Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Combofix w/o reading directions first...


  • This topic is locked This topic is locked
13 replies to this topic

#1 abbyander

abbyander

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 12 November 2011 - 10:12 PM

OK, so throughout the day I have run my Avast scan - 0 infections. Spybot search and Destroy - 0 infections. Malwarebytes' - 0 infections. I have looked for the YouTube downloader toolbar because I have YouTube Downloader....in 6 million different places. (Using IE9), it is not there. I have looked through system common program files for the other mention of what could be causing the redirect. NOTHING. I now ran ComboFix (without permission - I'm a bad educator...shhhhh.... and I'm getting a yahoo redirect, my Internet Explorer icon on the desktop now looks like the exact icon but just says Internet underneath it. My Avast, when I turned it back on, will not show an icon in the tray (and yes, I went and re-checked the box to do so). The only other thing I can think of is that I have Audacity...but it's never bothered me before. So.....here is my pathetic :oopsign: ComboFix Log...help?
ComboFix 11-11-12.04 - The Anderson Family 11/12/2011 20:10:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1012.353 [GMT -6:00]
Running from: c:\users\The Anderson Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\APW3OLIW\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Amazon.ico
c:\programdata\MercadoLivre.ico
c:\programdata\QuickStores.ico
c:\programdata\SPL2046.tmp
c:\programdata\SPL4B17.tmp
c:\programdata\SPL7BCD.tmp
c:\programdata\SPLA285.tmp
c:\programdata\SPLA765.tmp
c:\programdata\SPLEAAD.tmp
c:\windows\system32\oem144.inf
c:\windows\system32\rnaph.dll
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 )))))))))))))))))))))))))))))))
.
.
2011-11-13 02:23 . 2011-11-13 02:24 -------- d-----w- c:\users\The Anderson Family\AppData\Local\temp
2011-11-13 02:23 . 2011-11-13 02:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-12 21:03 . 2011-11-12 21:03 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32B36836-DBE7-4E03-81C1-870179F782F5}\offreg.dll
2011-11-11 07:53 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32B36836-DBE7-4E03-81C1-870179F782F5}\mpengine.dll
2011-11-09 06:18 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 06:17 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 06:17 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-06 14:26 . 2011-09-06 21:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-06 14:26 . 2011-09-06 21:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-06 14:26 . 2011-09-06 21:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-06 14:26 . 2011-09-06 21:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-06 14:26 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-06 14:26 . 2011-09-06 21:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-06 14:24 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-06 14:24 . 2011-09-06 21:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-06 14:24 . 2011-11-06 14:24 -------- d-----w- c:\programdata\AVAST Software
2011-11-06 14:24 . 2011-11-06 14:24 -------- d-----w- c:\program files\AVAST Software
2011-10-30 06:16 . 2011-11-01 10:20 -------- d-----w- c:\programdata\Musicnotes
2011-10-30 06:15 . 2011-10-30 06:15 -------- d-----w- c:\program files\Musicnotes
2011-10-23 18:53 . 2011-10-23 18:53 -------- d-----w- c:\users\The Anderson Family\AppData\Local\MAGIX
2011-10-18 00:06 . 2011-10-18 00:06 -------- d-----w- c:\users\The Anderson Family\AppData\Roaming\Plogue
2011-10-16 21:32 . 2011-10-16 21:32 -------- d-----w- c:\users\The Anderson Family\AppData\Local\MigWiz
2011-10-16 21:26 . 2011-10-16 21:26 -------- d-----w- c:\users\The Anderson Family\AppData\Roaming\Origin
2011-10-16 21:26 . 2011-10-16 21:26 -------- d-----w- c:\users\The Anderson Family\AppData\Local\Origin
2011-10-16 21:26 . 2011-10-16 21:26 -------- d-----w- c:\programdata\Origin
2011-10-16 21:25 . 2011-10-16 21:25 -------- d-----w- c:\programdata\Electronic Arts
2011-10-16 21:25 . 2011-10-16 21:25 -------- d-----w- c:\program files\Origin Games
2011-10-16 21:24 . 2011-10-16 21:25 -------- d-----w- c:\program files\Origin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-30 05:58 . 2011-07-01 01:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-04 01:40 . 2011-10-04 01:40 1096 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-09-06 13:30 . 2011-10-11 23:02 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35 . 2011-10-12 08:10 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-12 08:10 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-12 08:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-25 16:15 . 2011-10-11 23:02 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-11 23:02 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 16:14 . 2011-10-11 23:02 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 13:31 . 2011-10-11 23:02 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Antiphishing Domain Advisor"="c:\programdata\Antiphishing Domain Advisor\vmn3_5dn.exe" [2010-11-12 221144]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-21 165184]
.
c:\users\The Anderson Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2011-8-7 4562944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^eFax 4.3.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.3.lnk
backup=c:\windows\pss\eFax 4.3.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^The Anderson Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\The Anderson Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
2007-10-11 15:49 465136 ----a-w- c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCXCATS]
2006-10-16 08:31 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\dlcxtime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
2007-01-12 19:57 292336 ----a-w- c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2006-11-04 01:09 312200 ----a-w- c:\program files\Dell PC Fax\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 17:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 17:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 22:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 21:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2006-11-04 01:04 304008 ----a-w- c:\program files\Dell Photo AIO Printer 926\memcard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-17 12:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-05-27 02:50 15147400 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 20:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-07-21 03:04 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 15:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 135664]
R3 lgmdbus;LG Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmdbus.sys [2008-07-08 89600]
R3 lgmdmdfl;LG Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmdmdfl.sys [2008-07-08 14976]
R3 lgmdmdm;LG Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmdmdm.sys [2008-07-08 121344]
R3 lgmdmgmt;LG Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmdmgmt.sys [2008-07-08 114944]
R3 lgmdobex;LG Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmdobex.sys [2008-07-08 111232]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-12 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-06-12 8320]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\DRIVERS\swivspnt.sys [2007-03-26 20352]
R3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\DRIVERS\swnc8u56.sys [2009-07-22 197504]
R3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\DRIVERS\swumx56.sys [2009-07-22 148992]
R3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [2011-02-02 23608]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 21728]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-11-04 537480]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [2010-01-12 278528]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [2010-09-29 1082432]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 04:27]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 04:27]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2754110334-1437056570-1108777878-1000Core.job
- c:\users\The Anderson Family\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-05 14:13]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2754110334-1437056570-1108777878-1000UA.job
- c:\users\The Anderson Family\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-05 14:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-Easy Dock - c:\users\The Anderson Family\Documents\RCA EasyRip\EZDock.exe
MSConfigStartUp-eFax 4 - c:\program files\eFax Messenger 4.3\J2GDllCmd.exe
MSConfigStartUp-FinePointTILite - c:\progra~1\CENTUR~1\fplicensereg.exe
MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
MSConfigStartUp-MSN Toolbar - c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
MSConfigStartUp-nmapp - c:\program files\Pure Networks\Network Magic\nmapp.exe
MSConfigStartUp-nmctxth - c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
MSConfigStartUp-osCheck - c:\program files\Norton 360\osCheck.exe
MSConfigStartUp-pccguide - c:\program files\Trend Micro\Internet Security 14\pccguide.exe
MSConfigStartUp-RegistryMechanic - c:\program files\Registry Mechanic\RMTray.exe
MSConfigStartUp-SSDMonitor - c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
MSConfigStartUp-WatcherHelper - c:\program files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-12 20:24
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D207474F-6F4D-4E1E-81DC-9D2AA28A03CB}"=hex:51,66,7a,6c,4c,1d,38,12,21,44,14,
d6,7f,21,70,0b,fe,ca,de,6a,a7,d4,47,df
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{4F6AA3AB-A613-4736-A609-12B27F676631}"=hex:51,66,7a,6c,4c,1d,38,12,c5,a0,79,
4b,21,e8,58,02,d9,1f,51,f2,7a,39,22,25
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{CA6319C0-31B7-401E-A518-A07C3DB8F777}"=hex:51,66,7a,6c,4c,1d,38,12,ae,1a,70,
ce,85,7f,70,05,da,0e,e3,3c,38,e6,b3,63
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:10,0e,76,82,88,9c,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a8,6c,db,16,1e,40,46,42,86,35,75,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a8,6c,db,16,1e,40,46,42,86,35,75,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
Completion time: 2011-11-12 20:31:20
ComboFix-quarantined-files.txt 2011-11-13 02:30
.
Pre-Run: 215,140,503,552 bytes free
Post-Run: 215,379,673,088 bytes free
.
- - End Of File - - C6365865C70A8BB1A9D6D618C72E43D6

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 17 November 2011 - 10:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427639 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 abbyander

abbyander
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 18 November 2011 - 08:32 PM

I am running Windows Vista SP2 32 bit operating system. I have not been able to get rid of the "urlseek20.vmn.net" bug (for lack of a better word.

I have run Avast, Malware Bites Anti-Malware, Spy Bot Search and Destroy, tried to run HiJack This..not sure if it worked, and then ran Combofix. I have not been able to rid my computer of this "urlseek20.vmn.net" thing. I already attached the Combofix Log in my first post. Additionally, my physical memory is really full - I'm not sure what's causing this, but I've tried to re-set the parameters and they revert back to original even though I click apply.

I believe I have the original Windows CD available.

DDS and GMER logs coming
...

#4 abbyander

abbyander
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 18 November 2011 - 09:10 PM

Tried running both versions of DDS - neither would supply a report on notepad. They both tried to open something in a photo program I have called MAGIX. I couldn't get anything out of it. Ideas? Thank you!

