Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with hijackthis


  • This topic is locked This topic is locked
65 replies to this topic

#1 Anne Arp

Anne Arp

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Hampton Roads, Virginia
  • Local time:05:25 PM

Posted 01 March 2012 - 07:52 AM

My computer will not load webmail from webhostingpad. It will load the sites and the home page but I can never get to the webmail. This is a new problem. I have scanned for trojans both online and with spybot and nothing. I am stumped. Outlook canít connect to any of the sites to retrieve or send mail either and I KNOW my settings are right. Itís like itís blocked for some reason but I canít figure out where. I have enabled everything pertaining to mail in my firewall for both the computer and the router. I ran Hijackthis but I have no idea what I am doing with it so if you could take a look and tell me if you see naything, I would greatly appreciate it.
Attached File  hijackthis.log   13.17KB   2 downloads
I

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:25 PM

Posted 03 March 2012 - 03:42 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Anne Arp

Anne Arp
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Hampton Roads, Virginia
  • Local time:05:25 PM

Posted 03 March 2012 - 09:18 AM

No problems with either program.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Annicat 2 at 9:07:22 on 2012-03-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.914 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Roxio\5.0\CPMonitor.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\ZyXEL\N220\Common\RalinkRegistryWriter.exe
C:\Documents and Settings\Annicat 2\My Documents\TaskPlus\taskplus0.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\Program Files\Portrait Displays\Pivot Pro Plugin\floater.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\SpamPal\spampal.exe
C:\Documents and Settings\Annicat 2\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ZyXEL\N220\Common\N220.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\PROGRA~1\Webshots\315~1.761\Webshots.scr
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://apps.facebook.com/lexulous/?home
uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
mURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\annicat 2\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [CPMonitor] "c:\program files\roxio\5.0\CPMonitor.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [TaskPlus] c:\documents and settings\annicat 2\my documents\taskplus\taskplus0.exe
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [PivotSoftware] "c:\program files\portrait displays\pivot pro plugin\Pivot_startup.exe" -delay=10
mRun: [DT ACR] c:\program files\common files\portrait displays\shared\DT_startup.exe -ACR
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\annica~1\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\3.1.5.7619\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\belkin 802.11g wireless card configuration utility\utility.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spampal.lnk - c:\program files\spampal\spampal.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\taskpl~1.lnk - c:\documents and settings\annicat 2\my documents\taskplus\taskplus0.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\zyxel\n220\common\N220.exe
mPolicies-explorer: NoInternetIcon = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\icq7.6\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\spampal\spampalLSP.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264591699515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{75993EB3-FC13-4E3A-902B-0C8ED671A58D} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\annicat 2\application data\mozilla\firefox\profiles\q76cr2ao.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll
FF - plugin: c:\documents and settings\annicat 2\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2008-4-28 120832]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 295248]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165648]
R1 MpKsld55bf4d4;MpKsld55bf4d4;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{874bb210-0f58-49c6-81b5-fc61b4a57b1b}\MpKsld55bf4d4.sys [2012-3-3 29904]
R2 AGCoreService;AG Core Services;c:\program files\agi\core\4.2.0.10754\AGCoreService.exe [2011-12-5 20480]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-7-1 290832]
R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2011-12-15 113264]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\zyxel\n220\common\RalinkRegistryWriter.exe [2011-11-9 69632]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-5-15 206120]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-2-29 2886528]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-5-15 185640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\progra~1\belkin\belkin~1.11g\DNINDIS5.SYS [2011-8-23 17149]
R3 rt2870;%Generic.Service.DispName%;c:\windows\system32\drivers\rt2870.sys [2011-11-9 803328]
RUnknown MpKsl650b016a;MpKsl650b016a; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 CoachCap;Concord EyeQ Duo 2000 USB Video Capture V1.00;c:\windows\system32\drivers\coachcap.sys [2002-3-3 93068]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2009-6-10 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2009-6-10 166384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-9-13 1691480]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-5 39984]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-10 1124848]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-02-23 03:44:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-19 02:12:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-19 02:11:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-02 23:35:24 102248 ----a-w- c:\documents and settings\annicat 2\GoToAssistDownloadHelper.exe
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 9:08:12.21 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/8/2010 12:59:32 PM
System Uptime: 3/1/2012 10:07:34 PM (35 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | G31TM-P21 (MS-7529)
Processor: Intel Pentium III Xeon processor | CPU1 | 2599/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 193 GiB total, 156.407 GiB free.
D: is FIXED (NTFS) - 40 GiB total, 37.122 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek PCIe FE Family Controller
Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_75291462&REV_02\4&38D2602C&0&00E1
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek PCIe FE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_75291462&REV_02\4&38D2602C&0&00E1
Service: RTLE8023xp
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Belkin 802.11g Wireless Card
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_700A1799&REV_01\4&CF81C54&0&00F0
Manufacturer: Belkin Components
Name: Belkin 802.11g Wireless Card
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_700A1799&REV_01\4&CF81C54&0&00F0
Service: RT2500
.
==== System Restore Points ===================
.
RP565: 1/22/2012 12:27:50 AM - System Checkpoint
RP566: 1/22/2012 12:29:16 AM - Software Distribution Service 3.0
RP567: 1/22/2012 3:50:07 AM - Software Distribution Service 3.0
RP568: 1/23/2012 12:28:32 AM - Software Distribution Service 3.0
RP569: 1/23/2012 3:50:04 AM - Software Distribution Service 3.0
