 Demo
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"OneTouch Version 3.0" = OneTouch Version 3.0
"OpenAL" = OpenAL
"PaperPort 7.0" = PaperPort 7.0
"PhoTagsExpress" = PhoTags Express
"PhotoGenetics 2.0" = PhotoGenetics 2.0
"Pokemon PC_is1" = Pokemon PC 1.8
"PRJPRO" = Microsoft Office Project Professional 2007
"QuickTime" = QuickTime
"QuicktimeAlt_is1" = QuickTime Alternative 1.21
"Rainbow fish and the Whale-U.S. English" = Rainbow fish and the Whale
"Reader Rabbit Reading Ages 4-6" = Reader Rabbit Reading Ages 4-6
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic
"Samsung DVC Media" = Samsung DVC Media
"Scholastic's I SPY School Days" = Scholastic's I SPY School Days
"Scholastic's I SPY Treasure Hunt" = Scholastic's I SPY Treasure Hunt
"Scooby-Doo™, Case File #1 The Glowing Bug Man" = Scooby-Doo™, Case File #1 The Glowing Bug Man
"Scooby-Doo™, Case File #2 The Scary Stone Dragon" = Scooby-Doo™, Case File #2 The Scary Stone Dragon
"Sierra Utilities" = Sierra Utilities
"Sniffy Pro For Windows" = Sniffy Pro For Windows
"SpheresOfChaos" = Spheres Of Chaos (remove only)
"Spyware Doctor" = Spyware Doctor 6.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"The Game Of Life" = The Game Of Life
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VISPRO" = Microsoft Office Visio Professional 2007
"Web Games Player Plugin" = Web Games Player Plugin
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows WMF Metafile Vulnerability HotFix_is1" = Windows WMF Metafile Vulnerability HotFix 1.2
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"X3DFontsDeinstKey" = 3D Font Creator
"X-Fonter_is1" = X-Fonter 4.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo! Toolbar" = Yahoo! Toolbar
"Zoboomafoo Animal Alphabet™" = Zoboomafoo Animal Alphabet™
"Zoboomafoo Animal logic" = ZoboMafoo Animal Logic
"Zoboomafoo Creature Quest™" = Zoboomafoo Creature Quest™

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1004336348-507921405-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457
"SOE-Free Realms" = Free Realms

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/23/2011 1:19:14 AM | Computer Name = MELINDA-C0BC9LY | Source = nview_info | ID = 11141121
Description =

Error - 3/28/2011 2:53:49 AM | Computer Name = MELINDA-C0BC9LY | Source = ESENT | ID = 490
Description = svchost (1004) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 3/28/2011 2:53:49 AM | Computer Name = MELINDA-C0BC9LY | Source = ESENT | ID = 470
Description = Catalog Database (1004) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.

Error - 3/29/2011 2:59:47 AM | Computer Name = MELINDA-C0BC9LY | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 3/30/2011 7:08:41 AM | Computer Name = MELINDA-C0BC9LY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 3/30/2011 8:10:21 AM | Computer Name = MELINDA-C0BC9LY | Source = nview_info | ID = 11141121
Description =

Error - 3/30/2011 8:11:17 AM | Computer Name = MELINDA-C0BC9LY | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 3/31/2011 4:27:26 AM | Computer Name = MELINDA-C0BC9LY | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 2.0.0.4094, faulting
module mozalloc.dll, version 2.0.0.4094, fault address 0x00001a39.

Error - 4/1/2011 6:40:50 PM | Computer Name = MELINDA-C0BC9LY | Source = .NET Runtime | ID = 0
Description =

Error - 4/1/2011 11:30:18 PM | Computer Name = MELINDA-C0BC9LY | Source = Application Error | ID = 1000
Description = Faulting application hphmon04.exe, version 4.1.14.0, faulting module
unknown, version 0.0.0.0, fault address 0x10001bb5.