#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 19 November 2011 - 08:24 AM

Welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We'll try two other tools to see if you can get them to run.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 abbyander

abbyander
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 20 November 2011 - 08:40 PM

Here are the two logs:

OTL logfile created on: 11/20/2011 6:54:20 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\The Anderson Family\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1012.45 Mb Total Physical Memory | 124.14 Mb Available Physical Memory | 12.26% Memory free
2.91 Gb Paging File | 0.78 Gb Available in Paging File | 27.01% Paging File free
Paging file location(s): c:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 201.26 Gb Free Space | 69.87% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.34 Gb Free Space | 53.44% Space Free | Partition Type: NTFS

Computer Name: THEANDERSONF-PC | User Name: The Anderson Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/20 18:49:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\The Anderson Family\Desktop\OTL.exe
PRC - [2011/10/09 11:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/09/06 15:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/22 22:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/03/01 22:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/11/12 09:38:54 | 000,221,144 | ---- | M] (Visicom Media Inc.) -- C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe
PRC - [2010/08/20 15:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/07/20 22:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010/01/20 16:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
PRC - [2010/01/12 10:11:24 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2009/08/27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2008/08/07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
PRC - [2008/02/21 16:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2006/11/03 19:07:04 | 000,537,480 | ---- | M] ( ) -- C:\Windows\System32\dlcxcoms.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/30 17:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/03/22 22:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2010/07/20 22:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/07/20 22:34:20 | 000,079,168 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/07/20 22:34:00 | 000,075,072 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/07/20 22:33:58 | 000,111,936 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/07/20 22:33:52 | 000,121,152 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/07/20 22:33:50 | 000,128,320 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/07/20 22:33:46 | 000,234,816 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/07/20 22:33:22 | 001,123,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/01/20 16:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
MOD - [2009/08/28 15:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvcLib.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/08/20 15:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/01/12 10:11:24 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2009/08/27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2008/08/07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008/08/04 10:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/02/21 16:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/10/11 09:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/11/03 19:07:04 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 15:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 15:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 15:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 15:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 15:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 15:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/01 04:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C160(UVC)
DRV - [2011/04/01 04:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/02/02 01:30:36 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TuneConvertAudio.sys -- (TuneConvertAudio)
DRV - [2010/09/29 10:05:06 | 001,082,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcmwlhigh6.sys -- (BCMH43XX)
DRV - [2010/05/14 16:02:14 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/01/28 15:46:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/28 15:46:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/10/20 09:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009/07/22 16:44:18 | 000,148,992 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
DRV - [2009/07/22 16:44:04 | 000,197,504 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)
DRV - [2009/06/12 15:51:44 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2009/06/12 15:51:42 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2009/06/12 15:51:42 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/22 10:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/07/08 14:55:56 | 000,121,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgmdmdm.sys -- (lgmdmdm)
DRV - [2008/07/08 14:55:56 | 000,114,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgmdmgmt.sys -- (lgmdmgmt) LG Mobile USB WMC Device Management Drivers (WDM)
DRV - [2008/07/08 14:55:56 | 000,111,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgmdobex.sys -- (lgmdobex)
DRV - [2008/07/08 14:55:56 | 000,089,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgmdbus.sys -- (lgmdbus) LG Mobile driver (WDM)
DRV - [2008/07/08 14:55:56 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgmdmdfl.sys -- (lgmdmdfl)
DRV - [2007/08/23 18:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/08/23 07:29:46 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/08/23 07:29:46 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/08/23 07:29:46 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/04/29 02:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/03/26 13:18:00 | 000,020,352 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swivspnt.sys -- (swivsp)
DRV - [2007/01/19 17:20:54 | 000,021,728 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\scmndisp.sys -- (SCMNdisP)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/18 12:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2754110334-1437056570-1108777878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-2754110334-1437056570-1108777878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2754110334-1437056570-1108777878-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2754110334-1437056570-1108777878-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin

[2010/01/17 16:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Anderson Family\AppData\Roaming\Mozilla\Extensions
[2009/10/18 13:05:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Anderson Family\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\The Anderson Family\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\The Anderson Family\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\The Anderson Family\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: 3D Life Player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\The Anderson Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\

O1 HOSTS File: ([2011/11/12 20:24:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (&RetailMeNot BHO) - {4F6AA3AB-A613-4736-A609-12B27F676631} - C:\Users\The Anderson Family\AppData\Roaming\RetailMeNot Add-on\RetailMeNot.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (&RetailMeNot Toolbar) - {D207474F-6F4D-4e1e-81DC-9D2AA28A03CB} - C:\Users\The Anderson Family\AppData\Roaming\RetailMeNot Add-on\RetailMeNot.dll ()
O3 - HKU\S-1-5-21-2754110334-1437056570-1108777878-1000\..\Toolbar\WebBrowser: (&RetailMeNot Toolbar) - {D207474F-6F4D-4E1E-81DC-9D2AA28A03CB} - C:\Users\The Anderson Family\AppData\Roaming\RetailMeNot Add-on\RetailMeNot.dll ()
O4 - HKLM..\Run: [Antiphishing Domain Advisor] C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe (Visicom Media Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\The Anderson Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2754110334-1437056570-1108777878-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2754110334-1437056570-1108777878-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13A7781C-74FE-45D8-A0C4-9B08DE548D10}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7928E672-4A4E-45A5-B7DA-653C7F3578CF}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\The Anderson Family\Pictures\moonlight.jpg
O24 - Desktop BackupWallPaper: C:\Users\The Anderson Family\Pictures\moonlight.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (Avanquest Software )
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^eFax 4.3.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^The Anderson Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DellAutomatedPCTuneUp - hkey= - key= - C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: DLCXCATS - hkey= - key= - File not found
MsConfig - StartUpReg: dlcxmon.exe - hkey= - key= - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
MsConfig - StartUpReg: ECenter - hkey= - key= - C:\DELL\E-Center\EULALauncher.exe ( )
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: FaxCenterServer - hkey= - key= - C:\Program Files\Dell PC Fax\fm3032.exe ()
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: MemoryCardManager - hkey= - key= - C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig - StartUpReg: WindowsWelcomeCenter - hkey= - key= - File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/20 18:49:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\The Anderson Family\Desktop\OTL.exe
[2011/11/16 17:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/16 17:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/16 17:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/16 17:10:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/16 17:04:22 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2011/11/16 17:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/16 16:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/11/16 16:47:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/12 20:31:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/12 20:31:25 | 000,000,000 | ---D | C] -- C:\Users\The Anderson Family\AppData\Local\temp
[2011/11/12 20:05:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/12 20:05:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/12 20:05:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/12 20:04:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/12 20:04:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/12 20:00:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/09 04:47:16 | 000,000,000 | ---D | C] -- C:\Users\The Anderson Family\Desktop\Veteran's Day
[2011/11/06 08:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/11/06 08:26:17 | 000,320,856 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/06 08:26:17 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/11/06 08:26:12 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/06 08:26:11 | 000,052,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/06 08:26:10 | 000,442,200 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/06 08:26:08 | 000,054,616 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/06 08:24:55 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/06 08:24:50 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/06 08:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/11/06 08:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/10/30 00:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Musicnotes
[2011/10/30 00:15:24 | 000,000,000 | ---D | C] -- C:\Users\The Anderson Family\Documents\Musicnotes
[2011/10/30 00:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Musicnotes
[2011/10/30 00:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\Musicnotes
[2011/10/23 12:53:38 | 000,000,000 | ---D | C] -- C:\Users\The Anderson Family\AppData\Local\MAGIX
[2007/12/31 19:17:04 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll
[2007/12/26 21:47:44 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2007/12/26 21:47:44 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2007/12/26 21:47:44 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[2007/12/26 21:47:44 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2007/12/26 21:47:44 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2007/12/26 21:47:44 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2007/12/26 21:47:44 | 000,537,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe
[2007/12/26 21:47:44 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2007/12/26 21:47:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2007/12/26 21:47:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2007/12/26 21:47:44 | 000,385,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe
[2007/12/26 21:47:44 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcxcfg.exe
[2007/12/26 21:47:44 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2007/12/26 21:47:44 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/20 18:49:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\The Anderson Family\Desktop\OTL.exe
[2011/11/20 18:46:21 | 000,000,240 | ---- | M] () -- C:\Users\The Anderson Family\Desktop\Logon.url
[2011/11/20 18:29:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/20 18:20:04 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/20 18:20:03 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/20 00:29:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/18 18:41:02 | 000,001,245 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/11/16 17:18:24 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/16 17:12:08 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/16 06:20:44 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/16 06:20:44 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/16 06:13:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/16 06:13:16 | 1060,339,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/15 19:30:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/12 20:45:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/11/12 20:24:28 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/07 06:58:01 | 000,071,175 | ---- | M] () -- C:\Users\The Anderson Family\Documents\2011 MG Attendance 6th Monday.pdf
[2011/11/07 06:57:00 | 000,071,063 | ---- | M] () -- C:\Users\The Anderson Family\Documents\201 MG Attendance 5th Grade Monday.pdf
[2011/11/07 06:55:45 | 000,070,635 | ---- | M] () -- C:\Users\The Anderson Family\Documents\2011 MG Ehren Attendance.pdf
[2011/11/07 06:53:45 | 000,071,348 | ---- | M] () -- C:\Users\The Anderson Family\Documents\2011 JH Choir Atttendance 8th.pdf
[2011/11/07 06:52:40 | 000,073,458 | ---- | M] () -- C:\Users\The Anderson Family\Documents\2011 JH Choir Attendance 7th.pdf
[2011/11/07 06:51:38 | 000,071,073 | ---- | M] () -- C:\Users\The Anderson Family\Documents\2011 HS Attendance Choir 9th.pdf
[2011/11/07 06:50:26 | 000,069,583 | ---- | M] () -- C:\Users\The Anderson Family\Documents\2011 HS Attendance Choir IV.pdf
[2011/11/07 06:49:33 | 000,068,282 | ---- | M] () -- C:\Users\The Anderson Family\Documents\2011 HS Attendance Choir III.pdf
[2011/11/07 06:48:32 | 000,069,050 | ---- | M] () -- C:\Users\The Anderson Family\Documents\2011 HS Attendance Choir I.pdf
[2011/11/07 06:47:14 | 000,070,509 | ---- | M] () -- C:\Users\The Anderson Family\Documents\2011 HS II Attendance.pdf
[2011/11/06 14:37:47 | 000,403,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/06 08:26:18 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/06 07:31:55 | 000,000,945 | ---- | M] () -- C:\Users\The Anderson Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/04 17:48:38 | 000,000,680 | ---- | M] () -- C:\Users\The Anderson Family\AppData\Local\d3d9caps.dat
[2011/10/30 00:15:24 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\Guitar Guru.lnk
[2011/10/30 00:15:24 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\Musicnotes Player.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/20 18:46:21 | 000,000,240 | ---- | C] () -- C:\Users\The Anderson Family\Desktop\Logon.url
[2011/11/16 17:18:24 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/16 17:12:08 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/12 20:05:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/12 20:05:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/12 20:05:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/12 20:05:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/12 20:05:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/07 15:41:30 | 000,070,509 | ---- | C] () -- C:\Users\The Anderson Family\Documents\2011 HS II Attendance.pdf
[2011/11/07 15:41:10 | 000,071,175 | ---- | C] () -- C:\Users\The Anderson Family\Documents\2011 MG Attendance 6th Monday.pdf
[2011/11/07 15:41:09 | 000,073,458 | ---- | C] () -- C:\Users\The Anderson Family\Documents\2011 JH Choir Attendance 7th.pdf
[2011/11/07 15:41:09 | 000,071,348 | ---- | C] () -- C:\Users\The Anderson Family\Documents\2011 JH Choir Atttendance 8th.pdf
[2011/11/07 15:41:09 | 000,071,073 | ---- | C] () -- C:\Users\The Anderson Family\Documents\2011 HS Attendance Choir 9th.pdf
[2011/11/07 15:41:09 | 000,071,063 | ---- | C] () -- C:\Users\The Anderson Family\Documents\201 MG Attendance 5th Grade Monday.pdf
[2011/11/07 15:41:09 | 000,070,635 | ---- | C] () -- C:\Users\The Anderson Family\Documents\2011 MG Ehren Attendance.pdf
[2011/11/07 15:41:09 | 000,069,583 | ---- | C] () -- C:\Users\The Anderson Family\Documents\2011 HS Attendance Choir IV.pdf
[2011/11/07 15:41:09 | 000,069,050 | ---- | C] () -- C:\Users\The Anderson Family\Documents\2011 HS Attendance Choir I.pdf
[2011/11/07 15:41:09 | 000,068,282 | ---- | C] () -- C:\Users\The Anderson Family\Documents\2011 HS Attendance Choir III.pdf
[2011/11/06 08:26:18 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/04 17:55:08 | 1060,339,712 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/04 04:48:25 | 000,000,680 | ---- | C] () -- C:\Users\The Anderson Family\AppData\Local\d3d9caps.dat
[2011/10/30 00:15:24 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\Guitar Guru.lnk
[2011/10/30 00:15:24 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\Musicnotes Player.lnk
[2011/08/07 20:25:51 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2011/06/26 08:09:51 | 000,000,031 | ---- | C] () -- C:\Users\The Anderson Family\AppData\Roaming\Days5.ini
[2011/06/17 11:52:39 | 000,000,000 | ---- | C] () -- C:\Users\The Anderson Family\AppData\Local\{8593A7F4-ED50-4CE3-BD65-E12672532382}
[2011/06/14 14:59:08 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2011/06/13 13:43:31 | 000,318,858 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2011/04/01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/04/01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/04/01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/04/01 03:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/03/22 22:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/02/25 21:22:10 | 000,018,432 | ---- | C] () -- C:\Users\The Anderson Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/11 21:58:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/27 15:49:51 | 000,007,294 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010/01/09 14:32:21 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/10/05 19:48:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/05 19:48:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/12/25 19:12:11 | 000,000,556 | ---- | C] () -- C:\Windows\eReg.dat
[2008/09/17 02:01:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/22 10:05:42 | 000,026,760 | R--- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 18:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 18:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 18:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/01/02 21:26:01 | 000,000,053 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/01/02 21:25:59 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2008/01/02 15:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 15:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 15:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2007/12/31 19:18:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2007/12/31 19:18:00 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2007/12/31 19:17:04 | 000,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2007/12/31 17:58:24 | 000,135,168 | ---- | C] () -- C:\Windows\System32\TIAKConfig2.dll
[2007/12/31 17:46:49 | 000,270,848 | ---- | C] () -- C:\Windows\System32\UNWISE32.EXE
[2007/12/26 21:47:55 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/12/26 21:47:55 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/12/26 21:47:55 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/12/26 21:47:53 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2007/12/26 21:47:44 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2007/12/26 21:47:44 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2007/12/26 21:47:44 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2007/12/26 21:47:44 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2007/12/26 21:47:44 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2007/12/26 21:47:44 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2007/12/26 21:47:44 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2007/12/26 21:47:44 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2007/12/26 21:47:44 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2007/12/26 21:47:44 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2007/12/26 21:47:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2007/12/26 21:47:41 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2007/12/26 21:47:41 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2007/12/26 21:47:41 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2007/12/26 21:47:41 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll
[2007/12/26 14:06:05 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/10 07:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 13:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,403,520 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/02/13 08:56:04 | 000,000,438 | ---- | C] () -- C:\Windows\System32\dlcxplc.ini