RP570: 1/24/2012 12:28:31 AM - Software Distribution Service 3.0
RP571: 1/24/2012 3:50:02 AM - Software Distribution Service 3.0
RP572: 1/25/2012 12:29:06 AM - Software Distribution Service 3.0
RP573: 1/25/2012 3:50:07 AM - Software Distribution Service 3.0
RP574: 1/25/2012 6:12:45 AM - Software Distribution Service 3.0
RP575: 1/26/2012 4:12:35 AM - Software Distribution Service 3.0
RP576: 1/26/2012 8:26:56 PM - Software Distribution Service 3.0
RP577: 1/27/2012 4:12:56 AM - Software Distribution Service 3.0
RP578: 1/28/2012 3:59:27 AM - Software Distribution Service 3.0
RP579: 1/28/2012 3:32:45 PM - Software Distribution Service 3.0
RP580: 1/29/2012 6:25:25 PM - System Checkpoint
RP581: 1/29/2012 11:12:52 PM - Software Distribution Service 3.0
RP582: 1/30/2012 4:24:00 AM - Software Distribution Service 3.0
RP583: 1/30/2012 11:14:21 PM - Software Distribution Service 3.0
RP584: 1/31/2012 11:21:26 PM - System Checkpoint
RP585: 2/1/2012 4:03:10 AM - Software Distribution Service 3.0
RP586: 2/1/2012 9:22:45 AM - Software Distribution Service 3.0
RP587: 2/2/2012 4:03:17 AM - Software Distribution Service 3.0
RP588: 2/2/2012 6:12:21 AM - Removed Ask Toolbar.
RP589: 2/3/2012 3:45:10 AM - Software Distribution Service 3.0
RP590: 2/4/2012 4:17:41 AM - Software Distribution Service 3.0
RP591: 2/4/2012 11:45:23 AM - Software Distribution Service 3.0
RP592: 2/5/2012 4:17:16 AM - Software Distribution Service 3.0
RP593: 2/5/2012 11:45:14 AM - Software Distribution Service 3.0
RP594: 2/6/2012 4:17:21 AM - Software Distribution Service 3.0
RP595: 2/7/2012 3:44:44 AM - Software Distribution Service 3.0
RP596: 2/7/2012 8:24:35 PM - Installed Concord EyeQ Duo 2000 Digital Camera
RP597: 2/8/2012 3:45:14 AM - Software Distribution Service 3.0
RP598: 2/9/2012 3:45:21 AM - Software Distribution Service 3.0
RP599: 2/10/2012 3:45:13 AM - Software Distribution Service 3.0
RP600: 2/11/2012 4:14:35 AM - System Checkpoint
RP601: 2/11/2012 5:46:04 PM - Removed HP Update
RP602: 2/11/2012 6:41:47 PM - Spybot-S&D Spyware removal
RP603: 2/12/2012 11:08:21 AM - Software Distribution Service 3.0
RP604: 2/13/2012 4:01:14 AM - Software Distribution Service 3.0
RP605: 2/13/2012 11:01:51 AM - Software Distribution Service 3.0
RP606: 2/14/2012 4:01:28 AM - Software Distribution Service 3.0
RP607: 2/14/2012 11:01:53 AM - Software Distribution Service 3.0
RP608: 2/14/2012 10:20:51 PM - Software Distribution Service 3.0
RP609: 2/15/2012 10:38:21 PM - System Checkpoint
RP610: 2/15/2012 10:40:47 PM - Software Distribution Service 3.0
RP611: 2/16/2012 3:43:46 AM - Software Distribution Service 3.0
RP612: 2/16/2012 6:14:12 AM - Software Distribution Service 3.0
RP613: 2/16/2012 10:40:50 PM - Software Distribution Service 3.0
RP614: 2/17/2012 3:43:15 AM - Software Distribution Service 3.0
RP615: 2/17/2012 10:41:05 PM - Software Distribution Service 3.0
RP616: 2/18/2012 9:10:53 PM - Removed Java™ 6 Update 23
RP617: 2/18/2012 9:11:49 PM - Installed Java™ 6 Update 31
RP618: 2/19/2012 4:05:17 AM - Software Distribution Service 3.0
RP619: 2/19/2012 3:22:19 PM - Software Distribution Service 3.0
RP620: 2/20/2012 4:04:52 AM - Software Distribution Service 3.0
RP621: 2/20/2012 3:23:59 PM - Software Distribution Service 3.0
RP622: 2/21/2012 4:04:54 AM - Software Distribution Service 3.0
RP623: 2/22/2012 3:59:55 AM - Software Distribution Service 3.0
RP624: 2/23/2012 4:04:48 AM - Software Distribution Service 3.0
RP625: 2/23/2012 10:45:30 PM - Software Distribution Service 3.0
RP626: 2/24/2012 4:03:23 AM - Software Distribution Service 3.0
RP627: 2/25/2012 3:46:12 AM - Software Distribution Service 3.0
RP628: 2/25/2012 11:54:04 AM - Software Distribution Service 3.0
RP629: 2/26/2012 3:42:17 AM - Software Distribution Service 3.0
RP630: 2/27/2012 4:12:18 AM - System Checkpoint
RP631: 2/27/2012 9:14:41 PM - Software Distribution Service 3.0
RP632: 2/28/2012 4:11:26 AM - Software Distribution Service 3.0
RP633: 2/29/2012 4:00:17 AM - Software Distribution Service 3.0
RP634: 2/29/2012 9:42:18 AM - Software Distribution Service 3.0
RP635: 3/1/2012 3:40:49 AM - Software Distribution Service 3.0
RP636: 3/1/2012 7:03:52 AM - Spybot-S&D Spyware removal
RP637: 3/1/2012 7:31:49 AM - Installed HiJackThis
RP638: 3/1/2012 7:18:36 PM - Installed Windows Media Player Firefox Plugin
RP639: 3/1/2012 8:03:01 PM - Installed Adobe Shockwave Player 11.6.
RP640: 3/2/2012 4:10:01 AM - Software Distribution Service 3.0
RP641: 3/2/2012 10:14:40 PM - Software Distribution Service 3.0
RP642: 3/3/2012 4:09:33 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
ĶTorrent
Acer eDisplay Management
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1
Adobe Shockwave Player 11.6
Adr_Book 5.8e
Anti-phishing Domain Advisor
AVG 2012
Babylon toolbar on IE
Belkin 802.11g Wireless Card
Brother MFL-Pro Suite
CCleaner
Concord EyeQ Duo 2000 Digital Camera
Concord EyeQ Duo 2000 Memory Browser TWAIN Driver V1.00
Corel PaintShop Pro X4
Critical Update for Windows Media Player 11 (KB959772)
DirectX 9 Runtime
Dolphin Futures XPS Viewer version 1.1.0
Easy Media Player 1.1.12
Facetheme
FlashPeak SlimBrowser
Google Chrome
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB971276-v3)
Hotfix for Windows XP (KB976098-v2)
I Want This
ICA
IconPackager 5
ICQ7.6
IHA_MessageCenter
Image Expert
Intel® Graphics Media Accelerator Driver
IPM_PSP_COM
IrfanView (remove only)
Java Auto Updater
Java™ 6 Update 23
Java™ 6 Update 31
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
PaperPort Image Printer
Pivot Pro Plugin
PSPPContent
PSPPHelp
QuickBooks
QuickBooks Premier: Contractor Edition 2009
Quicken 2010
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio CinePlayer
Roxio Creator XE
Roxio Express Labeler 3
Roxio File Backup
Roxio Update Manager
ScanSoft PaperPort 11
SCRABBLE
Scrabble v2.0
SDK
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Setup
Sonic CinePlayer Decoder Pack
SpamPal
Spybot - Search & Destroy
SupportSoft Assisted Service
swMSM
TeamViewer 7
Toolbar Cleaner 1.0
Tweak UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Download Manager
Verizon Toolbar
Visual Studio 2005 Tools for Office Second Edition Runtime
Vz In Home Agent
WeatherBug
WebFldrs XP
Webshots Desktop
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows PowerShell™ 1.0 MUI pack
Windows Search 4.0
WinRAR archiver
Wireless N-lite USB Adapter Utility
XPS Essentials Pack
XPS Essentials Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
2/28/2012 9:38:05 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AG Core Services service to connect.
2/28/2012 9:38:05 AM, error: Service Control Manager [7000] - The AG Core Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/27/2012 4:10:36 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.424.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/26/2012 9:09:28 PM, error: Service Control Manager [7023] - The Pml Driver HPZ12 service terminated with the following error: The specified module could not be found.
2/26/2012 9:09:28 PM, error: Service Control Manager [7023] - The Net Driver HPZ12 service terminated with the following error: The specified module could not be found.
2/26/2012 9:09:28 PM, error: Service Control Manager [7000] - The Concord EyeQ Duo 2000 USB Video Capture V1.00 service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================