[ System Events ]
Error - 4/1/2011 4:45:31 PM | Computer Name = MELINDA-C0BC9LY | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {BCFADA1E-8E3F-4716-AA44-992F8D278F06}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 4/1/2011 6:39:28 PM | Computer Name = MELINDA-C0BC9LY | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {BCFADA1E-8E3F-4716-AA44-992F8D278F06}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 4/1/2011 8:05:53 PM | Computer Name = MELINDA-C0BC9LY | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {BCFADA1E-8E3F-4716-AA44-992F8D278F06}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 4/1/2011 11:30:43 PM | Computer Name = MELINDA-C0BC9LY | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {BCFADA1E-8E3F-4716-AA44-992F8D278F06}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 4/3/2011 7:41:54 PM | Computer Name = MELINDA-C0BC9LY | Source = Service Control Manager | ID = 7000
Description = The AOL Spyware Protection Service service failed to start due to
the following error: %%2

Error - 4/3/2011 7:41:58 PM | Computer Name = MELINDA-C0BC9LY | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {BCFADA1E-8E3F-4716-AA44-992F8D278F06}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 4/3/2011 9:43:00 PM | Computer Name = MELINDA-C0BC9LY | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {BCFADA1E-8E3F-4716-AA44-992F8D278F06}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 4/3/2011 9:47:37 PM | Computer Name = MELINDA-C0BC9LY | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {BCFADA1E-8E3F-4716-AA44-992F8D278F06}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 4/3/2011 11:52:09 PM | Computer Name = MELINDA-C0BC9LY | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {BCFADA1E-8E3F-4716-AA44-992F8D278F06}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 4/4/2011 4:14:50 AM | Computer Name = MELINDA-C0BC9LY | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {BCFADA1E-8E3F-4716-AA44-992F8D278F06}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.


< End of report >
_______________________________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

At the moment, my PC is usable, but it is slow. I tend to look at task manager, from time to time (and especially whenever I experience serious sluggishness) just to see what's going on. Usually, System Idle is at about 90-96% of CPU capacity (it bounces around, of course, depending on what I'm doing, but generally it's within that range). Obviously, whenever I see it WAY off (for example, at 18% or something), I am very interested in what is eating up all of my resources. On more than one occasion, these processes have used quite a bit of CPU capacity:

avgchsvx.exe
jqs.exe

I realize the first is related to AVG anti-virus, and the second is Java Quick-Start. I do NOT know, however, whether these files are necessary. I used to be able to check Yahoo! email, with a few other tabs open, and also a couple of Word docs open, maybe Adobe Photoshop, without issues. Lately, just these few things SEEM to be too much for my computer to handle, but I don't think that's the case. I think somehow, I changed (or neglected to update) something, or my sons downloaded something problematic and it's a user error, of sorts...just a hunch.

Awaiting your reply, (and, thank you, again, for your assistance).

~Melinda

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:26 PM

Posted 04 April 2011 - 09:45 AM

Hi,

the log is looking rather clean, please run a scan with RkU next:
Please download Rootkit Unhooker from one of the following links and save it to your desktop. Link 1 (.exe file) Link 2 (zipped file) Link 3 (.rar file) In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.
  • Double-click on RKUnhookerLE.exe to start the program. Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Since you mentioned that the slowness started shortly after installing the addon, I would suggest uninstalling the addon as a first step. The page for smart bookmarks suggests this addon as a replacement: https://addons.mozilla.org/en-US/firefox/addon/roomy-bookmarks-toolbar/ .
The block you listed seems to have been a web access. Sometimes these kind of malicious websites manage to place advertisements on legit pages or legit pages get hacked and redirect to these malicious sites. It does not necessarily have to be related to the addon you installed. If you don't trust the addon, I would definitely recommend removing it.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 echological1

echological1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Greater Los Angeles area
  • Local time:09:26 AM