========== LOP Check ==========

[2008/01/18 19:33:53 | 000,000,000 | ---D | M] -- C:\Users\The Anderson Family\AppData\Roaming\Amazon
[2009/11/08 20:45:36 | 000,000,000 | ---D | M] -- C:\Users\The Anderson Family\AppData\Roaming\AT&T
[2009/11/09 19:12:02 | 000,000,000 | ---D | M] -- C:\Users\The Anderson Family\AppData\Roaming\Bytemobile
[2009/07/29 00:43:02 | 000,000,000 | ---D | M] -- C:\Users\The Anderson Family\AppData\Roaming\DataSafeOnline
[2008/07/02 12:37:56 | 000,000,000 | ---D | M] -- C:\Users\The Anderson Family\AppData\Roaming\eFax Messenger
[2010/08/12 19:50:31 | 000,000,000 | ---D | M] -- C:\Users\The Anderson Family\AppData\Roaming\FrimaStudio
[2009/12/25 22:16:59 | 000,000,000 | ---D | M] -- C:\Users\The Anderson Family\AppData\Roaming\Garritan
[2011/02/04 10:33:28 | 000,000,000 | ---D | M] -- C:\Users\The Anderson Family\AppData\Roaming\Leadertech
[2008/03/10 17:52:34 | 000,000,000 | ---D | M] -- C:\Users\The Anderson Family\AppData\Roaming\Libronix DLS
[2009/11/04 06:36:03 | 000,000,000 | ---D | M] -- C:\Users\The Anderson Family\AppData\Roaming\LimeWire
[2011/06/26 07:27:38 | 000,000,000 | ---D | M] -- C:\Users\The Anderson Family\AppData\Roaming\MAGIX
[2011/02/09 13:15:11 | 000,000,000 | ---D | M] -- C:\Users\The Anderson Family\AppData\Roaming\NCH Swift Sound
[2011/03/22 20:51:52 | 000,000,000 | ---D | M] -- C:\Users\The Anderson Family\AppData\Roaming\ooVoo Details
[2011/04/03 19:23:44 | 000,000,000 | ---D | M] -- C:\Users\The Anderson Family\AppData\Roaming\OpenCandy
[2011/10/16 15:26:48 | 000,000,000 | ---D | M] -- C:\Users\The Anderson Family\AppData\Roaming\Origin
[2010/12/31 12:34:04 | 000,000,000 | ---D | M] -- C:\Users\The Anderson Family\AppData\Roaming\PCDr
[2011/10/17 18:06:12 | 000,000,000 | ---D | M] -- C:\Users\The Anderson Family\AppData\Roaming\Plogue
[2009/10/02 14:44:32 | 000,000,000 | ---D | M] -- C:\Users\The Anderson Family\AppData\Roaming\RetailMeNot Add-on
[2010/08/07 10:13:44 | 000,000,000 | ---D | M] -- C:\Users\The Anderson Family\AppData\Roaming\SBTT
[2009/11/07 14:12:52 | 000,000,000 | ---D | M] -- C:\Users\The Anderson Family\AppData\Roaming\Sierra Wireless
[2011/01/16 12:54:59 | 000,000,000 | ---D | M] -- C:\Users\The Anderson Family\AppData\Roaming\WeatherBug
[2011/11/15 19:30:19 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 15:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/11/10 07:22:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/11/12 20:31:22 | 000,023,392 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/12/26 21:48:04 | 000,004,899 | RH-- | M] () -- C:\dell.sdr
[2007/12/31 19:18:07 | 000,000,074 | ---- | M] () -- C:\dlcx.log
[2009/11/09 19:11:06 | 000,437,707 | ---- | M] () -- C:\drivers.log
[2009/02/28 20:44:11 | 000,001,040 | ---- | M] () -- C:\EZ Dock_log.txt
[2009/10/25 15:03:44 | 000,000,471 | ---- | M] () -- C:\faxend.log
[2009/10/25 15:03:44 | 000,000,242 | ---- | M] () -- C:\faxendPdoc.log
[2009/10/25 15:03:42 | 000,000,378 | ---- | M] () -- C:\faxfile.log
[2011/11/16 06:13:16 | 1060,339,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/13 14:21:23 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2011/11/16 06:13:14 | 2097,152,000 | -HS- | M] () -- C:\pagefile.sys
[2011/01/16 12:55:55 | 000,054,290 | ---- | M] () -- C:\scramble.log
[2010/07/27 14:49:29 | 000,058,760 | ---- | M] () -- C:\symlcsv1.exe
[2007/12/26 14:29:10 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2010/01/04 20:46:55 | 000,010,393 | ---- | M] () -- C:\systinfo.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/10/20 02:33:28 | 000,117,760 | ---- | M] () -- C:\Windows\system32\Spool\prtprocs\w32x86\dlcxdrpp.dll
[2006/11/02 06:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >
[2011/09/06 07:30:12 | 002,043,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32k.sys

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 04:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\* >
[2008/07/06 13:43:03 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/15 21:09:26 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/15 21:09:26 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/15 21:09:26 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/15 21:09:30 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/15 21:09:30 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/11/03 19:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/11/03 19:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/11/03 19:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/11/03 19:11:24 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/15 21:09:26 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/15 21:09:26 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/15 21:09:26 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/15 21:09:30 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/15 21:09:30 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/11/03 19:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/11/03 19:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/11/03 19:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/11/03 19:11:24 | 002,388,264 | ---- | M] (Apple Inc.)