Thank You!

#4 Anne Arp

Anne Arp
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Hampton Roads, Virginia
  • Local time:05:25 PM

Posted 03 March 2012 - 09:25 AM

I forgot to add, I can't receive email from any webmails in my Outlook, either. I have spent hours trying to configure gmail and 2 different company emails from webhostingpad and they will not work. It's as if those email services don't exist to my computer except that I CAN load gmail webmail and it will forward to Oulook through my ISP. All this stuff used to work.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:25 PM

Posted 03 March 2012 - 02:14 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Anne Arp

Anne Arp
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Hampton Roads, Virginia
  • Local time:05:25 PM

Posted 03 March 2012 - 08:44 PM

ComboFix 12-03-03.02 - Annicat 2 03/03/2012 19:54:54.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1142 [GMT -5:00]
Running from: c:\archives\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\Startup\taskplus0.exe.lnk
c:\documents and settings\Annicat 2\GoToAssistDownloadHelper.exe
c:\documents and settings\Edna Nagle\g2mdlhlpx.exe
c:\documents and settings\Edna Nagle\GoToAssistDownloadHelper.exe
c:\documents and settings\Edna Nagle\WINDOWS
c:\program files\Object
c:\program files\Object\bho_project.dll
c:\program files\Object\ChromeAddon.pem
c:\program files\Object\chromeaddon\._included.js
c:\program files\Object\chromeaddon\background.html
c:\program files\Object\chromeaddon\included.js
c:\program files\Object\chromeaddon\manifest.json
c:\program files\Object\config.ini
c:\program files\Object\facetheme\build.sh
c:\program files\Object\facetheme\chrome.manifest
c:\program files\Object\facetheme\config_build.sh
c:\program files\Object\facetheme\content\.DS_Store
c:\program files\Object\facetheme\content\firefoxOverlay.xul
c:\program files\Object\facetheme\content\installid.js
c:\program files\Object\facetheme\content\overlay.js
c:\program files\Object\facetheme\content\sudoku.js
c:\program files\Object\facetheme\defaults\.DS_Store
c:\program files\Object\facetheme\defaults\preferences\._sudoku.js
c:\program files\Object\facetheme\defaults\preferences\.DS_Store
c:\program files\Object\facetheme\defaults\preferences\sudoku.js
c:\program files\Object\facetheme\files
c:\program files\Object\facetheme\install.rdf
c:\program files\Object\facetheme\locale\.DS_Store
c:\program files\Object\facetheme\locale\en-US\.DS_Store
c:\program files\Object\facetheme\locale\en-US\sudoku.dtd
c:\program files\Object\facetheme\locale\en-US\sudoku.properties
c:\program files\Object\facetheme\readme.txt
c:\program files\Object\facetheme\skin\overlay.css
c:\program files\Object\facetheme_uninstall.exe
c:\program files\Object\status.txt
c:\program files\Object\status2.txt
c:\windows\system32\drivers\etc\hosts.ics
D:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-02-04 to 2012-03-04 )))))))))))))))))))))))))))))))
.
.
2012-03-04 00:27 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D729CD5-437F-49F2-8F74-20B0156D42C7}\mpengine.dll
2012-03-03 23:51 . 2012-03-03 23:51 -------- d-----w- c:\documents and settings\Annicat 2\Application Data\Malwarebytes
2012-03-03 15:19 . 2012-03-03 15:20 -------- d-----w- c:\documents and settings\Annicat 2\Application Data\vlc
2012-03-02 00:53 . 2012-03-02 00:55 -------- d-----w- c:\windows\system32\Adobe
2012-03-01 23:51 . 2012-03-01 23:52 -------- d-----w- c:\program files\Easy Media Player
2012-03-01 23:37 . 2012-03-01 23:46 474 ----a-w- C:\user.js
2012-03-01 23:37 . 2012-03-01 23:37 -------- d-----w- c:\program files\BabylonToolbar
2012-03-01 23:37 . 2012-03-02 01:14 -------- d-----w- c:\documents and settings\Annicat 2\Local Settings\Application Data\Google
2012-03-01 23:37 . 2012-03-01 23:37 -------- d-----w- c:\documents and settings\Annicat 2\Local Settings\Application Data\I Want This
2012-03-01 23:37 . 2012-03-01 23:38 -------- d-----w- c:\program files\I Want This
2012-03-01 23:37 . 2012-03-01 23:37 -------- d-----w- c:\documents and settings\Annicat 2\Local Settings\Application Data\Babylon
2012-03-01 23:37 . 2012-03-01 23:37 -------- d-----w- c:\documents and settings\Annicat 2\Application Data\Babylon
2012-03-01 23:37 . 2012-03-01 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2012-03-01 12:31 . 2012-03-01 12:31 388096 ----a-r- c:\documents and settings\Annicat 2\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-01 12:31 . 2012-03-01 12:31 -------- d-----w- c:\program files\Trend Micro
2012-02-29 21:28 . 2012-02-29 21:31 -------- d-----w- c:\documents and settings\Annicat 2\Application Data\TeamViewer
2012-02-29 21:28 . 2012-02-29 21:28 -------- d-----w- c:\program files\TeamViewer
2012-02-19 02:30 . 2012-02-19 02:30 -------- d-----w- c:\program files\Common Files\Java
2012-02-15 11:23 . 2012-03-04 00:05 -------- d-----w- c:\documents and settings\Annicat 2\Application Data\SpamPal
2012-02-14 23:57 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 23:57 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-08 01:25 . 2008-04-14 10:42 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2012-02-08 01:25 . 2008-04-14 10:42 61952 ----a-w- c:\windows\system32\kstvtune.ax
2012-02-08 01:25 . 2008-04-14 10:42 28672 ----a-w- c:\windows\system32\vidcap.ax
2012-02-08 01:25 . 2008-04-14 10:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2012-02-08 01:25 . 2008-04-14 10:42 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2012-02-08 01:25 . 2008-04-14 10:42 43008 ----a-w- c:\windows\system32\ksxbar.ax
2012-02-08 01:25 . 2008-04-14 10:42 20992 ----a-w- c:\windows\system32\dshowext.ax
2012-02-08 01:25 . 2012-02-08 01:25 -------- d-----w- c:\program files\Concord Digital Camera
2012-02-08 00:37 . 2012-02-08 00:37 -------- d-----w- c:\documents and settings\Annicat 2\Application Data\ScanSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 03:44 . 2011-07-05 22:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-19 02:12 . 2011-06-27 10:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-19 02:11 . 2011-06-27 10:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-08 06:03 . 2010-12-08 18:05 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2010-09-13 13:47 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 16:53 . 2008-04-26 00:05 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2008-04-26 00:05 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-26 00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-04-26 00:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-04-26 00:05 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24 . 2011-06-06 03:40 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-29 06:53 . 2012-01-22 00:51 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-07 297808]
.
[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-04-29 1652736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-04 18789408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"CPMonitor"="c:\program files\Roxio\5.0\CPMonitor.exe" [2009-07-24 84464]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-02-18 232104]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-15 1532760]
"TaskPlus"="c:\documents and settings\Annicat 2\My Documents\TaskPlus\taskplus0.exe" [2005-04-08 5117440]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-05-16 206120]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192]
"DT ACR"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2011-05-26 121456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Annicat 2\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\3.1.5.7619\Launcher.exe [2011-12-5 157088]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin 802.11g Wireless Card Utility.lnk - c:\program files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe [2011-8-23 630872]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-22 984936]
SpamPal.lnk - c:\program files\SpamPal\spampal.exe [2006-4-24 507904]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [N/A]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
Wireless N-lite USB Adapter Utility.lnk - c:\program files\ZyXEL\N220\Common\N220.exe [2011-11-9 1990656]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Edna Nagle^Start Menu^Programs^Startup^Impulse Now.lnk]
path=c:\documents and settings\Edna Nagle\Start Menu\Programs\Startup\Impulse Now.lnk
backup=c:\windows\pss\Impulse Now.lnkStartup
.
[HKLM\~\startupfolder\C:^DOCUME~1^EDNANA~1^Start Menu^Programs^Startup^Camio Viewer.lnk]
path=c:\docume~1\EDNANA~1\Start Menu\Programs\Startup\Camio Viewer.lnk
backup=c:\windows\pss\Camio Viewer.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 01:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-06-10 08:40 244208 ----a-w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-06-06 05:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Atari-Infogrames\\Scrabble v2.0\\Scrabble v2.0.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\Brother\\Brmfl07a\\FAXRX.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:Windows Remote Management
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"50000:UDP"= 50000:UDP:IHA_MessageCenter
"54925:UDP"= 54925:UDP:Brother Network Scanner
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [4/28/2008 1:05 PM 120832]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 7:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 3:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 5:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/4/2011 11:59 PM 295248]
R1 MpKsld55bf4d4;MpKsld55bf4d4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{874BB210-0F58-49C6-81B5-FC61B4A57B1B}\MpKsld55bf4d4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{874BB210-0F58-49C6-81B5-FC61B4A57B1B}\MpKsld55bf4d4.sys [?]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [7/1/2011 2:01 PM 290832]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [12/15/2011 8:20 PM 113264]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [5/15/2011 11:36 PM 206120]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2/29/2012 4:28 PM 2886528]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [5/15/2011 11:36 PM 185640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 8:28 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 6:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 6:53 AM 16720]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [8/23/2011 8:54 PM 17149]
S2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2.0.10754\AGCoreService.exe [12/5/2011 5:47 AM 20480]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 CoachCap;Concord EyeQ Duo 2000 USB Video Capture V1.00;c:\windows\system32\drivers\coachcap.sys [3/3/2002 12:26 PM 93068]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [6/10/2009 3:41 AM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [6/10/2009 3:41 AM 166384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/13/2010 8:43 AM 1691480]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [6/10/2009 3:40 AM 1124848]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 7:05 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-26 c:\windows\Tasks\dfrg.job
- c:\windows\system32\dfrg.msc [2008-04-26 13:00]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-421920824-3191045640-934741355-1011Core.job
- c:\documents and settings\Annicat 2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-02 01:14]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-421920824-3191045640-934741355-1011UA.job
- c:\documents and settings\Annicat 2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-02 01:14]
.
2012-03-04 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2012-03-03 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-08-19 19:31]
.
2012-03-03 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2011-08-19 19:31]
.
2012-03-04 c:\windows\Tasks\User_Feed_Synchronization-{860C5691-4539-4EB3-BA83-DD7AEE309051}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://apps.facebook.com/lexulous/?home
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
LSP: c:\program files\SpamPal\spampalLSP.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Annicat 2\Application Data\Mozilla\Firefox\Profiles\q76cr2ao.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-WBSrv - c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
AddRemove-Birth of the Federation version 1.0.2 - c:\botf\Uninst.isu
AddRemove-facetheme - c:\program files\Object\facetheme_uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-03 20:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-421920824-3191045640-934741355-1011\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1008)
c:\program files\SpamPal\spampalLSP.dll
.
Completion time: 2012-03-03 20:03:38
ComboFix-quarantined-files.txt 2012-03-04 01:03
.
Pre-Run: 167,943,045,120 bytes free
Post-Run: 168,186,728,448 bytes free
.
- - End Of File - - A9CA486B7C2C45B447A2AA77A63FAA89



Combofix ran and rebooted the computer and did not restart itself. there was no log file. Once I determined that it apparently didn't finish, I re-ran the program and this is the log I got. I still cannot load webmail. I ran malware bytes after all this and got this log.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.04.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Annicat 2 :: ANNICAT2 [administrator]

3/3/2012 8:10:02 PM
mbam-log-2012-03-03 (20-10-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241795
Time elapsed: 13 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



The following is the error I get when I try to load webmail. It is the only site I get this error. I can load this site at work so it is not the site. I am beginning to wonder if it is something in my router that is blocking it but it used to load just fine and I have no idea what could have changed in the router? It is so frustrating not to be able to check my work email except by remote connection. It will load if I remote into the work computer and use the browser there remotely. I have 4 browsers on this machine and it won't load in any of them. I feel like I am beating my head on a brick wall!

The connection has timed out.

The server at server205.webhostingpad.com is taking too long to respond.