Posted 07 April 2011 - 10:41 AM

Here is the Rootkit Report you requested:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF9D5000 C:\WINDOWS\System32\nv4_disp.dll 4530176 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 93.71 )
0xF8273000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 3997696 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 93.71 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2188928 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2188928 bytes
0x804D7000 RAW 2188928 bytes
0x804D7000 WMIxWDM 2188928 bytes
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF80D9000 C:\WINDOWS\system32\drivers\cmuda.sys 819200 bytes (C-Media Inc, C-Media Audio WDM Driver)
0xF8022000 C:\WINDOWS\System32\DRIVERS\Intels51.sys 602112 bytes (Intel Corporation, Intel V.92 Modem)
0xF86D2000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF654C000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB5A0B000 C:\WINDOWS\system32\DRIVERS\rt73.sys 454656 bytes (Ralink Technology, Corp., Ralink 802.11 USB Wireless Adapter Driver)
0xF7D74000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF66B8000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB9DCE000 C:\WINDOWS\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xB9618000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF6657000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xF6518000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xF7DD2000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF8827000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xBA19B000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF86A5000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF65BC000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6609000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF6691000 C:\WINDOWS\System32\Drivers\Mpfp.sys 159744 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
0xF87D1000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF6631000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB9C42000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF80B5000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF81C4000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF81A1000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF8776000 PCTCore.sys 143360 bytes (PC Tools, PC Tools KDS Core Driver)
0xF65E7000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF8799000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF87F7000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF868B000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF87B9000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9E48000 C:\WINDOWS\system32\drivers\tmcomm.sys 98304 bytes (Trend Micro Inc., TrendMicro Common Module)
0xF875F000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF800B000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xBA046000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF81E8000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF81FC000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EE000 ACPI_HAL 81152 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF6711000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF9C3000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF8816000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7F5A000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF683C000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF8946000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8916000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF88D6000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF8AE6000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF8A56000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF8966000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF88C6000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xF8956000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xBA430000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF8AC6000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xF89D6000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF89C6000 C:\WINDOWS\system32\drivers\WmXlCore.sys 61440 bytes (Logitech Inc., Logitech WingMan Translation Driver)
0xF88E6000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF88B6000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF8AA6000 C:\WINDOWS\System32\DRIVERS\hphid411.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xF7FFB000 C:\WINDOWS\System32\Drivers\hphs2k11.sys 53248 bytes (Hewlett-Packard, Printer Card Mass Storage Driver)
0xF8AD6000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF8976000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8896000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8996000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8A86000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF8926000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8886000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8986000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8AB6000 C:\WINDOWS\System32\DRIVERS\amdk7.sys 40960 bytes (Microsoft Corporation, Processor Device Driver)
0xF8876000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF89E6000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF89B6000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8936000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 36864 bytes (Oak Technology Inc., Audio File System)
0xF88A6000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF8A96000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF8A36000 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xF89A6000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF8A66000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB9598000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF8A46000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8BD6000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF8C36000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF8B06000 SISAGPX.sys 32768 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF8BCE000 C:\WINDOWS\System32\DRIVERS\sisnic.sys 32768 bytes (SiS Corporation, SiS PCI Fast Ethernet Adapter Driver)
0xF8C56000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF8BBE000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF8C1E000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF8AF6000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF8C3E000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF8BB6000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF8BFE000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF8BDE000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF8C26000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF8B9E000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF8C0E000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF8C4E000 C:\WINDOWS\System32\drivers\hphius11.sys 20480 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xF8C2E000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF8AFE000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8BEE000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8BF6000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF8BE6000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF8BC6000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF8B46000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8D72000 C:\WINDOWS\System32\DRIVERS\hphipr11.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xB9A3E000 C:\WINDOWS\System32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF8D1A000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF8D62000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBACE0000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8D3A000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF8D66000 C:\WINDOWS\system32\drivers\WmBEnum.sys 16384 bytes (Logitech Inc., Logitech WingMan Virtual Bus Enumerator Driver)
0xF8C86000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7D60000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7F36000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB99EE000 C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 12288 bytes
0xF8D6E000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF8D46000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8D3E000 C:\WINDOWS\System32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xF8D36000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB993E000 C:\WINDOWS\system32\drivers\WmVirHid.sys 12288 bytes (Logitech Inc., Logitech WingMan Virtual Hid Device Driver)
0xF8DAA000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8D7A000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF8DA8000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8D76000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8DAC000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8DF4000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8DAE000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8DA0000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8DA6000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8D78000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8EF6000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8E8F000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8FAD000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8E3E000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0xF57D8C20 Unknown thread object [ ETHREAD 0x8304BDA8 ] , 600 bytes
0xF57CA2D0 Unknown thread object [ ETHREAD 0x83027568 ] , 600 bytes
0xB2CA1C20 Unknown thread object [ ETHREAD 0x82B86380 ] , 600 bytes
0xB2C932D0 Unknown thread object [ ETHREAD 0x82A6FDA8 ] , 600 bytes
0xF57D8C20 Unknown thread object [ ETHREAD 0x82B9BDA8 ] , 600 bytes
0xF57CA2D0 Unknown thread object [ ETHREAD 0x82AB6CD0 ] , 600 bytes
0xB1707C20 Unknown thread object [ ETHREAD 0x82C6D020 ] , 600 bytes
0xB16F92D0 Unknown thread object [ ETHREAD 0x82A4FDA8 ] , 600 bytes

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:26 PM

Posted 07 April 2011 - 10:44 AM

Hi,

could you please run TDSSKiller next:

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 echological1

echological1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Greater Los Angeles area
  • Local time:09:26 AM

Posted 07 April 2011 - 02:16 PM

I was curious what TDSSKiller is, so I looked it up online, and came across this advice:

"Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2"

Is that how I should proceed, or would you prefer that I use the link you provided?