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\The Anderson Family\Documents\5th Grade Gator Night.dmsd:Roxio EMC Stream
@Alternate Data Stream - 64 bytes -> C:\Users\The Anderson Family\Documents\Kennedy Center Honors-Paul McCartney-Dec.28,2010.mp4:TOC.WMV
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:20240A47
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:140CF428
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:579740A4
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:38673444
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:10151AE6
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >


And the second one:

OTL Extras logfile created on: 11/20/2011 6:54:20 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\The Anderson Family\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1012.45 Mb Total Physical Memory | 124.14 Mb Available Physical Memory | 12.26% Memory free
2.91 Gb Paging File | 0.78 Gb Available in Paging File | 27.01% Paging File free
Paging file location(s): c:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 201.26 Gb Free Space | 69.87% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.34 Gb Free Space | 53.44% Space Free | Partition Type: NTFS

Computer Name: THEANDERSONF-PC | User Name: The Anderson Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\THEAND~1\AppData\Local\Temp\RarSFX0\SwiApiMux.exe" = C:\Users\THEAND~1\AppData\Local\Temp\RarSFX0\SwiApiMux.exe:*:Enabled:SwiApiMux


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3812C265-07DC-407F-9C36-2A3CDB672F3E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3FCC663A-28D1-4BAE-BA64-F0B238BC3945}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A70C30A-C4A1-4A8A-A311-9916DA18C9F5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A337053B-0689-413A-846E-CA84FA322D3F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1109305-7DCE-4EEE-8912-2BC16B024463}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C733E428-6699-4561-B9D6-2B918FCDD9CF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CDAFE22D-2EA3-4BC8-823A-588F64856E4E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CFA6C35B-1197-47B0-BE91-692D02125433}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F47DD897-5DB5-4CE0-B6FB-B176F9AB7D44}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D315C88-D78E-4F73-B40E-C462AE2F684E}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{105B7C76-B31A-46C1-A680-418C76B0C93E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1C4BDC95-4F04-45CA-BD3D-C9A6B8A69A80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1E279DD0-BCDC-4071-95F7-8E19AA1EC257}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{20EC9C4E-971C-475D-BAFE-807B822965D0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2173796B-46C4-4581-A490-2367DF6798E0}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{235A6DF7-4BFD-4E88-93F4-1C4496760664}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{300ED7F6-247F-4EDE-83AC-F38839E0496B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{33E07706-C71C-4573-A1CA-F5DD15BBE68A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{35F0B35F-1581-4C38-B4A7-F627F85AF1DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3ACD51E6-4E1D-4E57-962C-553F3EA87DE3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3EBA300F-5DE0-4EF1-B36F-83094E690264}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5F0CA387-85B6-4018-96EF-9C6F93BEEEB6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63000F52-282F-488B-A429-EF45348BAEFC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{68B96684-F46B-4C49-818A-47636957888B}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{6C4F02F3-84E2-456C-914B-5342817D9719}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6DF55BFD-081B-4E7F-A0AF-B68D46E29913}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78675005-F163-45DE-AB8A-2DC95CF0E369}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7B7846E9-EBD8-414D-9D17-1B8A1046BA28}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{83E7339C-6681-4454-9B4A-F64DD74DFD29}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{84DCC0D4-B4F2-4CC7-B291-EDE8B9A33FD8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{88E49507-0DAA-414E-B074-CCD38B56EA0D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9B174026-D1AB-4785-8E5A-5560E12217AC}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{9E5618EB-551F-4040-86E7-20809297D154}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A2424D39-84E3-4EC4-861B-0062BAB97B21}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6E40DDC-E805-45B1-94A1-B3973856182A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AA8A4D2F-CCE2-40D3-B62E-C812D7862D62}" = protocol=6 | dir=out | app=system |
"{ADD97C1D-5401-4D58-BF94-0E4352A1641E}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{C238033E-1882-4736-B2E9-B43A4D5AD37E}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{C34D17BA-C63E-48D9-BD7C-ECDC6EDEAD24}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8AE2DF8-2CDC-4213-B49E-C0E69738E9B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D06018B3-0DCE-4C8C-9C75-BAF2FA122D63}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{D484BF99-6801-4BA9-80AB-823A8C254818}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DA44B758-29E7-4A92-844A-D0582BDC55A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB0DCCCD-94C6-4FFB-B786-355825DED7C3}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DB0EECDB-1AFF-4561-A4DF-2C7A238331C0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DC3461E4-3E24-4A67-AF8D-971D5036DF74}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"TCP Query User{4B0CDFDA-9226-4765-9656-6AFB35C9B701}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{ADBFD348-E071-4CB3-8CA2-D53066E3657F}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{CA68F818-D6F9-4A95-8B01-4BAEE723DF42}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{D505A953-FE5A-4368-B369-C056E1648D71}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"TCP Query User{D8EC6332-C577-48F7-A2FF-CEA99320AABC}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{1D18C4BA-9EC1-489D-ACAF-D4D1505FA207}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"UDP Query User{56369641-5389-41B2-BCB3-E15736FDD166}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{73F96300-83C7-4364-A8C7-183F9382EEBF}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{C0D9B49C-E128-4619-BDE7-D572C10176B0}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"__ARIA_1013___is1" = Garritan Instruments for Finale
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement
"{0FA7B858-E0E1-400B-B5C0-1285F7D6FE5E}" = 926plv32
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.3.115
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam™
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FE34691C-4298-4667-9758-D7F534DD0B94}" = Dell Automated PC TuneUp
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.2
"ARIA Engine_is1" = ARIA Engine v1.0.7.3
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dell Fax Solutions" = Fax Solutions
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"FFmpeg for Audacity_is1" = FFmpeg 2009-01-08 for Audacity
"Finale 2010" = Finale 2010
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"MAGIX Photo Manager 9 US" = MAGIX Photo Manager 9
"MAGIX Screenshare US" = MAGIX Screenshare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.5
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"Origin" = Origin
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"UnityWebPlayer" = Unity Web Player
"vmn3_5dn" = Antiphishing Domain Advisor
"WinPcapInst" = WinPcap 4.1.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2754110334-1437056570-1108777878-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for The Anderson Family
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/19/2010 6:21:12 AM | Computer Name = TheAndersonF-PC | Source = Application Error | ID = 1000
Description = Faulting application symlcsvc.exe, version 1.9.2.84, time stamp 0x47a6aab7,
faulting module symlcnet.dll, version 1.9.2.84, time stamp 0x47a6aaa5, exception
code 0xc0000005, fault offset 0x00011204, process id 0x14dc, application start time
0x01ca98f11ef2cf50.

Error - 1/19/2010 9:05:37 AM | Computer Name = TheAndersonF-PC | Source = Application Error | ID = 1000
Description = Faulting application symlcsvc.exe, version 1.9.2.84, time stamp 0x47a6aab7,
faulting module symlcnet.dll, version 1.9.2.84, time stamp 0x47a6aaa5, exception
code 0xc0000005, fault offset 0x00011204, process id 0x1234, application start time
0x01ca99081745f810.

Error - 1/19/2010 2:22:36 PM | Computer Name = TheAndersonF-PC | Source = Application Error | ID = 1000
Description = Faulting application symlcsvc.exe, version 1.9.2.84, time stamp 0x47a6aab7,
faulting module symlcnet.dll, version 1.9.2.84, time stamp 0x47a6aaa5, exception
code 0xc0000005, fault offset 0x00011204, process id 0x163c, application start time
0x01ca99345f943ce0.

Error - 1/19/2010 5:06:09 PM | Computer Name = TheAndersonF-PC | Source = Application Error | ID = 1000
Description = Faulting application symlcsvc.exe, version 1.9.2.84, time stamp 0x47a6aab7,
faulting module symlcnet.dll, version 1.9.2.84, time stamp 0x47a6aaa5, exception
code 0xc0000005, fault offset 0x00011204, process id 0x11b4, application start time
0x01ca994b3895aa90.

Error - 1/19/2010 5:06:41 PM | Computer Name = TheAndersonF-PC | Source = Application Error | ID = 1000
Description = Faulting application symlcsvc.exe, version 1.9.2.84, time stamp 0x47a6aab7,
faulting module symlcnet.dll, version 1.9.2.84, time stamp 0x47a6aaa5, exception
code 0xc0000005, fault offset 0x00011204, process id 0x119c, application start time
0x01ca994b4c036bd0.

Error - 1/20/2010 1:07:15 AM | Computer Name = TheAndersonF-PC | Source = Application Error | ID = 1000
Description = Faulting application symlcsvc.exe, version 1.9.2.84, time stamp 0x47a6aab7,
faulting module symlcnet.dll, version 1.9.2.84, time stamp 0x47a6aaa5, exception
code 0xc0000005, fault offset 0x00011204, process id 0xd74, application start time
0x01ca998e6dd546a0.

Error - 1/20/2010 1:07:47 AM | Computer Name = TheAndersonF-PC | Source = Application Error | ID = 1000
Description = Faulting application symlcsvc.exe, version 1.9.2.84, time stamp 0x47a6aab7,
faulting module symlcnet.dll, version 1.9.2.84, time stamp 0x47a6aaa5, exception
code 0xc0000005, fault offset 0x00011204, process id 0xdd8, application start time
0x01ca998e814021b0.

Error - 1/20/2010 5:16:41 AM | Computer Name = TheAndersonF-PC | Source = Application Error | ID = 1000
Description = Faulting application symlcsvc.exe, version 1.9.2.84, time stamp 0x47a6aab7,
faulting module symlcnet.dll, version 1.9.2.84, time stamp 0x47a6aaa5, exception
code 0xc0000005, fault offset 0x00011204, process id 0x11b4, application start time
0x01ca99b1464664c0.

Error - 1/20/2010 9:08:19 AM | Computer Name = TheAndersonF-PC | Source = Application Error | ID = 1000
Description = Faulting application symlcsvc.exe, version 1.9.2.84, time stamp 0x47a6aab7,
faulting module symlcnet.dll, version 1.9.2.84, time stamp 0x47a6aaa5, exception
code 0xc0000005, fault offset 0x00011204, process id 0x113c, application start time
0x01ca99d1a297ea80.

Error - 1/20/2010 1:02:57 PM | Computer Name = TheAndersonF-PC | Source = Application Error | ID = 1000
Description = Faulting application symlcsvc.exe, version 1.9.2.84, time stamp 0x47a6aab7,
faulting module symlcnet.dll, version 1.9.2.84, time stamp 0x47a6aaa5, exception
code 0xc0000005, fault offset 0x00011204, process id 0x1734, application start time
0x01ca99f2696a4cf0.

[ Dell Events ]
Error - 1/1/2011 4:27:01 PM | Computer Name = TheAndersonF-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/1/2011 4:54:35 PM | Computer Name = TheAndersonF-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/1/2011 4:54:35 PM | Computer Name = TheAndersonF-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/3/2011 7:17:22 PM | Computer Name = TheAndersonF-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/3/2011 7:17:22 PM | Computer Name = TheAndersonF-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/30/2011 7:38:52 PM | Computer Name = TheAndersonF-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/30/2011 7:38:52 PM | Computer Name = TheAndersonF-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/10/2011 5:44:25 PM | Computer Name = TheAndersonF-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/10/2011 5:44:26 PM | Computer Name = TheAndersonF-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/6/2011 12:49:57 PM | Computer Name = TheAndersonF-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 5/23/2008 12:03:13 AM | Computer Name = TheAndersonF-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/28/2008 7:39:28 AM | Computer Name = TheAndersonF-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/11/2008 7:08:58 PM | Computer Name = TheAndersonF-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/15/2009 8:33:49 PM | Computer Name = TheAndersonF-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/1/2009 2:30:07 PM | Computer Name = TheAndersonF-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/20/2011 9:18:56 PM | Computer Name = TheAndersonF-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{51496AF9-B619-49B8-91BD-D1AA4521F2C1}
because another computer on the network has the same name. The server could not
start.

Error - 11/20/2011 9:19:05 PM | Computer Name = TheAndersonF-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{51496AF9-B619-49B8-91BD-D1AA4521F2C1}
because another computer on the network has the same name. The server could not
start.