The site could be temporarily unavailable or too busy. Try again in a few
moments.
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:25 PM

Posted 03 March 2012 - 08:54 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Anne Arp

Anne Arp
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Hampton Roads, Virginia
  • Local time:05:25 PM

Posted 03 March 2012 - 09:43 PM

21:28:39.0625 0520 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
21:28:40.0015 0520 ============================================================
21:28:40.0015 0520 Current date / time: 2012/03/03 21:28:40.0015
21:28:40.0015 0520 SystemInfo:
21:28:40.0015 0520
21:28:40.0015 0520 OS Version: 5.1.2600 ServicePack: 3.0
21:28:40.0015 0520 Product type: Workstation
21:28:40.0015 0520 ComputerName: ANNICAT2
21:28:40.0015 0520 UserName: Annicat 2
21:28:40.0015 0520 Windows directory: C:\WINDOWS
21:28:40.0015 0520 System windows directory: C:\WINDOWS
21:28:40.0015 0520 Processor architecture: Intel x86
21:28:40.0015 0520 Number of processors: 2
21:28:40.0015 0520 Page size: 0x1000
21:28:40.0015 0520 Boot type: Normal boot
21:28:40.0015 0520 ============================================================
21:28:42.0265 0520 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:28:42.0500 0520 \Device\Harddisk0\DR0:
21:28:42.0718 0520 MBR used
21:28:42.0718 0520 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1000, BlocksNum 0x4FFF800
21:28:42.0718 0520 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x5000800, BlocksNum 0x181C4800
21:28:42.0843 0520 Initialize success
21:28:42.0843 0520 ============================================================
21:28:57.0171 1332 ============================================================
21:28:57.0171 1332 Scan started
21:28:57.0171 1332 Mode: Manual;
21:28:57.0171 1332 ============================================================
21:28:57.0515 1332 Abiosdsk - ok
21:28:57.0562 1332 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:28:57.0578 1332 abp480n5 - ok
21:28:57.0609 1332 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:28:57.0609 1332 ACPI - ok
21:28:57.0625 1332 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:28:57.0625 1332 ACPIEC - ok
21:28:57.0640 1332 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:28:57.0640 1332 adpu160m - ok
21:28:57.0671 1332 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:28:57.0671 1332 aec - ok
21:28:57.0718 1332 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:28:57.0718 1332 AegisP - ok
21:28:57.0765 1332 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:28:57.0765 1332 AFD - ok
21:28:57.0812 1332 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:28:57.0812 1332 agp440 - ok
21:28:57.0828 1332 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:28:57.0828 1332 agpCPQ - ok
21:28:57.0828 1332 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:28:57.0843 1332 Aha154x - ok
21:28:57.0859 1332 ahcix86 (18876330870fe64bf38dd5e3bfac110b) C:\WINDOWS\system32\DRIVERS\ahcix86.sys
21:28:57.0875 1332 ahcix86 - ok
21:28:57.0875 1332 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:28:57.0875 1332 aic78u2 - ok
21:28:57.0890 1332 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:28:57.0890 1332 aic78xx - ok
21:28:57.0906 1332 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:28:57.0906 1332 AliIde - ok
21:28:57.0906 1332 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:28:57.0906 1332 alim1541 - ok
21:28:57.0968 1332 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
21:28:58.0015 1332 Ambfilt - ok
21:28:58.0062 1332 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:28:58.0062 1332 amdagp - ok
21:28:58.0062 1332 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:28:58.0062 1332 amsint - ok
21:28:58.0109 1332 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
21:28:58.0109 1332 AN983 - ok
21:28:58.0156 1332 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:28:58.0171 1332 asc - ok
21:28:58.0171 1332 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:28:58.0171 1332 asc3350p - ok
21:28:58.0187 1332 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:28:58.0187 1332 asc3550 - ok
21:28:58.0218 1332 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:28:58.0218 1332 AsyncMac - ok
21:28:58.0250 1332 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:28:58.0250 1332 atapi - ok
21:28:58.0265 1332 Atdisk - ok
21:28:58.0281 1332 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:28:58.0281 1332 Atmarpc - ok
21:28:58.0312 1332 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:28:58.0312 1332 audstub - ok
21:28:58.0375 1332 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
21:28:58.0390 1332 AVGIDSDriver - ok
21:28:58.0437 1332 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
21:28:58.0437 1332 AVGIDSEH - ok
21:28:58.0468 1332 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
21:28:58.0468 1332 AVGIDSFilter - ok
21:28:58.0546 1332 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
21:28:58.0578 1332 AVGIDSShim - ok
21:28:58.0593 1332 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
21:28:58.0593 1332 Avgldx86 - ok
21:28:58.0625 1332 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
21:28:58.0640 1332 Avgmfx86 - ok
21:28:58.0656 1332 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
21:28:58.0671 1332 Avgrkx86 - ok
21:28:58.0687 1332 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
21:28:58.0687 1332 Avgtdix - ok
21:28:58.0718 1332 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:28:58.0734 1332 Beep - ok
21:28:58.0765 1332 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
21:28:58.0765 1332 BrScnUsb - ok
21:28:58.0781 1332 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys
21:28:58.0781 1332 BrSerIf - ok
21:28:58.0812 1332 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
21:28:58.0812 1332 BrUsbSer - ok
21:28:58.0921 1332 catchme - ok
21:28:59.0062 1332 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:28:59.0062 1332 cbidf - ok
21:28:59.0078 1332 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:28:59.0078 1332 cbidf2k - ok
21:28:59.0078 1332 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:28:59.0093 1332 cd20xrnt - ok
21:28:59.0125 1332 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:28:59.0125 1332 Cdaudio - ok
21:28:59.0140 1332 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:28:59.0140 1332 Cdfs - ok
21:28:59.0187 1332 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:28:59.0187 1332 Cdrom - ok
21:28:59.0203 1332 Changer - ok
21:28:59.0218 1332 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:28:59.0218 1332 CmdIde - ok
21:28:59.0265 1332 CoachCap (34444d12a5b66637f66de06efb8e3f57) C:\WINDOWS\system32\drivers\CoachCap.sys
21:28:59.0265 1332 CoachCap - ok
21:28:59.0281 1332 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:28:59.0281 1332 Cpqarray - ok
21:28:59.0312 1332 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:28:59.0328 1332 dac2w2k - ok
21:28:59.0328 1332 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:28:59.0328 1332 dac960nt - ok
21:28:59.0359 1332 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:28:59.0359 1332 Disk - ok
21:28:59.0390 1332 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:28:59.0390 1332 dmboot - ok
21:28:59.0406 1332 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:28:59.0406 1332 dmio - ok
21:28:59.0421 1332 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:28:59.0421 1332 dmload - ok
21:28:59.0453 1332 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:28:59.0468 1332 DMusic - ok
21:28:59.0546 1332 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS
21:28:59.0562 1332 DNINDIS5 - ok
21:28:59.0578 1332 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:28:59.0578 1332 dpti2o - ok
21:28:59.0593 1332 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:28:59.0593 1332 drmkaud - ok
21:28:59.0640 1332 e1express (12774e08ae0b9b418e55e7338ad8b0dc) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
21:28:59.0640 1332 e1express - ok
21:28:59.0671 1332 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:28:59.0671 1332 Fastfat - ok
21:28:59.0718 1332 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:28:59.0718 1332 Fdc - ok
21:28:59.0734 1332 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:28:59.0734 1332 Fips - ok
21:28:59.0750 1332 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:28:59.0750 1332 Flpydisk - ok
21:28:59.0765 1332 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:28:59.0765 1332 FltMgr - ok
21:28:59.0781 1332 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:28:59.0781 1332 Fs_Rec - ok
21:28:59.0796 1332 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:28:59.0796 1332 Ftdisk - ok
21:28:59.0843 1332 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:28:59.0843 1332 Gpc - ok
21:28:59.0890 1332 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:28:59.0890 1332 HDAudBus - ok
21:28:59.0906 1332 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:28:59.0906 1332 HidUsb - ok
21:28:59.0937 1332 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:28:59.0953 1332 hpn - ok
21:28:59.0968 1332 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:28:59.0984 1332 HPZid412 - ok
21:28:59.0984 1332 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:28:59.0984 1332 HPZipr12 - ok
21:29:00.0000 1332 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:29:00.0000 1332 HPZius12 - ok
21:29:00.0031 1332 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:29:00.0046 1332 HTTP - ok
21:29:00.0078 1332 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:29:00.0078 1332 i2omgmt - ok
21:29:00.0109 1332 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:29:00.0109 1332 i2omp - ok
21:29:00.0156 1332 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:29:00.0156 1332 i8042prt - ok
21:29:00.0281 1332 ialm (3b743262b6456167888d15f1121b3bf7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:29:00.0390 1332 ialm - ok
21:29:00.0562 1332 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:29:00.0578 1332 iaStor - ok
21:29:00.0625 1332 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:29:00.0625 1332 Imapi - ok
21:29:00.0656 1332 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:29:00.0656 1332 ini910u - ok
21:29:00.0812 1332 IntcAzAudAddService (d934b46d095285d8e3ee21f739bb4ad0) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:29:00.0937 1332 IntcAzAudAddService - ok
21:29:00.0953 1332 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:29:00.0953 1332 IntelIde - ok
21:29:00.0968 1332 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:29:00.0968 1332 intelppm - ok
21:29:01.0000 1332 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:29:01.0000 1332 Ip6Fw - ok
21:29:01.0015 1332 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:29:01.0015 1332 IpFilterDriver - ok
21:29:01.0015 1332 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:29:01.0015 1332 IpInIp - ok
21:29:01.0046 1332 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:29:01.0062 1332 IpNat - ok
21:29:01.0062 1332 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:29:01.0078 1332 IPSec - ok
21:29:01.0078 1332 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:29:01.0078 1332 IRENUM - ok
21:29:01.0140 1332 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:29:01.0140 1332 isapnp - ok
21:29:01.0187 1332 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:29:01.0187 1332 Kbdclass - ok
21:29:01.0218 1332 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:29:01.0218 1332 kbdhid - ok
21:29:01.0265 1332 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:29:01.0265 1332 kmixer - ok
21:29:01.0296 1332 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:29:01.0296 1332 KSecDD - ok
21:29:01.0312 1332 lbrtfdc - ok
21:29:01.0343 1332 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
21:29:01.0343 1332 MDC8021X - ok
21:29:01.0390 1332 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:29:01.0390 1332 mnmdd - ok
21:29:01.0421 1332 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:29:01.0421 1332 Modem - ok
21:29:01.0468 1332 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
