Jump to content

omegastungun

Honorary Members
  • Posts

    34
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I sincerely thank you for taking the time out to help me with my problem. I also thank you for your patience.
  2. I followed the directions in your last step, and ComboFix is still on my machine. I know just deleting the icon isn't the fix, and everytime I start up my machine, Combofix files try to open and Avast alerts me to it. ESET, OTL, GMER, are all uninstalled or deleted outright.
  3. Want to make sure: Was ZoneAlarm the cause of my issues? If so, what should I use as a firewall that will not conflict and cause the same issues to pop up again. Also, how do I uninstall Combofix?
  4. My machine seems to be running better since uninstalling Zonealarm. Haven't ran into any issues so far...
  5. Uninstalled Zonealarm and ran OTL. Here is that log. The machine appears to be acting the same, but cannot say for sure. OTL logfile created on: 3/30/2011 4:29:49 AM - Run 4 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\catherine\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,014.00 Mb Total Physical Memory | 655.00 Mb Available Physical Memory | 65.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 22.61 Gb Free Space | 60.68% Space Free | Partition Type: NTFS Computer Name: CATHERIN-39UEY1 | User Name: catherine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) PRC - C:\Documents and Settings\catherine\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Documents and Settings\catherine\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) PRC - C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe (Musicmatch, Inc.) PRC - C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.) PRC - C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe (Musicmatch, Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\catherine\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (PEVSystemStart) -- File not found SRV - (HidServ) -- File not found SRV - (AppMgmt) -- File not found SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) ========== Driver Services (SafeList) ========== DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.) DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (WlanUIB) -- C:\WINDOWS\system32\drivers\MA111nd5.sys ( ) DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation) DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.) DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio) DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=toolbar IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.aol.com/?src=toolbar IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.facebook.com" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.3 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16 FF - prefs.js..keyword.URL: "http://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/19 15:24:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 06:41:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 20:49:13 | 000,000,000 | ---D | M] [2009/09/09 01:15:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\catherine\Application Data\Mozilla\Extensions [2009/09/09 01:15:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\catherine\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011/03/30 04:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\catherine\Application Data\Mozilla\Firefox\Profiles\5qllor7z.default\extensions [2011/02/16 22:51:56 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\catherine\Application Data\Mozilla\Firefox\Profiles\5qllor7z.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2011/03/25 02:58:07 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Documents and Settings\catherine\Application Data\Mozilla\Firefox\Profiles\5qllor7z.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546} [2011/03/25 02:58:08 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\catherine\Application Data\Mozilla\Firefox\Profiles\5qllor7z.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011/03/27 03:57:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\catherine\Application Data\Mozilla\Firefox\Profiles\5qllor7z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011/03/30 04:25:38 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Documents and Settings\catherine\Application Data\Mozilla\Firefox\Profiles\5qllor7z.default\extensions\adblockpopups@jessehakanen.net [2010/04/10 08:56:52 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\catherine\Application Data\Mozilla\Firefox\Profiles\5qllor7z.default\searchplugins\bing-ff.xml [2011/03/30 00:05:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/03/23 20:48:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011/03/02 09:06:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2009/08/19 15:24:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/03/23 20:48:54 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2011/03/23 20:48:55 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2011/03/23 20:49:03 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2010/04/10 12:20:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010/04/10 12:20:00 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010/04/10 12:20:00 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/04/10 12:20:00 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/09/22 05:00:45 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png [2009/09/22 05:00:46 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml [2010/04/10 12:20:00 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/04/10 12:20:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml O1 HOSTS File: ([2003/07/16 16:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.) O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\catherine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation) O4 - HKCU..