Error - 11/20/2011 9:19:05 PM | Computer Name = TheAndersonF-PC | Source = netbt | ID = 4321
Description = The name "THEANDERSONF-PC:20" could not be registered on the interface
with IP address 0.0.0.0. The computer with the IP address 169.254.195.196 did not
allow the name to be claimed by this computer.

Error - 11/20/2011 9:19:12 PM | Computer Name = TheAndersonF-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{51496AF9-B619-49B8-91BD-D1AA4521F2C1}
because another computer on the network has the same name. The server could not
start.

Error - 11/20/2011 9:19:28 PM | Computer Name = TheAndersonF-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{51496AF9-B619-49B8-91BD-D1AA4521F2C1}
because another computer on the network has the same name. The server could not
start.

Error - 11/20/2011 9:19:28 PM | Computer Name = TheAndersonF-PC | Source = netbt | ID = 4321
Description = The name "THEANDERSONF-PC:20" could not be registered on the interface
with IP address 0.0.0.0. The computer with the IP address 169.254.195.196 did not
allow the name to be claimed by this computer.

Error - 11/20/2011 9:19:38 PM | Computer Name = TheAndersonF-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{51496AF9-B619-49B8-91BD-D1AA4521F2C1}
because another computer on the network has the same name. The server could not
start.

Error - 11/20/2011 9:20:49 PM | Computer Name = TheAndersonF-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{51496AF9-B619-49B8-91BD-D1AA4521F2C1}
because another computer on the network has the same name. The server could not
start.

Error - 11/20/2011 9:20:49 PM | Computer Name = TheAndersonF-PC | Source = netbt | ID = 4321
Description = The name "THEANDERSONF-PC:20" could not be registered on the interface
with IP address 0.0.0.0. The computer with the IP address 169.254.195.196 did not
allow the name to be claimed by this computer.

Error - 11/20/2011 9:20:55 PM | Computer Name = TheAndersonF-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{51496AF9-B619-49B8-91BD-D1AA4521F2C1}
because another computer on the network has the same name. The server could not
start.


< End of report >




#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 21 November 2011 - 06:18 AM

Hello, abbyander.


Step 1


Do you know what this program is:

926plv32

If no, please uninstall it via Add/Remove Programs.



Step 2


Please delete your copy of COmbofix and download a new one.



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.



Step 3

  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 abbyander

abbyander
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 25 November 2011 - 06:57 PM

OK, it's taken me forever...but 926plv32 is a Dell driver for my printer! So I'll leave it right where it is I do believe...commencing with your other directions. Thank you so much!

#9 abbyander

abbyander
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 25 November 2011 - 08:48 PM

OK, here is the result log from COMBOFIX:

ComboFix 11-11-25.02 - The Anderson Family 11/25/2011 18:15:09.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1012.322 [GMT -6:00]
Running from: c:\users\The Anderson Family\Desktop\etavaresCF.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-26 00:31 . 2011-11-26 00:33 -------- d-----w- c:\users\The Anderson Family\AppData\Local\temp
2011-11-26 00:31 . 2011-11-26 00:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-11-26 00:31 . 2011-11-26 00:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-25 19:32 . 2011-11-25 19:32 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A7C6463-F104-421F-AF56-E348A30E31D0}\offreg.dll
2011-11-25 19:32 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A7C6463-F104-421F-AF56-E348A30E31D0}\mpengine.dll
2011-11-16 23:18 . 2011-11-16 23:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-11-16 23:18 . 2011-11-16 23:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-11-16 23:18 . 2011-11-16 23:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-11-16 23:18 . 2011-11-16 23:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-11-16 23:18 . 2011-11-16 23:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-11-16 23:18 . 2011-11-16 23:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-11-16 23:18 . 2011-11-16 23:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-11-16 23:18 . 2011-11-16 23:18 -------- d-----w- c:\program files\QuickTime
2011-11-16 23:10 . 2011-11-16 23:10 -------- d-----w- c:\program files\iPod
2011-11-16 23:02 . 2011-11-16 23:02 -------- d-----w- c:\program files\Bonjour
2011-11-16 22:47 . 2011-11-16 22:47 -------- d-----w- c:\program files\Apple Software Update
2011-11-13 02:04 . 2011-11-26 00:10 -------- d-----w- C:\ComboFix
2011-11-09 06:18 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 06:17 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 06:17 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-06 14:26 . 2011-09-06 21:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-06 14:26 . 2011-09-06 21:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-06 14:26 . 2011-09-06 21:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-06 14:26 . 2011-09-06 21:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-06 14:26 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-06 14:26 . 2011-09-06 21:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-06 14:24 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-06 14:24 . 2011-09-06 21:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-06 14:24 . 2011-11-19 01:56 -------- d-----w- c:\programdata\AVAST Software
2011-11-06 14:24 . 2011-11-06 14:24 -------- d-----w- c:\program files\AVAST Software
2011-10-30 06:16 . 2011-11-19 01:54 -------- d-----w- c:\programdata\Musicnotes
2011-10-30 06:15 . 2011-10-30 06:15 -------- d-----w- c:\program files\Musicnotes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 22:42 . 2011-07-01 01:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-04 01:40 . 2011-10-04 01:40 1096 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-09-06 13:30 . 2011-10-11 23:02 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35 . 2011-10-12 08:10 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-12 08:10 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-12 08:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 05:05 . 2011-08-31 05:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 05:05 . 2011-08-31 05:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 05:05 . 2011-08-31 05:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Antiphishing Domain Advisor"="c:\programdata\Antiphishing Domain Advisor\vmn3_5dn.exe" [2010-11-12 221144]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-21 165184]
.
c:\users\The Anderson Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2011-8-7 4562944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^eFax 4.3.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.3.lnk
backup=c:\windows\pss\eFax 4.3.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^The Anderson Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\The Anderson Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
2007-10-11 15:49 465136 ----a-w- c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCXCATS]
2006-10-16 08:31 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\dlcxtime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
2007-01-12 19:57 292336 ----a-w- c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2006-11-04 01:09 312200 ----a-w- c:\program files\Dell PC Fax\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 17:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 17:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 06:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 21:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2006-11-04 01:04 304008 ----a-w- c:\program files\Dell Photo AIO Printer 926\memcard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-17 12:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-05-27 02:50 15147400 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 20:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-07-21 03:04 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 15:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 135664]
R3 lgmdbus;LG Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmdbus.sys [2008-07-08 89600]
R3 lgmdmdfl;LG Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmdmdfl.sys [2008-07-08 14976]
R3 lgmdmdm;LG Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmdmdm.sys [2008-07-08 121344]
R3 lgmdmgmt;LG Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmdmgmt.sys [2008-07-08 114944]
R3 lgmdobex;LG Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmdobex.sys [2008-07-08 111232]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-12 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-06-12 8320]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\DRIVERS\swivspnt.sys [2007-03-26 20352]
R3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\DRIVERS\swnc8u56.sys [2009-07-22 197504]
R3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\DRIVERS\swumx56.sys [2009-07-22 148992]
R3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [2011-02-02 23608]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 21728]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-11-04 537480]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [2010-01-12 278528]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [2010-09-29 1082432]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 04:27]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 04:27]
.
.
------- Supplementary Scan -------
.
uStart Page =
https://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-11-25 18:33
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
.
c:\users\THEAND~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D207474F-6F4D-4E1E-81DC-9D2AA28A03CB}"=hex:51,66,7a,6c,4c,1d,38,12,21,44,14,
d6,7f,21,70,0b,fe,ca,de,6a,a7,d4,47,df
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{4F6AA3AB-A613-4736-A609-12B27F676631}"=hex:51,66,7a,6c,4c,1d,38,12,c5,a0,79,
4b,21,e8,58,02,d9,1f,51,f2,7a,39,22,25
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{CA6319C0-31B7-401E-A518-A07C3DB8F777}"=hex:51,66,7a,6c,4c,1d,38,12,ae,1a,70,
ce,85,7f,70,05,da,0e,e3,3c,38,e6,b3,63
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:10,0e,76,82,88,9c,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a8,6c,db,16,1e,40,46,42,86,35,75,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a8,6c,db,16,1e,40,46,42,86,35,75,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
Completion time: 2011-11-25 18:44:06
ComboFix-quarantined-files.txt 2011-11-26 00:43
ComboFix2.txt 2011-11-13 02:31
.
Pre-Run: 215,212,027,904 bytes free
Post-Run: 215,458,480,128 bytes free
.
- - End Of File - - 0E96B4786226BDE338F4421701010CD3

And here is the result log from Kasperski:

19:36:44.0469 42892 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
19:36:44.0516 42892 ============================================================
19:36:44.0516 42892 Current date / time: 2011/11/25 19:36:44.0516
19:36:44.0516 42892 SystemInfo:
19:36:44.0516 42892
19:36:44.0516 42892 OS Version: 6.0.6002 ServicePack: 2.0
19:36:44.0516 42892 Product type: Workstation
19:36:44.0516 42892 ComputerName: THEANDERSONF-PC
19:36:44.0516 42892 UserName: The Anderson Family
19:36:44.0516 42892 Windows directory: C:\Windows
19:36:44.0516 42892 System windows directory: C:\Windows
19:36:44.0516 42892 Processor architecture: Intel x86
19:36:44.0516 42892 Number of processors: 2
19:36:44.0516 42892 Page size: 0x1000
19:36:44.0516 42892 Boot type: Normal boot
19:36:44.0516 42892 ============================================================
19:36:45.0545 42892 Initialize success
19:37:32.0926 40364 ============================================================
19:37:32.0926 40364 Scan started
19:37:32.0926 40364 Mode: Manual;
19:37:32.0926 40364 ============================================================
19:37:33.0956 40364 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:37:33.0987 40364 ACPI - ok
19:37:34.0065 40364 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
19:37:34.0081 40364 adp94xx - ok
19:37:34.0143 40364 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
19:37:34.0143 40364 adpahci - ok
19:37:34.0206 40364 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
19:37:34.0206 40364 adpu160m - ok
19:37:34.0268 40364 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
19:37:34.0268 40364 adpu320 - ok
19:37:34.0393 40364 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:37:34.0408 40364 AFD - ok
19:37:34.0440 40364 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
19:37:34.0440 40364 agp440 - ok
19:37:34.0486 40364 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:37:34.0486 40364 aic78xx - ok
19:37:34.0533 40364 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
19:37:34.0533 40364 aliide - ok
19:37:34.0580 40364 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
19:37:34.0580 40364 amdagp - ok
19:37:34.0627 40364 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
19:37:34.0627 40364 amdide - ok
19:37:34.0642 40364 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
19:37:34.0642 40364 AmdK7 - ok
19:37:34.0689 40364 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
19:37:34.0689 40364 AmdK8 - ok
19:37:34.0783 40364 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
19:37:34.0798 40364 arc - ok
19:37:34.0861 40364 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
19:37:34.0861 40364 arcsas - ok
19:37:34.0923 40364 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys
19:37:34.0923 40364 aswFsBlk - ok
19:37:34.0986 40364 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys
19:37:34.0986 40364 aswMonFlt - ok
19:37:35.0017 40364 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys
19:37:35.0032 40364 aswRdr - ok
19:37:35.0079 40364 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys
19:37:35.0095 40364 aswSnx - ok
19:37:35.0157 40364 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys
19:37:35.0173 40364 aswSP - ok
19:37:35.0204 40364 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys
19:37:35.0204 40364 aswTdi - ok
19:37:35.0251 40364 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:37:35.0251 40364 AsyncMac - ok
19:37:35.0282 40364 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:37:35.0282 40364 atapi - ok
19:37:35.0438 40364 BCMH43XX (7709ac51aa626e68dbeacd70e67e772c) C:\Windows\system32\DRIVERS\bcmwlhigh6.sys
19:37:35.0469 40364 BCMH43XX - ok
19:37:35.0516 40364 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:37:35.0516 40364 Beep - ok
19:37:35.0547 40364 blbdrive - ok
19:37:35.0641 40364 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:37:35.0641 40364 bowser - ok
19:37:35.0672 40364 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:37:35.0672 40364 BrFiltLo - ok
19:37:35.0703 40364 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:37:35.0703 40364 BrFiltUp - ok
19:37:35.0750 40364 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:37:35.0750 40364 Brserid - ok
19:37:35.0812 40364 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:37:35.0812 40364 BrSerWdm - ok
19:37:35.0859 40364 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:37:35.0859 40364 BrUsbMdm - ok
19:37:35.0875 40364 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:37:35.0875 40364 BrUsbSer - ok
19:37:35.0906 40364 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:37:35.0906 40364 BTHMODEM - ok
19:37:36.0000 40364 catchme - ok
19:37:36.0046 40364 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:37:36.0062 40364 cdfs - ok
19:37:36.0093 40364 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:37:36.0093 40364 cdrom - ok
19:37:36.0124 40364 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
19:37:36.0124 40364 circlass - ok
19:37:36.0187 40364 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:37:36.0187 40364 CLFS - ok
19:37:36.0265 40364 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
19:37:36.0265 40364 cmdide - ok
19:37:36.0296 40364 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
19:37:36.0296 40364 Compbatt - ok
19:37:36.0343 40364 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
19:37:36.0343 40364 crcdisk - ok
19:37:36.0374 40364 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
19:37:36.0374 40364 Crusoe - ok
19:37:36.0436 40364 datunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\datunidr.sys
19:37:36.0436 40364 datunidr - ok
19:37:36.0514 40364 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:37:36.0530 40364 DfsC - ok
19:37:36.0748 40364 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:37:36.0764 40364 disk - ok
19:37:36.0842 40364 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:37:36.0858 40364 drmkaud - ok
19:37:36.0920 40364 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:37:36.0920 40364 DXGKrnl - ok
19:37:36.0982 40364 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
19:37:36.0998 40364 e1express - ok
19:37:37.0076 40364 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:37:37.0076 40364 E1G60 - ok
19:37:37.0138 40364 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:37:37.0138 40364 Ecache - ok
19:37:37.0201 40364 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
19:37:37.0201 40364 elxstor - ok
19:37:37.0310 40364 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:37:37.0310 40364 exfat - ok
19:37:37.0372 40364 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:37:37.0388 40364 fastfat - ok
19:37:37.0435 40364 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:37:37.0466 40364 fdc - ok
19:37:37.0544 40364 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:37:37.0544 40364 FileInfo - ok
19:37:37.0591 40364 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:37:37.0591 40364 Filetrace - ok
19:37:37.0638 40364 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:37:37.0638 40364 flpydisk - ok
19:37:37.0700 40364 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:37:37.0700 40364 FltMgr - ok
19:37:37.0762 40364 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:37:37.0762 40364 Fs_Rec - ok
19:37:37.0809 40364 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
19:37:37.0809 40364 gagp30kx - ok
19:37:37.0856 40364 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
19:37:37.0872 40364 GEARAspiWDM - ok
19:37:37.0965 40364 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:37:37.0981 40364 HDAudBus - ok
19:37:37.0996 40364 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:37:37.0996 40364 HidBth - ok
19:37:38.0043 40364 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:37:38.0043 40364 HidIr - ok
19:37:38.0074 40364 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:37:38.0074 40364 HidUsb - ok
19:37:38.0121 40364 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
19:37:38.0121 40364 HpCISSs - ok
19:37:38.0199 40364 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:37:38.0262 40364 HSF_DPV - ok
19:37:38.0308 40364 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
19:37:38.0324 40364 HSXHWBS2 - ok
19:37:38.0386 40364 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:37:38.0386 40364 HTTP - ok
19:37:38.0433 40364 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
19:37:38.0433 40364 i2omp - ok
19:37:38.0496 40364 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:37:38.0558 40364 i8042prt - ok
19:37:38.0652 40364 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
19:37:38.0652 40364 iaStor - ok
19:37:38.0714 40364 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
19:37:38.0714 40364 iaStorV - ok
19:37:38.0808 40364 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:37:38.0870 40364 igfx - ok
19:37:38.0901 40364 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:37:38.0901 40364 iirsp - ok
19:37:38.0995 40364 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
19:37:39.0042 40364 IntcAzAudAddService - ok
19:37:39.0073 40364 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
19:37:39.0073 40364 intelide - ok
19:37:39.0120 40364 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:37:39.0120 40364 intelppm - ok
19:37:39.0166 40364 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:37:39.0166 40364 IpFilterDriver - ok
19:37:39.0198 40364 IpInIp - ok
19:37:39.0229 40364 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
19:37:39.0229 40364 IPMIDRV - ok
19:37:39.0291 40364 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:37:39.0307 40364 IPNAT - ok
19:37:39.0369 40364 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:37:39.0369 40364 IRENUM - ok
19:37:39.0416 40364 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
19:37:39.0416 40364 isapnp - ok
19:37:39.0478 40364 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:37:39.0478 40364 iScsiPrt - ok
19:37:39.0525 40364 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:37:39.0525 40364 iteatapi - ok
19:37:39.0541 40364 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:37:39.0541 40364 iteraid - ok
19:37:39.0588 40364 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:37:39.0588 40364 kbdclass - ok
19:37:39.0619 40364 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:37:39.0619 40364 kbdhid - ok
19:37:39.0666 40364 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
19:37:39.0681 40364 KSecDD - ok
19:37:39.0744 40364 lgmdbus (54fec13b60914784aa06685f352aed70) C:\Windows\system32\DRIVERS\lgmdbus.sys
19:37:39.0759 40364 lgmdbus - ok
19:37:39.0822 40364 lgmdmdfl (97b52613f0b621fc9eae007668da7b01) C:\Windows\system32\DRIVERS\lgmdmdfl.sys
19:37:39.0822 40364 lgmdmdfl - ok
19:37:39.0853 40364 lgmdmdm (b9cc203836509083d8be07b6a5b40862) C:\Windows\system32\DRIVERS\lgmdmdm.sys
19:37:39.0868 40364 lgmdmdm - ok
19:37:39.0931 40364 lgmdmgmt (b5e3263ca8173f9619075898df5d4718) C:\Windows\system32\DRIVERS\lgmdmgmt.sys
19:37:39.0931 40364 lgmdmgmt - ok
19:37:39.0993 40364 lgmdobex (a218c22fd0c4b8ac3ce38e08d1ac9e88) C:\Windows\system32\DRIVERS\lgmdobex.sys
19:37:40.0009 40364 lgmdobex - ok
19:37:40.0071 40364 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:37:40.0071 40364 lltdio - ok
19:37:40.0134 40364 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
19:37:40.0134 40364 LSI_FC - ok
19:37:40.0196 40364 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
19:37:40.0196 40364 LSI_SAS - ok
19:37:40.0258 40364 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
19:37:40.0258 40364 LSI_SCSI - ok
19:37:40.0321 40364 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:37:40.0321 40364 luafv - ok
19:37:40.0383 40364 lvpopflt (af280405c10f0d20f37670b7432e5c2f) C:\Windows\system32\DRIVERS\lvpopflt.sys
19:37:40.0383 40364 lvpopflt - ok
19:37:40.0446 40364 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\Drivers\LVPr2Mon.sys
19:37:40.0446 40364 LVPr2Mon - ok
19:37:40.0524 40364 LVRS (b6e1ccd6572984adcae68439afd07011) C:\Windows\system32\DRIVERS\lvrs.sys
19:37:40.0524 40364 LVRS - ok
19:37:40.0695 40364 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\Windows\system32\DRIVERS\lvuvc.sys
19:37:40.0820 40364 LVUVC - ok
19:37:40.0867 40364 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:37:40.0882 40364 mdmxsdk - ok
19:37:40.0914 40364 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
19:37:40.0914 40364 megasas - ok
19:37:40.0945 40364 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:37:40.0945 40364 Modem - ok
19:37:40.0992 40364 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
19:37:40.0992 40364 monitor - ok
19:37:41.0038 40364 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\Windows\system32\DRIVERS\motccgp.sys
19:37:41.0038 40364 motccgp - ok
19:37:41.0054 40364 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\Windows\system32\DRIVERS\motccgpfl.sys
19:37:41.0070 40364 motccgpfl - ok
19:37:41.0085 40364 MotDev - ok
19:37:41.0116 40364 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys
19:37:41.0116 40364 MotoSwitchService - ok
19:37:41.0179 40364 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:37:41.0179 40364 mouclass - ok
19:37:41.0226 40364 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:37:41.0226 40364 mouhid - ok
19:37:41.0272 40364 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:37:41.0272 40364 MountMgr - ok
19:37:41.0335 40364 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
19:37:41.0335 40364 mpio - ok
19:37:41.0382 40364 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:37:41.0382 40364 mpsdrv - ok
19:37:41.0413 40364 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:37:41.0428 40364 Mraid35x - ok
19:37:41.0491 40364 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:37:41.0491 40364 MREMP50 - ok
19:37:41.0506 40364 MREMPR5 - ok
19:37:41.0506 40364 MRENDIS5 - ok
19:37:41.0538 40364 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:37:41.0553 40364 MRESP50 - ok
19:37:41.0584 40364 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:37:41.0584 40364 MRxDAV - ok
19:37:41.0647 40364 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:37:41.0647 40364 mrxsmb - ok
19:37:41.0694 40364 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:37:41.0709 40364 mrxsmb10 - ok
19:37:41.0772 40364 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:37:41.0772 40364 mrxsmb20 - ok
19:37:41.0803 40364 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
19:37:41.0803 40364 msahci - ok
19:37:41.0834 40364 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
19:37:41.0834 40364 msdsm - ok
19:37:41.0912 40364 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:37:41.0912 40364 Msfs - ok
19:37:41.0974 40364 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:37:41.0974 40364 msisadrv - ok
19:37:42.0006 40364 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:37:42.0006 40364 MSKSSRV - ok
19:37:42.0068 40364 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:37:42.0068 40364 MSPCLOCK - ok