21:29:01.0484 1332 Monfilt - ok
21:29:01.0531 1332 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:29:01.0531 1332 Mouclass - ok
21:29:01.0562 1332 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:29:01.0562 1332 mouhid - ok
21:29:01.0593 1332 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:29:01.0593 1332 MountMgr - ok
21:29:01.0625 1332 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:29:01.0625 1332 MpFilter - ok
21:29:01.0781 1332 MpKsl1a10f1e9 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A42A0336-BFEA-4EE5-ADA9-2FAD6AFC2A59}\MpKsl1a10f1e9.sys
21:29:01.0781 1332 MpKsl1a10f1e9 - ok
21:29:01.0906 1332 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:29:01.0906 1332 mraid35x - ok
21:29:01.0937 1332 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:29:01.0937 1332 MRxDAV - ok
21:29:01.0984 1332 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:29:01.0984 1332 MRxSmb - ok
21:29:02.0171 1332 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:29:02.0171 1332 Msfs - ok
21:29:02.0218 1332 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:29:02.0218 1332 MSKSSRV - ok
21:29:02.0250 1332 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:29:02.0250 1332 MSPCLOCK - ok
21:29:02.0265 1332 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:29:02.0265 1332 MSPQM - ok
21:29:02.0296 1332 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:29:02.0296 1332 mssmbios - ok
21:29:02.0343 1332 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:29:02.0359 1332 Mup - ok
21:29:02.0359 1332 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:29:02.0375 1332 NDIS - ok
21:29:02.0421 1332 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:29:02.0421 1332 NdisTapi - ok
21:29:02.0468 1332 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:29:02.0468 1332 Ndisuio - ok
21:29:02.0500 1332 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:29:02.0500 1332 NdisWan - ok
21:29:02.0531 1332 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:29:02.0531 1332 NDProxy - ok
21:29:02.0546 1332 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:29:02.0546 1332 NetBIOS - ok
21:29:02.0562 1332 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:29:02.0562 1332 NetBT - ok
21:29:02.0578 1332 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:29:02.0593 1332 Npfs - ok
21:29:02.0609 1332 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:29:02.0625 1332 Ntfs - ok
21:29:02.0640 1332 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:29:02.0640 1332 Null - ok
21:29:02.0656 1332 nvgts (1f790624ab1619cae0c78597bd33615b) C:\WINDOWS\system32\DRIVERS\nvgts.sys
21:29:02.0656 1332 nvgts - ok
21:29:02.0656 1332 nvrd32 (3802044ad8385654c620488da8c9f0d9) C:\WINDOWS\system32\DRIVERS\nvrd32.sys
21:29:02.0656 1332 nvrd32 - ok
21:29:02.0671 1332 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:29:02.0671 1332 NwlnkFlt - ok
21:29:02.0687 1332 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:29:02.0687 1332 NwlnkFwd - ok
21:29:02.0734 1332 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:29:02.0734 1332 Parport - ok
21:29:02.0750 1332 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:29:02.0750 1332 PartMgr - ok
21:29:02.0750 1332 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:29:02.0765 1332 ParVdm - ok
21:29:02.0796 1332 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:29:02.0796 1332 PCI - ok
21:29:02.0796 1332 PCIDump - ok
21:29:02.0812 1332 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:29:02.0812 1332 PCIIde - ok
21:29:02.0828 1332 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:29:02.0843 1332 Pcmcia - ok
21:29:02.0843 1332 PDCOMP - ok
21:29:02.0859 1332 PDFRAME - ok
21:29:02.0890 1332 PdiPorts (22a6feab4800f16c4d3580f5c5fd8c8c) C:\WINDOWS\system32\Drivers\PdiPorts.sys
21:29:02.0890 1332 PdiPorts - ok
21:29:02.0890 1332 PDRELI - ok
21:29:02.0906 1332 PDRFRAME - ok
21:29:02.0937 1332 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:29:02.0953 1332 perc2 - ok
21:29:02.0953 1332 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:29:02.0953 1332 perc2hib - ok
21:29:03.0000 1332 Pivot (ec4f52692b5cf116ca6b0428d84a9aba) C:\WINDOWS\system32\drivers\pivot.sys
21:29:03.0000 1332 Pivot - ok
21:29:03.0000 1332 pivotmou (7d72ac1abda06ff42fd57345d0d75523) C:\WINDOWS\System32\drivers\pivotmou.sys
21:29:03.0000 1332 pivotmou - ok
21:29:03.0046 1332 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:29:03.0046 1332 PptpMiniport - ok
21:29:03.0078 1332 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:29:03.0078 1332 Processor - ok
21:29:03.0093 1332 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:29:03.0093 1332 PSched - ok
21:29:03.0109 1332 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:29:03.0109 1332 Ptilink - ok
21:29:03.0156 1332 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:29:03.0156 1332 PxHelp20 - ok
21:29:03.0171 1332 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:29:03.0171 1332 ql1080 - ok
21:29:03.0171 1332 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:29:03.0171 1332 Ql10wnt - ok
21:29:03.0187 1332 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:29:03.0187 1332 ql12160 - ok
21:29:03.0203 1332 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:29:03.0203 1332 ql1240 - ok
21:29:03.0203 1332 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:29:03.0203 1332 ql1280 - ok
21:29:03.0218 1332 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:29:03.0218 1332 RasAcd - ok
21:29:03.0234 1332 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:29:03.0234 1332 Rasl2tp - ok
21:29:03.0234 1332 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:29:03.0250 1332 RasPppoe - ok
21:29:03.0250 1332 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:29:03.0250 1332 Raspti - ok
21:29:03.0265 1332 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:29:03.0265 1332 Rdbss - ok
21:29:03.0281 1332 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:29:03.0281 1332 RDPCDD - ok
21:29:03.0296 1332 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:29:03.0296 1332 rdpdr - ok
21:29:03.0343 1332 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:29:03.0343 1332 RDPWD - ok
21:29:03.0390 1332 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:29:03.0390 1332 redbook - ok
21:29:03.0421 1332 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
21:29:03.0421 1332 ROOTMODEM - ok
21:29:03.0531 1332 RT2500 (e67493848b31f7f9123b6bbf6b2ad1b2) C:\WINDOWS\system32\DRIVERS\RT2500.sys
21:29:03.0593 1332 RT2500 - ok
21:29:03.0750 1332 rt2870 (1ad20f7b8b608d36983305b283a8c31c) C:\WINDOWS\system32\DRIVERS\rt2870.sys
21:29:03.0765 1332 rt2870 - ok
21:29:03.0812 1332 RTLE8023xp (e47c52f0380f0950e2bc9f1bcdc0de9b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:29:03.0812 1332 RTLE8023xp - ok
21:29:03.0828 1332 RxFilter (c9fcf83e0638bc2f21f5b6de9b22d07d) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
21:29:03.0828 1332 RxFilter - ok
21:29:03.0875 1332 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:29:03.0875 1332 Secdrv - ok
21:29:03.0906 1332 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:29:03.0906 1332 serenum - ok
21:29:03.0921 1332 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:29:03.0921 1332 Serial - ok
21:29:03.0968 1332 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:29:03.0968 1332 Sfloppy - ok
21:29:03.0984 1332 Simbad - ok
21:29:04.0031 1332 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:29:04.0031 1332 sisagp - ok
21:29:04.0046 1332 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:29:04.0046 1332 Sparrow - ok
21:29:04.0093 1332 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:29:04.0093 1332 splitter - ok
21:29:04.0125 1332 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:29:04.0125 1332 sr - ok
21:29:04.0140 1332 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:29:04.0140 1332 Srv - ok
21:29:04.0171 1332 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
21:29:04.0187 1332 StillCam - ok
21:29:04.0250 1332 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:29:04.0250 1332 swenum - ok
21:29:04.0296 1332 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:29:04.0296 1332 swmidi - ok
21:29:04.0312 1332 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:29:04.0312 1332 symc810 - ok
21:29:04.0328 1332 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:29:04.0328 1332 symc8xx - ok
21:29:04.0328 1332 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:29:04.0328 1332 sym_hi - ok
21:29:04.0343 1332 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:29:04.0343 1332 sym_u3 - ok
21:29:04.0375 1332 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:29:04.0390 1332 sysaudio - ok
21:29:04.0421 1332 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:29:04.0421 1332 Tcpip - ok
21:29:04.0453 1332 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:29:04.0453 1332 TDPIPE - ok
21:29:04.0453 1332 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:29:04.0468 1332 TDTCP - ok
21:29:04.0500 1332 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:29:04.0500 1332 TermDD - ok
21:29:04.0515 1332 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:29:04.0515 1332 TosIde - ok
21:29:04.0562 1332 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:29:04.0562 1332 Udfs - ok
21:29:04.0578 1332 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:29:04.0578 1332 ultra - ok
21:29:04.0593 1332 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:29:04.0593 1332 Update - ok
21:29:04.0625 1332 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:29:04.0625 1332 usbccgp - ok
21:29:04.0656 1332 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:29:04.0656 1332 usbehci - ok
21:29:04.0671 1332 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:29:04.0671 1332 usbhub - ok
21:29:04.0687 1332 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:29:04.0687 1332 usbohci - ok
21:29:04.0718 1332 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:29:04.0734 1332 usbprint - ok
21:29:04.0750 1332 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:29:04.0765 1332 usbscan - ok
21:29:04.0781 1332 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:29:04.0781 1332 USBSTOR - ok
21:29:04.0828 1332 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:29:04.0828 1332 usbuhci - ok
21:29:04.0859 1332 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:29:04.0859 1332 VgaSave - ok
21:29:04.0875 1332 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:29:04.0875 1332 viaagp - ok
21:29:04.0875 1332 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:29:04.0890 1332 ViaIde - ok
21:29:04.0890 1332 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:29:04.0890 1332 VolSnap - ok
21:29:04.0906 1332 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:29:04.0906 1332 Wanarp - ok
21:29:04.0921 1332 WDICA - ok
21:29:04.0968 1332 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:29:04.0968 1332 wdmaud - ok
21:29:05.0015 1332 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:29:05.0015 1332 WmiAcpi - ok
21:29:05.0031 1332 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:29:05.0031 1332 WS2IFSL - ok
21:29:05.0062 1332 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:29:05.0062 1332 WudfPf - ok
21:29:05.0078 1332 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:29:05.0078 1332 WudfRd - ok
21:29:05.0109 1332 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:29:05.0171 1332 \Device\Harddisk0\DR0 - ok
21:29:05.0187 1332 Boot (0x1200) (b04dcbd5cafe019610f0bf035d334a89) \Device\Harddisk0\DR0\Partition0
21:29:05.0187 1332 \Device\Harddisk0\DR0\Partition0 - ok
21:29:05.0187 1332 Boot (0x1200) (b8b6087691e84027b5e6e909f3804744) \Device\Harddisk0\DR0\Partition1
21:29:05.0187 1332 \Device\Harddisk0\DR0\Partition1 - ok
21:29:05.0187 1332 ============================================================
21:29:05.0187 1332 Scan finished
21:29:05.0187 1332 ============================================================
21:29:05.0203 2540 Detected object count: 0
21:29:05.0203 2540 Actual detected object count: 0
21:29:16.0921 2120 Deinitialize success