\Run: [search Protection] File not found O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0 O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites) O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class) O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB (PogoWebLauncher Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181076741593 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\catherine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\catherine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/06/01 19:03:46 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/03/30 04:27:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2011/03/27 23:33:10 | 000,000,000 | --SD | C] -- C:\C-Fix [2011/03/23 00:33:51 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\catherine\Desktop\esetsmartinstaller_enu.exe [2011/03/13 11:40:23 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011/03/13 11:38:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011/03/13 11:38:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011/03/13 11:38:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011/03/13 11:38:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011/03/13 11:38:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/03/13 11:37:35 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/03/11 14:51:43 | 000,000,000 | ---D | C] -- C:\_OTL [2011/03/10 18:41:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\catherine\Desktop\OTL.exe [2011/03/08 20:56:57 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2011/03/02 09:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011/03/02 09:06:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011/03/02 09:06:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011/03/02 09:06:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011/03/02 09:06:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2007/06/08 19:16:04 | 000,666,624 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\MA111nd5.sys ========== Files - Modified Within 30 Days ========== [2011/03/30 04:31:02 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1580436667-725345543-1004UA.job [2011/03/30 04:31:01 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1580436667-725345543-1004Core.job [2011/03/30 04:27:44 | 000,013,730 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/03/30 04:27:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/03/29 07:07:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/03/28 06:39:14 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\catherine\Desktop\MBRCheck.exe [2011/03/27 23:27:15 | 004,303,772 | R--- | M] () -- C:\Documents and Settings\catherine\Desktop\C-Fix.exe [2011/03/23 00:42:25 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\catherine\Desktop\Google Chrome.lnk [2011/03/23 00:42:25 | 000,002,294 | ---- | M] () -- C:\Documents and Settings\catherine\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/03/23 00:34:09 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\catherine\Desktop\esetsmartinstaller_enu.exe [2011/03/22 04:42:14 | 000,028,668 | ---- | M] () -- C:\Documents and Settings\catherine\Desktop\360_25horror_psycho.jpg [2011/03/16 02:05:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/03/13 11:40:29 | 000,000,513 | RHS- | M] () -- C:\boot.ini [2011/03/13 11:10:03 | 000,315,108 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/03/13 11:10:03 | 000,042,064 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/03/10 18:42:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\catherine\Desktop\OTL.exe [2011/03/10 11:26:22 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\catherine\Desktop\dds.pif [2011/03/09 17:54:08 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\catherine\Desktop\dds.com [2011/03/09 14:35:47 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\catherine\Desktop\mbam-log-2011-03-08 (19-35-27).zip [2011/03/09 01:01:02 | 000,011,108 | ---- | M] () -- C:\Documents and Settings\catherine\Desktop\ark.zip [2011/03/08 22:08:48 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\catherine\Desktop\1e3tpnxy.exe [2011/03/08 22:08:34 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\catherine\Desktop\dds.scr [2011/03/08 21:32:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\catherine\defogger_reenable [2011/03/08 21:31:24 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\catherine\Desktop\Defogger.exe [2011/03/08 20:56:57 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT ========== Files Created - No Company Name ========== [2011/03/28 06:39:13 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\catherine\Desktop\MBRCheck.exe [2011/03/27 23:27:01 | 004,303,772 | R--- | C] () -- C:\Documents and Settings\catherine\Desktop\C-Fix.exe [2011/03/22 04:42:13 | 000,028,668 | ---- | C] () -- C:\Documents and Settings\catherine\Desktop\360_25horror_psycho.jpg [2011/03/13 11:40:28 | 000,000,397 | ---- | C] () -- C:\Boot.bak [2011/03/13 11:40:27 | 000,260,272 | RHS- | C] () -- C:\cmldr [2011/03/13 11:38:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/03/13 