Thank you in advance for the clarification.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:26 PM

Posted 07 April 2011 - 02:39 PM

Hi,

they should both have the same version, however feel free to download the exe from this site: http://support.kaspersky.com/viruses/solutions?qid=208280684

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 echological1

echological1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Greater Los Angeles area
  • Local time:09:26 AM

Posted 07 April 2011 - 03:37 PM

Here is the TDSSKiller report:

2011/04/07 13:27:32.0728 0960 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/07 13:27:32.0989 0960 ================================================================================
2011/04/07 13:27:32.0989 0960 SystemInfo:
2011/04/07 13:27:32.0989 0960
2011/04/07 13:27:32.0989 0960 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/07 13:27:32.0989 0960 Product type: Workstation
2011/04/07 13:27:32.0989 0960 ComputerName: MELINDA-C0BC9LY
2011/04/07 13:27:32.0989 0960 UserName: Melinda
2011/04/07 13:27:32.0989 0960 Windows directory: C:\WINDOWS
2011/04/07 13:27:33.0009 0960 System windows directory: C:\WINDOWS
2011/04/07 13:27:33.0009 0960 Processor architecture: Intel x86
2011/04/07 13:27:33.0009 0960 Number of processors: 1
2011/04/07 13:27:33.0009 0960 Page size: 0x1000
2011/04/07 13:27:33.0009 0960 Boot type: Normal boot
2011/04/07 13:27:33.0009 0960 ================================================================================
2011/04/07 13:27:34.0771 0960 Initialize success
2011/04/07 13:28:01.0990 3084 ================================================================================
2011/04/07 13:28:01.0990 3084 Scan started
2011/04/07 13:28:01.0990 3084 Mode: Manual;
2011/04/07 13:28:01.0990 3084 ================================================================================
2011/04/07 13:28:04.0113 3084 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/04/07 13:28:04.0434 3084 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/07 13:28:04.0584 3084 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/07 13:28:04.0835 3084 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/07 13:28:05.0015 3084 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/04/07 13:28:05.0495 3084 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2011/04/07 13:28:05.0656 3084 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/04/07 13:28:06.0227 3084 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/04/07 13:28:06.0557 3084 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/07 13:28:07.0048 3084 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/07 13:28:07.0218 3084 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/07 13:28:07.0458 3084 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/07 13:28:07.0659 3084 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/07 13:28:07.0879 3084 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/04/07 13:28:08.0219 3084 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2011/04/07 13:28:08.0400 3084 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2011/04/07 13:28:08.0530 3084 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2011/04/07 13:28:08.0680 3084 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/07 13:28:09.0051 3084 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/04/07 13:28:09.0131 3084 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/04/07 13:28:09.0461 3084 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/07 13:28:09.0591 3084 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/07 13:28:09.0822 3084 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/07 13:28:09.0982 3084 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/07 13:28:10.0142 3084 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/07 13:28:10.0563 3084 cmuda (be8cb37c2094a72057c794afb753cce8) C:\WINDOWS\system32\drivers\cmuda.sys
2011/04/07 13:28:11.0094 3084 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/07 13:28:11.0314 3084 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/07 13:28:11.0554 3084 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/07 13:28:11.0694 3084 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/07 13:28:11.0845 3084 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/07 13:28:12.0035 3084 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/04/07 13:28:12.0205 3084 Dot4 HPH11 (02e5d9216994b7c77bbfe01adcb783a4) C:\WINDOWS\system32\DRIVERS\hphid411.sys
2011/04/07 13:28:12.0355 3084 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/04/07 13:28:12.0546 3084 Dot4Print HPH11 (0fcc3ed5a97260eec98ceae8167e940a) C:\WINDOWS\system32\DRIVERS\hphipr11.sys
2011/04/07 13:28:12.0676 3084 Dot4Storage HPH11 (93c5582eb9a04cf25b29ca0f1fe57a87) C:\WINDOWS\system32\Drivers\hphs2k11.sys
2011/04/07 13:28:12.0836 3084 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/04/07 13:28:12.0976 3084 Dot4Usb HPH11 (08b9bf9c88867d3b70473657ae4307b3) C:\WINDOWS\system32\drivers\hphius11.sys
2011/04/07 13:28:13.0227 3084 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/07 13:28:13.0387 3084 DVC (cae7fa10ce5607f9a5b4724ecae0544b) C:\WINDOWS\system32\Drivers\DVC.sys
2011/04/07 13:28:14.0218 3084 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/07 13:28:14.0368 3084 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/07 13:28:14.0498 3084 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/07 13:28:14.0649 3084 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/07 13:28:14.0819 3084 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/07 13:28:14.0959 3084 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/07 13:28:15.0099 3084 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/07 13:28:15.0250 3084 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/07 13:28:15.0460 3084 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/07 13:28:15.0750 3084 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/07 13:28:16.0151 3084 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/07 13:28:16.0321 3084 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/07 13:28:16.0862 3084 Intels51 (eb6d8e9cd813596b6d59d878337a4998) C:\WINDOWS\system32\DRIVERS\Intels51.sys
2011/04/07 13:28:17.0112 3084 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/07 13:28:17.0282 3084 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/07 13:28:17.0433 3084 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/07 13:28:17.0583 3084 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/07 13:28:17.0773 3084 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/07 13:28:17.0983 3084 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/07 13:28:18.0174 3084 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/07 13:28:18.0344 3084 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/07 13:28:18.0474 3084 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/07 13:28:18.0684 3084 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/07 13:28:18.0845 3084 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/07 13:28:19.0115 3084 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/04/07 13:28:19.0295 3084 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/04/07 13:28:19.0596 3084 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/07 13:28:19.0766 3084 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/07 13:28:20.0016 3084 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/04/07 13:28:20.0237 3084 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/07 13:28:20.0357 3084 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/07 13:28:20.0497 3084 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/07 13:28:20.0647 3084 MPFP (136157e79849b9e5316ba4008d6075a8) C:\WINDOWS\system32\Drivers\Mpfp.sys