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-03 21:29:25
-----------------------------
21:29:25.546 OS Version: Windows 5.1.2600 Service Pack 3
21:29:25.546 Number of processors: 2 586 0x170A
21:29:25.546 ComputerName: ANNICAT2 UserName:
21:29:25.984 Initialize success
21:36:34.703 AVAST engine defs: 12030301
21:38:49.765 The log file has been saved successfully to "C:\Documents and Settings\Annicat 2\My Documents\aswMBR.txt"

#9 Anne Arp

Anne Arp
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Hampton Roads, Virginia
  • Local time:05:25 PM

Posted 03 March 2012 - 09:47 PM

OOps...I don't think I did that 2nd program right..am rerunning it now.

Edited by Anne Arp, 03 March 2012 - 11:05 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:25 PM

Posted 03 March 2012 - 10:01 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Anne Arp

Anne Arp
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Hampton Roads, Virginia
  • Local time:05:25 PM

Posted 03 March 2012 - 10:58 PM

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-03 22:06:58
-----------------------------
22:06:58.281 OS Version: Windows 5.1.2600 Service Pack 3
22:06:58.281 Number of processors: 2 586 0x170A
22:06:58.281 ComputerName: ANNICAT2 UserName:
22:06:59.468 Initialize success
22:07:08.328 AVAST engine defs: 12030301
22:07:15.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
22:07:15.937 Disk 0 Vendor: WDC_WD2500AAJS-00YZCA0 01.03B01 Size: 238475MB BusType: 3
22:07:15.984 Disk 0 MBR read successfully
22:07:15.984 Disk 0 MBR scan
22:07:16.015 Disk 0 Windows VISTA default MBR code
22:07:16.015 Disk 0 Partition - 00 0F Extended LBA 40960 MB offset 2048
22:07:16.046 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 197513 MB offset 83888128
22:07:16.078 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 40959 MB offset 4096
22:07:16.109 Disk 0 scanning sectors +488394752
22:07:16.281 Disk 0 scanning C:\WINDOWS\system32\drivers
22:07:39.812 Service scanning
22:07:52.906 Service MpKsl1a10f1e9 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A42A0336-BFEA-4EE5-ADA9-2FAD6AFC2A59}\MpKsl1a10f1e9.sys **LOCKED** 32
22:08:10.640 Modules scanning
22:08:36.687 Disk 0 trace - called modules:
22:08:36.718 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:08:36.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5d7030]
22:08:36.718 3 CLASSPNP.SYS[f7617fd7] -> nt!IofCallDriver -> \Device\000000a1[0x8a5caf18]
22:08:36.718 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8a5c9d98]
22:08:37.515 AVAST engine scan C:\WINDOWS
22:09:07.843 AVAST engine scan C:\WINDOWS\system32
22:16:26.078 AVAST engine scan C:\WINDOWS\system32\drivers
22:17:18.828 AVAST engine scan C:\Documents and Settings\Annicat 2
22:41:28.484 AVAST engine scan C:\Documents and Settings\All Users
22:50:09.062 Scan finished successfully
22:57:18.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Annicat 2\My Documents\MBR.dat"
22:57:18.140 The log file has been saved successfully to "C:\Documents and Settings\Annicat 2\My Documents\aswMBR.txt"

Edited by Anne Arp, 03 March 2012 - 11:02 PM.


#12 Anne Arp

Anne Arp
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Hampton Roads, Virginia
  • Local time:05:25 PM

Posted 03 March 2012 - 11:03 PM

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-03 22:06:58
-----------------------------
22:06:58.281 OS Version: Windows 5.1.2600 Service Pack 3
22:06:58.281 Number of processors: 2 586 0x170A
22:06:58.281 ComputerName: ANNICAT2 UserName:
22:06:59.468 Initialize success
22:07:08.328 AVAST engine defs: 12030301
22:07:15.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
22:07:15.937 Disk 0 Vendor: WDC_WD2500AAJS-00YZCA0 01.03B01 Size: 238475MB BusType: 3
22:07:15.984 Disk 0 MBR read successfully
22:07:15.984 Disk 0 MBR scan
22:07:16.015 Disk 0 Windows VISTA default MBR code
22:07:16.015 Disk 0 Partition - 00 0F Extended LBA 40960 MB offset 2048
22:07:16.046 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 197513 MB offset 83888128
22:07:16.078 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 40959 MB offset 4096
22:07:16.109 Disk 0 scanning sectors +488394752
22:07:16.281 Disk 0 scanning C:\WINDOWS\system32\drivers
22:07:39.812 Service scanning
22:07:52.906 Service MpKsl1a10f1e9 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A42A0336-BFEA-4EE5-ADA9-2FAD6AFC2A59}\MpKsl1a10f1e9.sys **LOCKED** 32
22:08:10.640 Modules scanning
22:08:36.687 Disk 0 trace - called modules:
22:08:36.718 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:08:36.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5d7030]
22:08:36.718 3 CLASSPNP.SYS[f7617fd7] -> nt!IofCallDriver -> \Device\000000a1[0x8a5caf18]
22:08:36.718 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8a5c9d98]
22:08:37.515 AVAST engine scan C:\WINDOWS
22:09:07.843 AVAST engine scan C:\WINDOWS\system32
22:16:26.078 AVAST engine scan C:\WINDOWS\system32\drivers
22:17:18.828 AVAST engine scan C:\Documents and Settings\Annicat 2
22:41:28.484 AVAST engine scan C:\Documents and Settings\All Users
22:50:09.062 Scan finished successfully
22:57:18.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Annicat 2\My Documents\MBR.dat"
22:57:18.140 The log file has been saved successfully to "C:\Documents and Settings\Annicat 2\My Documents\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:25 PM

Posted 03 March 2012 - 11:15 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Anne Arp