11:38:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/03/13 11:38:16 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/03/13 11:38:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/03/13 11:38:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/03/10 11:26:08 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\catherine\Desktop\dds.pif [2011/03/09 17:54:03 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\catherine\Desktop\dds.com [2011/03/09 14:35:47 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\catherine\Desktop\mbam-log-2011-03-08 (19-35-27).zip [2011/03/09 01:01:02 | 000,011,108 | ---- | C] () -- C:\Documents and Settings\catherine\Desktop\ark.zip [2011/03/08 22:08:48 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\catherine\Desktop\1e3tpnxy.exe [2011/03/08 22:08:28 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\catherine\Desktop\dds.scr [2011/03/08 21:32:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\catherine\defogger_reenable [2011/03/08 21:31:24 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\catherine\Desktop\Defogger.exe [2010/12/31 03:13:06 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2009/10/18 21:04:06 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\catherine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/19 15:27:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2007/06/06 01:33:06 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2007/06/05 17:21:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2007/06/05 16:31:06 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2007/06/05 15:03:09 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat [2007/06/05 14:59:24 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2007/06/05 14:52:54 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2007/06/05 14:36:54 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk [2007/06/05 14:33:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2007/06/05 13:42:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2007/06/05 13:33:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2007/06/05 08:27:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007/06/05 08:26:08 | 000,091,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007/06/01 19:03:15 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt [2004/08/02 11:58:34 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\SbcSystemInfo.dll [2004/08/02 11:58:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\nt5support.dll [2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2003/07/16 16:41:25 | 000,315,108 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2003/07/16 16:41:21 | 000,042,064 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin ========== LOP Check ========== [2010/12/31 02:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software [2007/06/26 04:16:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ [2008/06/13 16:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iWin Games [2008/04/30 20:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP [2010/12/30 02:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catherine\Application Data\Amazon [2010/12/31 03:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catherine\Application Data\CheckPoint [2007/06/07 16:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catherine\Application Data\InterTrust [2008/06/13 15:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catherine\Application Data\iWin [2008/06/13 16:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catherine\Application Data\iWinArcade [2007/09/12 17:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catherine\Application Data\Musicmatch [2008/04/30 20:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catherine\Application Data\Pogo Games ========== Purity Check ========== < End of report >
  6. OTL logfile created on: 3/29/2011 6:24:09 AM - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\catherine\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,014.00 Mb Total Physical Memory | 687.00 Mb Available Physical Memory | 68.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 22.66 Gb Free Space | 60.80% Space Free | Partition Type: NTFS Computer Name: CATHERIN-39UEY1 | User Name: catherine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) PRC - C:\Documents and Settings\catherine\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) PRC - C:\Documents and Settings\catherine\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) PRC - C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe (Musicmatch, Inc.) PRC - C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.) PRC - C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe (Musicmatch, Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\catherine\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software) MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (PEVSystemStart) -- File not found SRV - (HidServ) -- File not found SRV - (AppMgmt) -- File not found SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) ========== Driver Services (SafeList) ========== DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.) DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (WlanUIB) -- C:\WINDOWS\system32\drivers\MA111nd5.sys ( ) DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation) DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.) DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio) DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=toolbar IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.aol.com/?src=toolbar IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.facebook.com" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.260.0 FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.2 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16 FF - prefs.js..keyword.URL: "http://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/02/07 08:38:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/19 15:24:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 06:41:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 20:49:13 | 000,000,000 | ---D | M] [2009/09/09 01:15:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\catherine\Application Data\Mozilla\Extensions [2009/09/09 01:15:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\catherine\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011/03/28 21:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\catherine\Application Data\Mozilla\Firefox\Profiles\5qllor7z.default\extensions [2011/02/16 22:51:56 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\catherine\Application Data\Mozilla\Firefox\Profiles\5qllor7z.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2011/03/25 02:58:07 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Documents and Settings\catherine\Application Data\Mozilla\Firefox\Profiles\5qllor7z.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546} [2011/03/25 02:58:08 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\catherine\Application Data\Mozilla\Firefox\Profiles\5qllor7z.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011/03/27 03:57:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\catherine\Application Data\Mozilla\Firefox\Profiles\5qllor7z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011/02/16 22:51:57 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Documents and Settings\catherine\Application Data\Mozilla\Firefox\Profiles\5qllor7z.default\extensions\adblockpopups@jessehakanen.net [2010/04/10 08:56:52 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\catherine\Application Data\Mozilla\Firefox\Profiles\5qllor7z.default\searchplugins\bing-ff.xml [2011/03/28 21:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/03/23 20:48:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011/03/02 09:06:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/02/07 08:38:06 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2009/08/19 15:24:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/03/23 20:48:54 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2011/03/23 20:48:55 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2011/03/23 20:49:03 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2010/04/10 12:20:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010/04/10 12:20:00 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010/04/10 12:20:00 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/04/10 12:20:00 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/09/22 05:00:45 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png [2009/09/22 05:00:46 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml [2010/04/10 12:20:00 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/04/10 12:20:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml O1 HOSTS File: ([2003/07/16 16:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.) O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\catherine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation) O4 - HKCU..\Run: [search Protection] File not found O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0 O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites) O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class) O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB (PogoWebLauncher Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181076741593 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\catherine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\catherine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/06/01 19:03:46 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/03/27 23:33:10 | 000,000,000 | --SD | C] -- C:\C-Fix [2011/03/23 00:33:51 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\catherine\Desktop\esetsmartinstaller_enu.exe [2011/03/13 11:40:23 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011/03/13 11:38:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011/03/13 11:38:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011/03/13 11:38:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011/03/13 11:38:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011/03/13 11:38:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/03/13 11:37:35 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/03/11 14:51:43 | 000,000,000 | ---D | C] -- C:\_OTL [2011/03/10 18:41:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\catherine\Desktop\OTL.exe [2011/03/08 20:56:57 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2011/03/02 09:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011/03/02 09:06:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011/03/02 09:06:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011/03/02 09:06:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011/03/02 09:06:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2007/06/08 19:16:04 | 000,666,624 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\MA111nd5.sys ========== Files - Modified Within 30 Days ========== [2011/03/29 06:19:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/03/29 06:15:48 | 000,013,730 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/03/29 06:14:43 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1580436667-725345543-1004UA.job [2011/03/29 06:14:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/03/28 06:39:14 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\catherine\Desktop\MBRCheck.exe [2011/03/27 23:27:15 | 004,303,772 | R--- | M] () -- C:\Documents and Settings\catherine\Desktop\C-Fix.exe [2011/03/27 04:31:01 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1580436667-725345543-1004Core.job [2011/03/23 00:42:25 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\catherine\Desktop\Google Chrome.lnk [2011/03/23 00:42:25 | 000,002,294 | ---- | M] () -- C:\Documents and Settings\catherine\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/03/23 00:34:09 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\catherine\Desktop\esetsmartinstaller_enu.exe [2011/03/22 04:42:14 | 000,028,668 | ---- | M] () -- C:\Documents and Settings\catherine\Desktop\360_25horror_psycho.jpg [2011/03/16 02:05:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/03/13 11:40:29 | 000,000,513 | RHS- | M] () -- C:\boot.ini [2011/03/13 11:10:03 | 000,315,108 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/03/13 11:10:03 | 000,042,064 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/03/10 18:42:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\catherine\Desktop\OTL.exe [2011/03/10 11:26:22 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\catherine\Desktop\dds.pif [2011/03/09 17:54:08 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\catherine\Desktop\dds.com [2011/03/09 14:35:47 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\catherine\Desktop\mbam-log-2011-03-08 (19-35-27).zip [2011/03/09 01:01:02 | 000,011,108 | ---- | M] () -- C:\Documents and Settings\catherine\Desktop\ark.zip [2011/03/08 22:08:48 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\catherine\Desktop\1e3tpnxy.exe [2011/03/08 22:08:34 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\catherine\Desktop\dds.scr [2011/03/08 21:32:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\catherine\defogger_reenable [2011/03/08 21:31:24 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\catherine\Desktop\Defogger.exe [2011/03/08 20:56:57 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT ========== Files Created - No Company Name ========== [2011/03/28 06:39:13 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\catherine\Desktop\MBRCheck.exe [2011/03/27 23:27:01 | 004,303,772 | R--- | C] () -- C:\Documents and Settings\catherine\Desktop\C-Fix.exe [2011/03/22 04:42:13 | 000,028,668 | ---- | C] () -- C:\Documents and Settings\catherine\Desktop\360_25horror_psycho.jpg [2011/03/13 11:40:28 | 000,000,397 | ---- | C] () -- C:\Boot.bak [2011/03/13 11:40:27 | 000,260,272 | RHS- | C] () -- C:\cmldr [2011/03/13 11:38:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/03/13 11:38:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/03/13 11:38:16 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/03/13 11:38:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/03/13 11:38:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/03/10 11:26:08 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\catherine\Desktop\dds.pif [2011/03/09 17:54:03 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\catherine\Desktop\dds.com [2011/03/09 14:35:47 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\catherine\Desktop\mbam-log-2011-03-08 (19-35-27).zip [2011/03/09 01:01:02 | 000,011,108 | ---- | C] () -- C:\Documents and Settings\catherine\Desktop\ark.zip [2011/03/08 22:08:48 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\catherine\Desktop\1e3tpnxy.exe [2011/03/08 22:08:28 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\catherine\Desktop\dds.scr [2011/03/08 21:32:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\catherine\defogger_reenable [2011/03/08 21:31:24 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\catherine\Desktop\Defogger.exe [2010/12/31 03:13:06 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2009/10/18 21:04:06 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\catherine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/19 15:27:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2007/06/06 01:33:06 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2007/06/05 17:21:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2007/06/05 16:31:06 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2007/06/05 15:03:09 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat [2007/06/05 14:59:24 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2007/06/05 14:52:54 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2007/06/05 14:36:54 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk [2007/06/05 14:33:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2007/06/05 13:42:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2007/06/05 13:33:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2007/06/05 08:27:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007/06/05 08:26:08 | 000,091,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007/06/01 19:03:15 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt [2004/08/02 11:58:34 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\SbcSystemInfo.dll [2004/08/02 11:58:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\nt5support.dll [2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2003/07/16 16:41:25 | 000,315,108 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2003/07/16 16:41:21 | 000,042,064 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin ========== LOP Check ========== [2010/12/31 02:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software [2007/06/26 04:16:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ [2008/06/13 16:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iWin Games [2008/04/30 20:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP [2010/12/30 02:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catherine\Application Data\Amazon [2010/12/31 03:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catherine\Application Data\CheckPoint [2007/06/07 16:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catherine\Application Data\InterTrust [2008/06/13 15:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catherine\Application Data\iWin [2008/06/13 16:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catherine\Application Data\iWinArcade [2007/09/12 17:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catherine\Application Data\Musicmatch [2008/04/30 20:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\catherine\Application Data\Pogo Games ========== Purity Check ========== < End of report >
  7. Ran a full system scan with Avast, and no threats were found.
  8. I ran disk check as read only, just because I wanted to make 100% sure about going forward with automatically fixing anything with you before proceeding. It completed and nothing came up. Should I check both of the options that pop up when running it?
  9. Here is the MBRCheck log: MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000000c Kernel Drivers (total 129): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E5000 \WINDOWS\system32\hal.dll 0xF7AD2000 \WINDOWS\system32\KDCOM.DLL 0xF79E2000 \WINDOWS\system32\BOOTVID.dll 0xF74A3000 ACPI.sys 0xF7AD4000 \WINDOWS\System32\DRIVERS\WMILIB.SYS 0xF7492000 pci.sys 0xF75D2000 isapnp.sys 0xF79E6000 compbatt.sys 0xF79EA000 \WINDOWS\System32\DRIVERS\BATTC.SYS 0xF7B9A000 pciide.sys 0xF7852000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS 0xF7474000 pcmcia.sys 0xF75E2000 MountMgr.sys 0xF7455000 ftdisk.sys 0xF785A000 PartMgr.sys 0xF75F2000 VolSnap.sys 0xF743D000 atapi.sys 0xF7602000 disk.sys 0xF7612000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS 0xF741D000 fltmgr.sys 0xF740B000 sr.sys 0xF73F4000 KSecDD.sys 0xF7367000 Ntfs.sys 0xF733A000 NDIS.sys 0xF7320000 Mup.sys 0xF7AAE000 \SystemRoot\system32\DRIVERS\tunmp.sys 0xF7672000 \SystemRoot\System32\DRIVERS\intelppm.sys 0xF7AB2000 \SystemRoot\System32\DRIVERS\wmiacpi.sys 0xF7AB6000 \SystemRoot\System32\DRIVERS\CmBatt.sys 0xF729F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF7962000 \SystemRoot\System32\DRIVERS\usbuhci.sys 0xF727B000 \SystemRoot\System32\DRIVERS\USBPORT.SYS 0xF796A000 \SystemRoot\System32\DRIVERS\usbehci.sys 0xF7682000 \SystemRoot\System32\DRIVERS\i8042prt.sys 0xF7972000 \SystemRoot\System32\DRIVERS\mouclass.sys 0xF797A000 \SystemRoot\System32\DRIVERS\kbdclass.sys 0xF7692000 \SystemRoot\System32\DRIVERS\serial.sys 0xF7ABA000 \SystemRoot\System32\DRIVERS\serenum.sys 0xF76A2000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS 0xF7982000 \SystemRoot\System32\Drivers\MxlW2k.SYS 0xF76B2000 \SystemRoot\System32\DRIVERS\cdrom.sys 0xF76C2000 \SystemRoot\System32\DRIVERS\redbook.sys 0xF7258000 \SystemRoot\System32\DRIVERS\ks.sys 0xF798A000 \SystemRoot\System32\Drivers\Cdralw2k.SYS 0xF7BB0000 \SystemRoot\System32\DRIVERS\audstub.sys 0xF76D2000 \SystemRoot\System32\DRIVERS\rasl2tp.sys 0xF7AC6000 \SystemRoot\System32\DRIVERS\ndistapi.sys 0xF7219000 \SystemRoot\System32\DRIVERS\ndiswan.sys 0xF76E2000 \SystemRoot\System32\DRIVERS\raspppoe.sys 0xF76F2000 \SystemRoot\System32\DRIVERS\raspptp.sys 0xF7992000 \SystemRoot\System32\DRIVERS\TDI.SYS 0xF7208000 \SystemRoot\System32\DRIVERS\psched.sys 0xF7702000 \SystemRoot\System32\DRIVERS\msgpc.sys 0xF799A000 \SystemRoot\System32\DRIVERS\ptilink.sys 0xF79A2000 \SystemRoot\System32\DRIVERS\raspti.sys 0xF7712000 \SystemRoot\System32\DRIVERS\termdd.sys 0xF7AF6000 \SystemRoot\System32\DRIVERS\swenum.sys 0xF71AA000 \SystemRoot\System32\DRIVERS\update.sys 0xF72FC000 \SystemRoot\System32\DRIVERS\mssmbios.sys 0xF7722000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF7072000 \SystemRoot\system32\drivers\sthda.sys 0xF704E000 \SystemRoot\system32\drivers\portcls.sys 0xF7732000 \SystemRoot\system32\drivers\drmk.sys 0xF7742000 \SystemRoot\System32\DRIVERS\usbhub.sys 0xF7B06000 \SystemRoot\System32\DRIVERS\USBD.SYS 0xF7B0A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7C45000 \SystemRoot\System32\Drivers\Null.SYS 0xF7B0C000 \SystemRoot\System32\Drivers\Beep.SYS 0xF79C2000 \SystemRoot\System32\drivers\vga.sys 0xF7023000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0xF7B0E000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7B10000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF79CA000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF79D2000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF7A7E000 \SystemRoot\System32\DRIVERS\rasacd.sys 0xF6FF0000 \SystemRoot\System32\DRIVERS\ipsec.sys 0xF6F97000 \SystemRoot\System32\DRIVERS\tcpip.sys 0xF7752000 \SystemRoot\System32\Drivers\aswTdi.SYS 0xF6ED1000 \SystemRoot\System32\DRIVERS\ipnat.sys 