2011/04/07 13:28:21.0088 3084 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/07 13:28:21.0298 3084 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/07 13:28:21.0509 3084 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/04/07 13:28:21.0629 3084 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/07 13:28:21.0779 3084 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/07 13:28:21.0929 3084 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/07 13:28:22.0119 3084 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/07 13:28:22.0260 3084 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/07 13:28:22.0410 3084 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/07 13:28:22.0590 3084 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/07 13:28:22.0760 3084 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/07 13:28:23.0021 3084 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/07 13:28:23.0201 3084 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/07 13:28:23.0361 3084 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/07 13:28:23.0521 3084 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/07 13:28:23.0672 3084 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/07 13:28:23.0812 3084 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/07 13:28:23.0972 3084 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/07 13:28:24.0122 3084 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/07 13:28:24.0393 3084 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/07 13:28:24.0573 3084 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/07 13:28:24.0793 3084 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/07 13:28:25.0024 3084 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/07 13:28:25.0344 3084 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/07 13:28:26.0165 3084 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/07 13:28:26.0335 3084 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/07 13:28:26.0586 3084 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/07 13:28:26.0736 3084 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2011/04/07 13:28:26.0936 3084 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/07 13:28:27.0087 3084 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/07 13:28:27.0237 3084 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/07 13:28:27.0357 3084 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/07 13:28:27.0597 3084 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/07 13:28:27.0768 3084 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/07 13:28:27.0978 3084 PCTCore (aa9cfa67850893fbb168b9c4e4c86952) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/04/07 13:28:28.0659 3084 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\WINDOWS\System32\drivers\pfc.sys
2011/04/07 13:28:29.0370 3084 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/07 13:28:29.0510 3084 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/04/07 13:28:29.0720 3084 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/07 13:28:29.0851 3084 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/07 13:28:30.0391 3084 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/07 13:28:30.0562 3084 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/07 13:28:30.0732 3084 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/07 13:28:30.0862 3084 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/07 13:28:31.0052 3084 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/07 13:28:31.0172 3084 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/07 13:28:31.0333 3084 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/07 13:28:31.0553 3084 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/07 13:28:31.0753 3084 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/07 13:28:32.0014 3084 RT73 (4f153709d0691c6de8c9a4c5e813907c) C:\WINDOWS\system32\DRIVERS\rt73.sys
2011/04/07 13:28:32.0324 3084 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/07 13:28:32.0574 3084 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/07 13:28:32.0705 3084 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/07 13:28:32.0855 3084 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/07 13:28:33.0155 3084 sisagp (1630fbdbcb0cf3a60c02b6f140bab98b) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2011/04/07 13:28:33.0305 3084 SISNIC (5529b51aacff16fbdde4b34ff0af2b76) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2011/04/07 13:28:33.0456 3084 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/07 13:28:33.0736 3084 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/07 13:28:33.0926 3084 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/07 13:28:34.0117 3084 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/07 13:28:34.0337 3084 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/07 13:28:34.0487 3084 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/07 13:28:34.0657 3084 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/07 13:28:35.0208 3084 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/07 13:28:35.0378 3084 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/07 13:28:35.0569 3084 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/07 13:28:35.0749 3084 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/07 13:28:35.0919 3084 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/07 13:28:36.0150 3084 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/04/07 13:28:36.0420 3084 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/07 13:28:36.0760 3084 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/07 13:28:37.0021 3084 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/07 13:28:37.0181 3084 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/07 13:28:37.0341 3084 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/07 13:28:37.0481 3084 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/04/07 13:28:37.0632 3084 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/07 13:28:38.0122 3084 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/07 13:28:38.0403 3084 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/07 13:28:38.0573 3084 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/07 13:28:38.0723 3084 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/07 13:28:39.0064 3084 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/07 13:28:39.0304 3084 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/07 13:28:39.0464 3084 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/04/07 13:28:39.0725 3084 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/07 13:28:40.0055 3084 WmBEnum (84a90f13eebf4380345ef9474d30f10e) C:\WINDOWS\system32\drivers\WmBEnum.sys
2011/04/07 13:28:40.0225 3084 WmFilter (eb0034ac02a44dc784a3174d2b81e764) C:\WINDOWS\system32\drivers\WmFilter.sys
2011/04/07 13:28:40.0426 3084 WmVirHid (72c4f5a748c74d8d4016ccfa7367210f) C:\WINDOWS\system32\drivers\WmVirHid.sys
2011/04/07 13:28:40.0556 3084 WmXlCore (eacdcced934a185e61ce0684f71c2dec) C:\WINDOWS\system32\drivers\WmXlCore.sys
2011/04/07 13:28:40.0696 3084 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/04/07 13:28:40.0896 3084 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/07 13:28:41.0287 3084 ================================================================================
2011/04/07 13:28:41.0297 3084 Scan finished
2011/04/07 13:28:41.0297 3084 ================================================================================