Anne Arp
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Hampton Roads, Virginia
  • Local time:05:25 PM

Posted 03 March 2012 - 11:33 PM

OTL logfile created on: 3/3/2012 11:26:45 PM - Run 1
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Archives
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.57% Memory free
3.80 Gb Paging File | 3.00 Gb Available in Paging File | 78.95% Paging File free
Paging file location(s): C:\pagefile.sys 2000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 192.88 Gb Total Space | 156.56 Gb Free Space | 81.17% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 37.12 Gb Free Space | 92.81% Space Free | Partition Type: NTFS

Computer Name: ANNICAT2 | User Name: Annicat 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/03 23:24:16 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Archives\OTL.exe
PRC - [2012/03/01 20:14:08 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Annicat 2\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe
PRC - [2012/02/23 05:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/12/22 08:48:12 | 000,984,936 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2011/12/22 07:31:08 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/26 12:01:26 | 000,150,128 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2011/05/26 12:01:18 | 000,129,648 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2011/05/26 12:01:16 | 001,555,056 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Acer Display\eDisplay Management\dthtml.exe
PRC - [2011/05/15 23:36:08 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/05/15 23:36:04 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/05/15 23:35:50 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2011/05/05 15:44:42 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/07/26 23:01:58 | 003,474,848 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\3.1.5.7619\Webshots.scr
PRC - [2010/06/21 15:24:30 | 001,990,656 | ---- | M] (ZyXEL Technology, Corp.) -- C:\Program Files\ZyXEL\N220\Common\N220.exe
PRC - [2010/05/13 16:34:48 | 000,711,792 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Pro Plugin\Floater.exe
PRC - [2010/05/13 16:34:42 | 000,674,928 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
PRC - [2010/04/29 08:38:54 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/07/23 20:36:24 | 000,084,464 | ---- | M] () -- C:\Program Files\Roxio\5.0\CPMonitor.exe
PRC - [2008/05/13 15:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\ZyXEL\N220\Common\RalinkRegistryWriter.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/02 16:48:00 | 000,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2004/09/15 13:40:06 | 000,630,872 | ---- | M] (Belkin) -- C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/14 22:44:33 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/14 22:44:25 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012/02/14 22:42:42 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/14 22:40:37 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/14 22:39:11 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/14 22:31:08 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2011/10/12 17:45:50 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
MOD - [2011/10/12 16:53:25 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/06/20 20:02:42 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2011/05/26 12:01:24 | 000,240,240 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DThook.dll
MOD - [2011/05/26 12:01:14 | 000,121,456 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\CC\gui.dll
MOD - [2011/05/26 11:50:32 | 000,176,128 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2010/05/13 16:34:48 | 000,711,792 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Pro Plugin\Floater.exe
MOD - [2010/05/13 16:34:42 | 000,674,928 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
MOD - [2009/07/23 20:36:24 | 000,084,464 | ---- | M] () -- C:\Program Files\Roxio\5.0\CPMonitor.exe
MOD - [2007/11/28 04:32:00 | 001,163,264 | ---- | M] () -- C:\Program Files\ZyXEL\N220\Common\acAuth.dll
MOD - [2006/04/18 20:22:30 | 000,172,032 | ---- | M] () -- C:\Program Files\SpamPal\spampalLSP.dll
MOD - [2002/11/26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- -- (Net Driver HPZ12)
SRV - [2012/02/23 05:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/12/22 07:31:08 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/05/26 12:01:18 | 000,129,648 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2011/05/15 23:36:08 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/05/15 23:36:04 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2011/05/05 15:44:42 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/06/29 07:04:18 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Stopped] -- C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe -- (AGCoreService)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/10 03:41:10 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2009/06/10 03:41:02 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2009/06/10 03:40:22 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/11/18 14:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/05/13 15:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\ZyXEL\N220\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aswMBR)
DRV - [2012/03/03 21:28:43 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A42A0336-BFEA-4EE5-ADA9-2FAD6AFC2A59}\MpKsl1a10f1e9.sys -- (MpKsl1a10f1e9)
DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/23 20:54:41 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/05 15:44:24 | 000,017,136 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2010/05/13 16:34:30 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2010/05/13 16:34:28 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2009/12/03 21:22:04 | 006,021,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/11/19 13:03:18 | 000,803,328 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/06/10 09:24:10 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2009/06/05 14:16:32 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/04/14 01:05:30 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2008/01/17 14:51:30 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/01/17 14:51:24 | 000,128,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvrd32.sys -- (nvrd32)
DRV - [2006/10/27 08:12:32 | 000,120,832 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ahcix86.sys -- (ahcix86)
DRV - [2004/07/29 15:29:58 | 000,211,072 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2003/07/24 11:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\DNINDIS5.SYS -- (DNINDIS5)
DRV - [2002/03/03 12:26:38 | 000,093,068 | ---- | M] (Zoran Microelectronics Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\coachcap.sys -- (CoachCap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0BC6E3FA-78EF-4886-842C-5A1258C4455A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7619&uid=0&did=%7b87fe83e3-fb99-4570-9134-26c26e1b6fe0%7d&q={searchTerms}
IE - HKLM\..\SearchScopes\{28916CE2-1FB5-47D6-B8B8-209CD6AAA05A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://apps.facebook.com/lexulous/?home
IE - HKCU\..\SearchScopes,DefaultScope = {28916CE2-1FB5-47D6-B8B8-209CD6AAA05A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.facebook.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1894
FF - prefs.js..extensions.enabledItems: {EB132DB0-A4CA-11DF-9732-0E29E0D72085}:1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.3
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1.4
FF - prefs.js..extensions.enabledItems: fireform@mozilla.org:0.7.4
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.78
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Annicat 2\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Annicat 2\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/21 19:51:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/01 19:18:36 | 000,000,000 | ---D | M]