19:37:42.0099 40364 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:37:42.0099 40364 MSPQM - ok
19:37:42.0162 40364 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:37:42.0162 40364 MsRPC - ok
19:37:42.0208 40364 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:37:42.0208 40364 mssmbios - ok
19:37:42.0240 40364 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:37:42.0240 40364 MSTEE - ok
19:37:42.0255 40364 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:37:42.0271 40364 Mup - ok
19:37:42.0302 40364 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:37:42.0318 40364 NativeWifiP - ok
19:37:42.0364 40364 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:37:42.0380 40364 NDIS - ok
19:37:42.0427 40364 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:37:42.0427 40364 NdisTapi - ok
19:37:42.0458 40364 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:37:42.0474 40364 Ndisuio - ok
19:37:42.0505 40364 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:37:42.0505 40364 NdisWan - ok
19:37:42.0552 40364 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:37:42.0552 40364 NDProxy - ok
19:37:42.0567 40364 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:37:42.0567 40364 NetBIOS - ok
19:37:42.0614 40364 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:37:42.0630 40364 netbt - ok
19:37:42.0676 40364 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:37:42.0676 40364 nfrd960 - ok
19:37:42.0723 40364 npf (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
19:37:42.0739 40364 npf - ok
19:37:42.0786 40364 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:37:42.0786 40364 Npfs - ok
19:37:42.0832 40364 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:37:42.0832 40364 nsiproxy - ok
19:37:42.0910 40364 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:37:42.0926 40364 Ntfs - ok
19:37:42.0973 40364 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:37:42.0973 40364 ntrigdigi - ok
19:37:43.0004 40364 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:37:43.0020 40364 Null - ok
19:37:43.0066 40364 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
19:37:43.0066 40364 nvraid - ok
19:37:43.0098 40364 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
19:37:43.0113 40364 nvstor - ok
19:37:43.0144 40364 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
19:37:43.0160 40364 nv_agp - ok
19:37:43.0191 40364 NwlnkFlt - ok
19:37:43.0222 40364 NwlnkFwd - ok
19:37:43.0316 40364 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
19:37:43.0316 40364 ohci1394 - ok
19:37:43.0410 40364 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:37:43.0410 40364 Parport - ok
19:37:43.0472 40364 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:37:43.0472 40364 partmgr - ok
19:37:43.0488 40364 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:37:43.0503 40364 Parvdm - ok
19:37:43.0534 40364 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:37:43.0534 40364 pci - ok
19:37:43.0566 40364 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
19:37:43.0566 40364 pciide - ok
19:37:43.0597 40364 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:37:43.0612 40364 pcmcia - ok
19:37:43.0644 40364 PCTINDIS5 - ok
19:37:43.0722 40364 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:37:43.0753 40364 PEAUTH - ok
19:37:43.0846 40364 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:37:43.0862 40364 PptpMiniport - ok
19:37:43.0893 40364 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
19:37:43.0893 40364 Processor - ok
19:37:43.0971 40364 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:37:43.0971 40364 PSched - ok
19:37:44.0018 40364 PTproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys
19:37:44.0018 40364 PTproct - ok
19:37:44.0065 40364 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
19:37:44.0065 40364 PxHelp20 - ok
19:37:44.0143 40364 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
19:37:44.0174 40364 ql2300 - ok
19:37:44.0221 40364 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:37:44.0236 40364 ql40xx - ok
19:37:44.0283 40364 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:37:44.0283 40364 QWAVEdrv - ok
19:37:44.0408 40364 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
19:37:44.0502 40364 R300 - ok
19:37:44.0564 40364 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:37:44.0564 40364 RasAcd - ok
19:37:44.0611 40364 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:37:44.0611 40364 Rasl2tp - ok
19:37:44.0658 40364 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:37:44.0673 40364 RasPppoe - ok
19:37:44.0689 40364 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:37:44.0704 40364 RasSstp - ok
19:37:44.0736 40364 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:37:44.0736 40364 rdbss - ok
19:37:44.0767 40364 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:37:44.0767 40364 RDPCDD - ok
19:37:44.0814 40364 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
19:37:44.0829 40364 rdpdr - ok
19:37:44.0845 40364 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:37:44.0845 40364 RDPENCDD - ok
19:37:44.0907 40364 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:37:44.0923 40364 RDPWD - ok
19:37:45.0001 40364 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
19:37:45.0001 40364 RimVSerPort - ok
19:37:45.0048 40364 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
19:37:45.0063 40364 ROOTMODEM - ok
19:37:45.0110 40364 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:37:45.0126 40364 rspndr - ok
19:37:45.0157 40364 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:37:45.0157 40364 sbp2port - ok
19:37:45.0219 40364 SCMNdisP (3b68015683c27cb00c7a6b60a37cbcfd) C:\Windows\system32\DRIVERS\scmndisp.sys
19:37:45.0219 40364 SCMNdisP - ok
19:37:45.0235 40364 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:37:45.0250 40364 secdrv - ok
19:37:45.0266 40364 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:37:45.0282 40364 Serenum - ok
19:37:45.0313 40364 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:37:45.0313 40364 Serial - ok
19:37:45.0360 40364 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:37:45.0360 40364 sermouse - ok
19:37:45.0422 40364 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
19:37:45.0422 40364 sffdisk - ok
19:37:45.0469 40364 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
19:37:45.0469 40364 sffp_mmc - ok
19:37:45.0500 40364 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
19:37:45.0500 40364 sffp_sd - ok
19:37:45.0531 40364 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:37:45.0531 40364 sfloppy - ok
19:37:45.0594 40364 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
19:37:45.0594 40364 sisagp - ok
19:37:45.0640 40364 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
19:37:45.0656 40364 SiSRaid2 - ok
19:37:45.0703 40364 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
19:37:45.0703 40364 SiSRaid4 - ok
19:37:45.0796 40364 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:37:45.0812 40364 Smb - ok
19:37:45.0874 40364 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:37:45.0874 40364 spldr - ok
19:37:45.0968 40364 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:37:45.0984 40364 srv - ok
19:37:46.0046 40364 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:37:46.0062 40364 srv2 - ok
19:37:46.0077 40364 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:37:46.0093 40364 srvnet - ok
19:37:46.0202 40364 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:37:46.0202 40364 swenum - ok
19:37:46.0264 40364 swivsp (5230aab3a00b0a1b89580d8ed85b5bfa) C:\Windows\system32\DRIVERS\swivspnt.sys
19:37:46.0264 40364 swivsp - ok
19:37:46.0311 40364 swmsflt (57bbaef27dc790160245b43eb6dcd576) C:\Windows\System32\drivers\swmsflt.sys
19:37:46.0311 40364 swmsflt - ok
19:37:46.0374 40364 SWNC8U56 (48770611b4963ca79f695e9db8d9829c) C:\Windows\system32\DRIVERS\swnc8u56.sys
19:37:46.0374 40364 SWNC8U56 - ok
19:37:46.0436 40364 SWUMX20 - ok
19:37:46.0483 40364 SWUMX56 (8d4ee23f4f326d246fa988a9d891d9f1) C:\Windows\system32\DRIVERS\swumx56.sys
19:37:46.0483 40364 SWUMX56 - ok
19:37:46.0561 40364 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:37:46.0561 40364 Symc8xx - ok
19:37:46.0608 40364 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:37:46.0608 40364 Sym_hi - ok
19:37:46.0670 40364 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:37:46.0670 40364 Sym_u3 - ok
19:37:46.0748 40364 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
19:37:46.0764 40364 Tcpip - ok
19:37:46.0810 40364 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
19:37:46.0810 40364 Tcpip6 - ok
19:37:46.0857 40364 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:37:46.0857 40364 tcpipreg - ok
19:37:46.0888 40364 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:37:46.0888 40364 TDPIPE - ok
19:37:46.0935 40364 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:37:46.0935 40364 TDTCP - ok
19:37:46.0982 40364 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:37:46.0982 40364 tdx - ok
19:37:47.0029 40364 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:37:47.0029 40364 TermDD - ok
19:37:47.0060 40364 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:37:47.0076 40364 tssecsrv - ok
19:37:47.0107 40364 TuneConvertAudio (31dfe6d6800a3e82fc06bb64d779e711) C:\Windows\system32\drivers\TuneConvertAudio.sys
19:37:47.0122 40364 TuneConvertAudio - ok
19:37:47.0169 40364 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:37:47.0169 40364 tunmp - ok
19:37:47.0216 40364 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:37:47.0216 40364 tunnel - ok
19:37:47.0278 40364 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
19:37:47.0278 40364 uagp35 - ok
19:37:47.0341 40364 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:37:47.0356 40364 udfs - ok
19:37:47.0403 40364 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
19:37:47.0419 40364 uliagpkx - ok
19:37:47.0466 40364 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
19:37:47.0466 40364 uliahci - ok
19:37:47.0528 40364 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:37:47.0544 40364 UlSata - ok
19:37:47.0606 40364 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:37:47.0622 40364 ulsata2 - ok
19:37:47.0684 40364 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:37:47.0684 40364 umbus - ok
19:37:47.0762 40364 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
19:37:47.0762 40364 USBAAPL - ok
19:37:47.0824 40364 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
19:37:47.0856 40364 usbaudio - ok
19:37:47.0902 40364 usbbus (5aadc9297c39aa249cd994acdba19034) C:\Windows\system32\DRIVERS\lgusbbus.sys
19:37:47.0902 40364 usbbus - ok
19:37:47.0949 40364 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:37:47.0949 40364 usbccgp - ok
19:37:47.0980 40364 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:37:47.0996 40364 usbcir - ok
19:37:48.0027 40364 UsbDiag (4650ffe04e5922399b0e932319e6b215) C:\Windows\system32\DRIVERS\lgusbdiag.sys
19:37:48.0027 40364 UsbDiag - ok
19:37:48.0090 40364 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:37:48.0090 40364 usbehci - ok
19:37:48.0136 40364 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:37:48.0152 40364 usbhub - ok
19:37:48.0214 40364 USBModem (2666fe171e0c2e7085ccd5fe0bac09e3) C:\Windows\system32\DRIVERS\lgusbmodem.sys
19:37:48.0214 40364 USBModem - ok
19:37:48.0246 40364 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:37:48.0246 40364 usbohci - ok
19:37:48.0292 40364 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:37:48.0308 40364 usbprint - ok
19:37:48.0355 40364 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:37:48.0355 40364 usbscan - ok
19:37:48.0370 40364 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:37:48.0370 40364 USBSTOR - ok
19:37:48.0417 40364 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:37:48.0417 40364 usbuhci - ok
19:37:48.0464 40364 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:37:48.0464 40364 usbvideo - ok
19:37:48.0526 40364 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
19:37:48.0542 40364 vga - ok
19:37:48.0604 40364 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:37:48.0604 40364 VgaSave - ok
19:37:48.0651 40364 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
19:37:48.0651 40364 viaagp - ok
19:37:48.0698 40364 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
19:37:48.0698 40364 ViaC7 - ok
19:37:48.0729 40364 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
19:37:48.0729 40364 viaide - ok
19:37:48.0776 40364 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:37:48.0776 40364 volmgr - ok
19:37:48.0838 40364 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:37:48.0854 40364 volmgrx - ok
19:37:48.0901 40364 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:37:48.0916 40364 volsnap - ok
19:37:48.0932 40364 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
19:37:48.0948 40364 vsmraid - ok
19:37:48.0979 40364 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:37:48.0979 40364 WacomPen - ok
19:37:49.0010 40364 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:37:49.0026 40364 Wanarp - ok
19:37:49.0041 40364 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:37:49.0057 40364 Wanarpv6 - ok
19:37:49.0104 40364 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
19:37:49.0104 40364 Wd - ok
19:37:49.0197 40364 Wdf01000 (6d77ff2224d2d3984760acbdf4024a7b) C:\Windows\system32\drivers\Wdf01000.sys
19:37:49.0213 40364 Wdf01000 - ok
19:37:49.0306 40364 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
19:37:49.0306 40364 WimFltr - ok
19:37:49.0384 40364 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:37:49.0416 40364 winachsf - ok
19:37:49.0509 40364 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
19:37:49.0509 40364 WmiAcpi - ok
19:37:49.0603 40364 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:37:49.0634 40364 WpdUsb - ok
19:37:49.0665 40364 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:37:49.0665 40364 ws2ifsl - ok
19:37:49.0728 40364 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:37:49.0743 40364 WUDFRd - ok
19:37:49.0790 40364 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
19:37:49.0790 40364 XAudio - ok
19:37:49.0852 40364 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:37:49.0868 40364 \Device\Harddisk0\DR0 - ok
19:37:49.0884 40364 Boot (0x1200) (ecd288f1ebbed3192b9e4d9be18d97c2) \Device\Harddisk0\DR0\Partition0
19:37:49.0884 40364 \Device\Harddisk0\DR0\Partition0 - ok
19:37:49.0884 40364 Boot (0x1200) (f5dc3c610a0b0fcf491a5e7dbe43f618) \Device\Harddisk0\DR0\Partition1
19:37:49.0884 40364 \Device\Harddisk0\DR0\Partition1 - ok
19:37:49.0884 40364 ============================================================
19:37:49.0884 40364 Scan finished
19:37:49.0884 40364 ============================================================
19:37:49.0899 41892 Detected object count: 0
19:37:49.0899 41892 Actual detected object count: 0