0xF7762000 \SystemRoot\System32\DRIVERS\wanarp.sys 0xF6E81000 \SystemRoot\System32\DRIVERS\netbt.sys 0xF6E49000 \SystemRoot\system32\DRIVERS\tcpip6.sys 0xF79DA000 \SystemRoot\System32\Drivers\aswRdr.SYS 0xF7772000 \SystemRoot\system32\drivers\ip6fw.sys 0xF6DC8000 \SystemRoot\System32\vsdatant.sys 0xF6D1E000 \SystemRoot\system32\DRIVERS\MA111nd5.sys 0xF6CFC000 \SystemRoot\System32\drivers\afd.sys 0xF7782000 \SystemRoot\System32\DRIVERS\netbios.sys 0xF6CDA000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 0xF786A000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 0xF6CAF000 \SystemRoot\System32\DRIVERS\rdbss.sys 0xF6C3F000 \SystemRoot\System32\DRIVERS\mrxsmb.sys 0xF77B2000 \SystemRoot\System32\Drivers\Fips.SYS 0xF6BF7000 \SystemRoot\System32\Drivers\aswSP.SYS 0xF6B85000 \SystemRoot\System32\Drivers\aswSnx.SYS 0xF77E2000 \SystemRoot\System32\DRIVERS\usbccid.sys 0xF724C000 \SystemRoot\System32\DRIVERS\SMCLIB.SYS 0xF7248000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xF77F2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF7892000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF7244000 \SystemRoot\System32\DRIVERS\mouhid.sys 0xF78A2000 \SystemRoot\System32\Drivers\Aavmker4.SYS 0xF6F87000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xF6B45000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF7AEC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xF7A7A000 \SystemRoot\System32\drivers\Dxapi.sys 0xF793A000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7D18000 \SystemRoot\System32\drivers\dxgthk.sys 0xBFF50000 \SystemRoot\System32\framebuf.dll 0xF666D000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0xF660D000 \SystemRoot\System32\DRIVERS\mdc8021x.sys 0xF64D7000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys 0xF670D000 \SystemRoot\system32\DRIVERS\nwlnknb.sys 0xF64C6000 \SystemRoot\system32\DRIVERS\EAPPkt.sys 0xF6601000 \SystemRoot\System32\DRIVERS\ndisuio.sys 0xF789A000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys 0xF6347000 \SystemRoot\System32\Drivers\aswMon2.SYS 0xF5F9A000 \SystemRoot\system32\drivers\wdmaud.sys 0xF6595000 \SystemRoot\system32\drivers\sysaudio.sys 0xF5D87000 \SystemRoot\System32\DRIVERS\mrxdav.sys 0xF7B24000 \SystemRoot\System32\Drivers\ASCTRM.SYS 0xF5CF7000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys 0xF5B27000 \SystemRoot\System32\DRIVERS\srv.sys 0xF56D6000 \SystemRoot\System32\Drivers\HTTP.sys 0xF4E38000 \SystemRoot\system32\drivers\kmixer.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 37): 0 System Idle Process 4 System 672 C:\WINDOWS\system32\smss.exe 736 csrss.exe 760 C:\WINDOWS\system32\winlogon.exe 804 C:\WINDOWS\system32\services.exe 816 C:\WINDOWS\system32\lsass.exe 980 C:\WINDOWS\system32\svchost.exe 1028 svchost.exe 1068 C:\WINDOWS\system32\svchost.exe 1200 svchost.exe 1256 svchost.exe 1296 C:\WINDOWS\system32\ZoneLabs\vsmon.exe 1880 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe 1932 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 176 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe 428 C:\WINDOWS\explorer.exe 780 C:\WINDOWS\system32\spoolsv.exe 1160 scardsvr.exe 540 C:\Program Files\Real\RealPlayer\realplay.exe 564 C:\Program Files\QuickTime\qttask.exe 712 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe 1504 C:\Program Files\Alwil Software\Avast5\AvastUI.exe 1480 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe 732 C:\Program Files\Common Files\Java\Java Update\jusched.exe 1220 C:\Program Files\Messenger\msmsgs.exe 1240 C:\WINDOWS\system32\ctfmon.exe 1316 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE 1372 svchost.exe 1468 C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe 1620 C:\Documents and Settings\catherine\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe 1828 C:\Program Files\Java\jre6\bin\jqs.exe 1964 C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe 2976 wdfmgr.exe 3432 C:\WINDOWS\system32\wbem\wmiapsrv.exe 3888 alg.exe 3084 C:\Documents and Settings\catherine\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: TOSHIBAMK4034GSX, Rev: AH401D Size Device Name MBR Status -------------------------------------------- 37 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A Done!
  10. Deleted the two Combofix icons off my desktop and downloaded a fresh one which I renamed C-Fix. Still not working, and my computer is still acting up. Also, US71 is not me, and therefore I am disregarding your post right after that one
  11. I just want to make sure that you mean deleting the two ComboFix icons on my desktop instead of doing anything else. The only other ComboFix stuff on my computer is the Qoobox folder, and a computer looking icon called ComboFix.com when I open my "My Computer" folder. Sorry, I am slightly computer illiterate, so I would just ask for a little bit more clarity with responses, and I thank you for you assistance so far
  12. Do you mean just delete the two combofixes that are on my desktop? I am not seeing any other Combofix folders or anything else like that on my machine at all?
  13. DDS is still not working. Acting the same as the last time that I tried it
  14. I am still having the same issues with freezing up at startup a good majority of the time. My browser freezes sometime, but I am not sure if that is due to the same issue or not.
  15. I ran ESET as instructed and it came up clean. However it did not produce a log file for me to copy and paste
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.