[2011/11/05 14:49:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Annicat 2\Application Data\Mozilla\Extensions
[2012/02/02 06:12:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Annicat 2\Application Data\Mozilla\Firefox\Profiles\extensions
[2011/11/06 18:48:07 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Annicat 2\Application Data\Mozilla\Firefox\Profiles\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/11/06 18:48:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Annicat 2\Application Data\Mozilla\Firefox\Profiles\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/06 18:48:05 | 000,000,000 | ---D | M] (FlashResizer) -- C:\Documents and Settings\Annicat 2\Application Data\Mozilla\Firefox\Profiles\extensions\{C6F77964-B0B5-4953-A144-93051184EC0C}
[2011/11/06 18:48:11 | 000,000,000 | ---D | M] (fireform) -- C:\Documents and Settings\Annicat 2\Application Data\Mozilla\Firefox\Profiles\extensions\fireform@mozilla.org
[2011/11/06 18:48:09 | 000,000,000 | ---D | M] (FlashFirebug) -- C:\Documents and Settings\Annicat 2\Application Data\Mozilla\Firefox\Profiles\extensions\flashfirebug@o-minds.com
[2011/11/06 18:48:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Annicat 2\Application Data\Mozilla\Firefox\Profiles\extensions\TRASH
[2012/03/03 22:49:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Annicat 2\Application Data\Mozilla\Firefox\Profiles\q76cr2ao.default\extensions
[2011/12/31 17:01:12 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Documents and Settings\Annicat 2\Application Data\Mozilla\Firefox\Profiles\q76cr2ao.default\extensions\adblockpopups@jessehakanen.net
[2012/02/11 19:04:57 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Documents and Settings\Annicat 2\Application Data\Mozilla\Firefox\Profiles\q76cr2ao.default\extensions\coralietab@mozdev.org
[2012/03/03 08:51:54 | 000,000,000 | ---D | M] ("I Want This") -- C:\Documents and Settings\Annicat 2\Application Data\Mozilla\Firefox\Profiles\q76cr2ao.default\extensions\crossriderapp2258@crossrider.com
[2011/12/31 17:01:08 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Documents and Settings\Annicat 2\Application Data\Mozilla\Firefox\Profiles\q76cr2ao.default\extensions\elemhidehelper@adblockplus.org
[2011/12/31 17:01:06 | 000,000,000 | ---D | M] (fireform) -- C:\Documents and Settings\Annicat 2\Application Data\Mozilla\Firefox\Profiles\q76cr2ao.default\extensions\fireform@mozilla.org
[2012/03/03 22:49:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Annicat 2\Application Data\Mozilla\Firefox\Profiles\q76cr2ao.default\extensions\staged
[2012/03/01 18:37:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/18 21:12:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/01 18:37:55 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2012/02/18 21:12:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/29 01:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/18 21:12:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/09/20 08:17:26 | 000,002,566 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\verizontb.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Annicat 2\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Annicat 2\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Annicat 2\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Annicat 2\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Splendid = C:\Documents and Settings\Annicat 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Annicat 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Documents and Settings\Annicat 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Annicat 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Documents and Settings\Annicat 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: I Want This = C:\Documents and Settings\Annicat 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.14.20_0\
CHR - Extension: I Want This = C:\Documents and Settings\Annicat 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.15.26_0\
CHR - Extension: Gmail = C:\Documents and Settings\Annicat 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Documents and Settings\Annicat 2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/03 20:00:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files\Roxio\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe (Portrait Displays, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe ()
O4 - HKLM..\Run: [TaskPlus] C:\Documents and Settings\Annicat 2\My Documents\TaskPlus\taskplus0.exe (Contact Plus Corporation)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin 802.11g Wireless Card Utility.lnk = C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe (SpamPal.org)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Webshots.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless N-lite USB Adapter Utility.lnk = C:\Program Files\ZyXEL\N220\Common\N220.exe (ZyXEL Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Annicat 2\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7619\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpamPal\spampalLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpamPal\spampalLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\SpamPal\spampalLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\SpamPal\spampalLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\SpamPal\spampalLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\SpamPal\spampalLSP.dll ()
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264591699515 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75993EB3-FC13-4E3A-902B-0C8ED671A58D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\wbsys.dll) - C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O24 - Desktop WallPaper: C:\Documents and Settings\Annicat 2\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Annicat 2\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 19:16:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/03 19:19:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/03/03 19:12:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/03 19:07:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/03 19:07:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/03 19:07:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/03 19:07:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/03 19:06:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/03 19:06:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/03 18:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annicat 2\Application Data\Malwarebytes
[2012/03/03 10:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annicat 2\Application Data\vlc
[2012/03/03 09:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annicat 2\My Documents\Bleeping Computer tests
[2012/03/01 20:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annicat 2\Application Data\BabylonToolbar
[2012/03/01 20:18:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annicat 2\Start Menu\Programs\Google Chrome
[2012/03/01 19:53:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2012/03/01 18:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Easy Media Player
[2012/03/01 18:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Media Player
[2012/03/01 18:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012/03/01 18:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annicat 2\Local Settings\Application Data\Google
[2012/03/01 18:37:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annicat 2\Local Settings\Application Data\I Want This
[2012/03/01 18:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\I Want This
[2012/03/01 18:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annicat 2\Local Settings\Application Data\Babylon
[2012/03/01 18:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annicat 2\Application Data\Babylon
[2012/03/01 18:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/03/01 07:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/03/01 07:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annicat 2\Start Menu\Programs\HiJackThis
[2012/02/29 16:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annicat 2\Application Data\TeamViewer
[2012/02/29 16:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 7
[2012/02/29 16:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012/02/18 21:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/18 21:12:25 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/02/18 21:12:25 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/02/18 21:12:24 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/02/17 19:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annicat 2\My Documents\Taxes
[2012/02/15 06:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annicat 2\Application Data\SpamPal
[2012/02/10 15:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annicat 2\Desktop\Covers
[2012/02/07 20:25:33 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2012/02/07 20:25:33 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2012/02/07 20:25:33 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2012/02/07 20:25:33 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2012/02/07 20:25:33 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2012/02/07 20:25:33 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2012/02/07 20:25:32 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2012/02/07 20:25:32 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2012/02/07 20:25:31 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2012/02/07 20:25:31 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2012/02/07 20:25:31 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2012/02/07 20:25:31 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2012/02/07 20:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\Concord Digital Camera
[2012/02/07 19:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annicat 2\My Documents\My PaperPort Documents
[2012/02/07 19:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annicat 2\Application Data\ScanSoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/03 23:31:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{860C5691-4539-4EB3-BA83-DD7AEE309051}.job
[2012/03/03 23:26:55 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/03/03 23:19:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-421920824-3191045640-934741355-1011UA.job
[2012/03/03 22:57:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Annicat 2\My Documents\MBR.dat
[2012/03/03 20:19:02 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-421920824-3191045640-934741355-1011Core.job
[2012/03/03 20:00:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/03 19:36:29 | 090,726,844 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/03/03 19:28:31 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Annicat 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/03/03 19:23:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/03 19:19:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/03 19:12:49 | 000,000,356 | RHS- | M] () -- C:\boot.ini
[2012/03/03 09:03:59 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Annicat 2\defogger_reenable
[2012/03/03 03:00:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/03/03 02:32:53 | 000,230,655 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/03/03 02:00:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2012/03/01 20:18:17 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Annicat 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/01 18:46:15 | 000,000,474 | ---- | M] () -- C:\user.js
[2012/03/01 17:39:24 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\Annicat 2\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashPeak SlimBrowser.lnk
[2012/03/01 07:02:57 | 000,000,246 | ---- | M] () -- C:\Boot.bak
[2012/03/01 06:49:52 | 000,441,256 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120303-184218.backup
[2012/02/29 16:27:42 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\Annicat 2\Start Menu\Programs\Startup\Webshots.lnk
[2012/02/29 06:09:07 | 000,505,986 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/29 06:09:07 | 000,088,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/28 07:55:37 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\Annicat 2\My Documents\AS Mine.rdp
[2012/02/26 07:42:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\dfrg.job
[2012/02/25 07:55:55 | 000,001,644 | ---- | M] () -- C:\Documents and Settings\Annicat 2\Desktop\Remote Desktop Connection.lnk
[2012/02/24 12:50:12 | 000,001,766 | -H-- | M] () -- C:\Documents and Settings\Annicat 2\My Documents\Default.rdp
[2012/02/23 20:10:41 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\Annicat 2\Desktop\Webshots Desktop.lnk
[2012/02/22 22:44:36 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/02/18 21:12:00 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/02/18 21:12:00 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/02/18 21:12:00 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/02/18 21:12:00 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/02/18 21:11:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/02/17 16:41:55 | 000,299,340 | ---- | M] () -- C:\Documents and Settings\Annicat 2\My Documents\2010_1040_form.pdf
[2012/02/17 12:08:03 | 000,015,111 | ---- | M] () -- C:\WINDOWS\2011.CRD
[2012/02/14 22:33:33 | 000,356,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/14 22:26:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/12 12:19:08 | 000,441,256 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120301-064952.backup
[2012/02/11 18:52:37 | 000,441,256 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120212-121908.backup
[2012/02/11 18:43:12 | 000,440,047 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120211-185237.backup
[2012/02/11 18:42:01 | 000,000,604 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/02/11 17:29:00 | 000,440,047 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120211-184312.backup
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/03 22:02:23 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Annicat 2\My Documents\MBR.dat
[2012/03/03 19:28:31 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Annicat 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/03/03 19:12:49 | 000,000,246 | ---- | C] () -- C:\Boot.bak
[2012/03/03 19:12:47 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/03 19:07:00 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/03 19:07:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/03 19:07:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/03 19:07:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/03 19:07:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/03 09:03:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Annicat 2\defogger_reenable
[2012/03/01 20:18:17 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Annicat 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/01 20:14:23 | 000,000,994 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-421920824-3191045640-934741355-1011UA.job
[2012/03/01 20:14:23 | 000,000,942 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-421920824-3191045640-934741355-1011Core.job
[2012/03/01 18:37:59 | 000,000,474 | ---- | C] () -- C:\user.js
[2012/02/23 20:10:41 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\Annicat 2\Desktop\Webshots Desktop.lnk
[2012/02/17 16:41:49 | 000,299,340 | ---- | C] () -- C:\Documents and Settings\Annicat 2\My Documents\2010_1040_form.pdf
[2012/02/14 18:57:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/14 18:57:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/11 18:41:52 | 000,000,604 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/01/11 23:15:54 | 000,197,336 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/12/15 20:57:35 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Annicat 2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/15 20:21:00 | 000,007,432 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2011/11/25 15:48:02 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Annicat 2.ini
[2011/11/09 21:05:05 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/11/06 08:34:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/09/28 10:50:31 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/09/28 10:50:31 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/09/28 10:50:31 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat
[2011/09/28 10:49:14 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2011/09/28 10:49:11 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2011/09/28 10:37:08 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2011/07/06 16:05:00 | 000,000,120 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2011/06/20 19:52:32 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2011/06/20 05:23:14 | 000,004,939 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gtxhlulu.rrk
[2011/06/18 23:17:10 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/06/18 23:17:10 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/06/17 11:54:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2011/06/15 13:02:24 | 000,058,616 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2011/06/05 23:10:16 | 000,019,521 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2011/02/03 15:27:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/12/10 14:27:58 | 000,000,281 | ---- | C] () -- C:\WINDOWS\adbk32.ini
[2010/12/08 14:00:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/13 11:37:36 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\syx45326.dat
[2010/09/13 09:46:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/09/13 08:44:03 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

< End of report >

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:25 PM

Posted 03 March 2012 - 11:49 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - prefs.js..extensions.enabledItems: {EB132DB0-A4CA-11DF-9732-0E29E0D72085}:1.3
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
    [2012/03/01 18:37:55 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
    [2012/03/01 20:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annicat 2\Application Data\BabylonToolbar
    [2012/03/01 18:37:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annicat 2\Local Settings\Application Data\I Want This
    [2012/03/01 18:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\I Want This
    [2012/03/01 18:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annicat 2\Local Settings\Application Data\Babylon
    [2012/03/01 18:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annicat 2\Application Data\Babylon
    [2012/03/01 18:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users