Can you tell me what was quarrantined in ComboFix? I'm trying to get rid of this url redirect... thanks!!! :) I appreciate your help so very much!

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 27 November 2011 - 06:29 AM

Hello, abbyander.

Nothing was quarantined in Combofix in this run, unfortunately. Before, it did not get anything major as well.

A few questions about the redirect to help diagnose the root cause:
1. Does it happen in both Internet Explorer AND Firefox AND CHrome? Or just in one?
2. Do you have other computers sharing this internet connection? IF yes, are they redirected, or just this one?



Step 2



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

REgLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.



Step 2

We need to scan the system with this special tool:

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).
* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 abbyander

abbyander
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 28 November 2011 - 09:39 PM

OK...first, the redirect isn't happening anymore so far on Internet Explorer. I know I used to have Firefox and Google Chrome, but I can't find them anywhere to see if the problem would happen with those browsers too. I'm sure I deleted them.



Second... Here are the log results from the ComboFix scan that you requested:

ComboFix 11-11-28.02 - The Anderson Family 11/28/2011 19:43:06.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1012.136 [GMT -6:00]
Running from: c:\users\The Anderson Family\Desktop\etavaresCF.exe
Command switches used :: c:\users\The Anderson Family\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
.
.
2011-11-29 02:00 . 2011-11-29 02:01 -------- d-----w- c:\users\The Anderson Family\AppData\Local\temp
2011-11-29 02:00 . 2011-11-29 02:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-11-29 02:00 . 2011-11-29 02:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-25 19:32 . 2011-11-25 19:32 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A7C6463-F104-421F-AF56-E348A30E31D0}\offreg.dll
2011-11-25 19:32 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A7C6463-F104-421F-AF56-E348A30E31D0}\mpengine.dll
2011-11-16 23:18 . 2011-11-16 23:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-11-16 23:18 . 2011-11-16 23:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-11-16 23:18 . 2011-11-16 23:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-11-16 23:18 . 2011-11-16 23:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-11-16 23:18 . 2011-11-16 23:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-11-16 23:18 . 2011-11-16 23:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-11-16 23:18 . 2011-11-16 23:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-11-16 23:18 . 2011-11-16 23:18 -------- d-----w- c:\program files\QuickTime
2011-11-16 23:10 . 2011-11-16 23:10 -------- d-----w- c:\program files\iPod
2011-11-16 23:02 . 2011-11-16 23:02 -------- d-----w- c:\program files\Bonjour
2011-11-16 22:47 . 2011-11-16 22:47 -------- d-----w- c:\program files\Apple Software Update
2011-11-13 02:04 . 2011-11-26 00:10 -------- d-----w- C:\ComboFix
2011-11-09 06:18 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 06:17 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 06:17 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-06 14:26 . 2011-09-06 21:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-06 14:26 . 2011-09-06 21:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-06 14:26 . 2011-09-06 21:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-06 14:26 . 2011-09-06 21:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-06 14:26 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-06 14:26 . 2011-09-06 21:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-06 14:24 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-06 14:24 . 2011-09-06 21:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-06 14:24 . 2011-11-19 01:56 -------- d-----w- c:\programdata\AVAST Software
2011-11-06 14:24 . 2011-11-06 14:24 -------- d-----w- c:\program files\AVAST Software
2011-10-30 06:16 . 2011-11-19 01:54 -------- d-----w- c:\programdata\Musicnotes
2011-10-30 06:15 . 2011-10-30 06:15 -------- d-----w- c:\program files\Musicnotes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 22:42 . 2011-07-01 01:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-04 01:40 . 2011-10-04 01:40 1096 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-09-06 13:30 . 2011-10-11 23:02 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35 . 2011-10-12 08:10 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-12 08:10 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-12 08:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 05:05 . 2011-08-31 05:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 05:05 . 2011-08-31 05:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 05:05 . 2011-08-31 05:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Antiphishing Domain Advisor"="c:\programdata\Antiphishing Domain Advisor\vmn3_5dn.exe" [2010-11-12 221144]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-21 165184]
.
c:\users\The Anderson Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2011-8-7 4562944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^eFax 4.3.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.3.lnk
backup=c:\windows\pss\eFax 4.3.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^The Anderson Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\The Anderson Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
2007-10-11 15:49 465136 ----a-w- c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCXCATS]
2006-10-16 08:31 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\dlcxtime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
2007-01-12 19:57 292336 ----a-w- c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2006-11-04 01:09 312200 ----a-w- c:\program files\Dell PC Fax\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 17:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 17:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 06:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 21:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2006-11-04 01:04 304008 ----a-w- c:\program files\Dell Photo AIO Printer 926\memcard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-17 12:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-05-27 02:50 15147400 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 20:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-07-21 03:04 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 15:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 135664]
R3 lgmdbus;LG Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmdbus.sys [2008-07-08 89600]
R3 lgmdmdfl;LG Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmdmdfl.sys [2008-07-08 14976]
R3 lgmdmdm;LG Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmdmdm.sys [2008-07-08 121344]
R3 lgmdmgmt;LG Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmdmgmt.sys [2008-07-08 114944]
R3 lgmdobex;LG Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmdobex.sys [2008-07-08 111232]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-12 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-06-12 8320]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\DRIVERS\swivspnt.sys [2007-03-26 20352]
R3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\DRIVERS\swnc8u56.sys [2009-07-22 197504]
R3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\DRIVERS\swumx56.sys [2009-07-22 148992]
R3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [2011-02-02 23608]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 21728]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-11-04 537480]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [2010-01-12 278528]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [2010-09-29 1082432]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 16747703
*Deregistered* - 16747703
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 04:27]
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-21 04:27]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-28 20:01
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
? [56308]
? [58764]
? [60964]
? [58592]
? [58476]
? [60984]
? [63080]
? [59632]
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-11-28 20:12:59
ComboFix-quarantined-files.txt 2011-11-29 02:12
ComboFix2.txt 2011-11-26 00:44
ComboFix3.txt 2011-11-13 02:31
.
Pre-Run: 214,691,827,712 bytes free
Post-Run: 214,179,328,000 bytes free
.
- - End Of File - - 6B23CA72D7CCACB4EA643C8C1CFE6A13


And Third....I could not get the Junction.exe scan to work. I tried running it as an administrator also, but it would not open. The farthest I got was agreeing to the user agreement, then a black rectangle would flash on the screen....


Additionally, if you have any ideas for helping me to increase my physical memory, I'd really appreciate it....that's another sticking point for me right now. You are too awesome to take the time to help! Thank you! You are greatly appreciated!

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 29 November 2011 - 06:16 AM

Hello, abbyander.


Step 1


Please delete the Internet Explorer icon on your desktop. The one that only says Internet. YOu can recreate it by right-clicking and dragging the icon from the start menu to the desktop and click Create Shortcut. I'm also deleting the one on your Quick Launch Bar with the script below. It's "new" which leads me to believe it was modified by the virus.




Step 2

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 29 32-bit version. Note that if you have 64-bit windows, the default is to use a 32-bit browser. If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version.
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    Java™ SE Runtime Environment 6
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u29-windows-i586-s.exe to install the newest version. If you downloaded the 64-bit version, make sure to install that as well.




Step 3

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    :files
    C:\Users\The Anderson Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    :commands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 5

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 07 December 2011 - 06:44 AM

still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 11 December 2011 - 10:43 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users