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:26 PM

Posted 07 April 2011 - 03:50 PM

Hi,

I am not seeing any sign of infections. Have you had any symptoms since the initial detection?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 echological1

echological1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Greater Los Angeles area
  • Local time:09:26 AM

Posted 07 April 2011 - 04:27 PM

Just a few script errors, probably flash-related. Nothing major, since the Firefox crash and AVG alert mentioned above.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:26 PM

Posted 07 April 2011 - 04:53 PM

Hi,

just to be safe please run a scan with Eset:
ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

But it doesn't look as if you are currently infected.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 echological1

echological1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Greater Los Angeles area
  • Local time:09:26 AM

Posted 07 April 2011 - 07:41 PM

OK I will run the ESET scan next.

Also, I just noticed a file on my Desktop that I don't recall seeing before. It is a Text Document named "eula" and, oddly, in Properties, it shows date Created: Saturday, January 01, 2011, 12:14:00 AM (same date appears for Modified). I KNOW that file has not been on my Desktop all year. VERY weird. I didn't open it.

Not sure how significant that is, but I thought I would mention it.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:26 PM

Posted 08 April 2011 - 04:33 AM

Hi,

the file is very likely part of the file you extracted from tdsskiller.zip. Since it was extracted it will have the created/modified date that it had when it was zipped and not the date when you downloaded the zip file.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 echological1

echological1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Greater Los Angeles area
  • Local time:09:26 AM

Posted 08 April 2011 - 06:39 PM

ESET scan found one item:

C:\Documents and Settings\Melinda\My Documents\GOVERNMENT & LEGAL\Legal\SetupGamevance.exe probably a variant of Win32/Adware.Gamevance.AH application
______________________________________

Please advise what to do next.

Thank you.

~Melinda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users