jeanbean

Members
  • Content count

    11
  • Joined

  • Last visited

About jeanbean

  • Rank
    New Member

Profile Information

  • Location
    Upstate NY
  1. Thank you so much for all of your help, Mr. Charlie!!! Great expert advice that solved my problem.

    1. MrCharlie

      MrCharlie

      You are very welcome...MrC!

  2. Yes, I did the unhide program and I can see all my files. Here is the result of the scan... https://www.virustotal.com/file/461bc4f8e0696fab82f742e364acc0050a63a27e7987687355fe74288741b940/analysis/1335192090/ I only have Malwatebytes pro installed on this computer. I will also install the security essentials.
  3. otl file... OTL logfile created on: 4/23/2012 8:03:23 AM - Run 1 OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Tasha Jacobs\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1013.97 Mb Total Physical Memory | 106.23 Mb Available Physical Memory | 10.48% Memory free 2.38 Gb Paging File | 1.65 Gb Available in Paging File | 69.22% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71.48 Gb Total Space | 42.45 Gb Free Space | 59.39% Space Free | Partition Type: NTFS Computer Name: SCHOOL-929EE6B6 | User Name: Tasha Jacobs | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/23 08:01:58 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tasha Jacobs\Desktop\OTL.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/17 08:13:32 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/05/10 14:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe PRC - [2007/02/21 15:19:58 | 000,819,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2007/02/21 15:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe PRC - [2007/02/21 15:17:42 | 000,970,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe ========== Modules (No Company Name) ========== MOD - [2012/03/17 08:13:31 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011/12/02 12:57:07 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/11/05 09:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll MOD - [2008/10/24 22:00:32 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll MOD - [2008/10/24 22:00:12 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll MOD - [2007/02/21 15:13:02 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2007/02/21 15:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel® ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS -- (SMNDIS5) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\TASHAJ~1\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - [2012/04/22 20:35:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012/04/22 08:30:50 | 000,032,072 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/02/14 02:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2011/02/14 02:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2011/02/14 02:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008/10/24 22:00:32 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2007/05/10 14:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2007/02/21 15:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2006/11/15 04:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006/11/14 23:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006/11/14 21:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2004/09/29 16:36:29 | 000,015,360 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm) DRV - [2004/08/04 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004/08/04 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1060284298-796845957-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&toolbarid=blekkotb_soc&u=2012042352734C56A70B50A707AFC5BE&tbp=homepage IE - HKU\S-1-5-21-1060284298-796845957-725345543-1004\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} IE - HKU\S-1-5-21-1060284298-796845957-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1060284298-796845957-725345543-1004\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch.mystart.com/TOOLBARNAMESPACE/?source=86adbc52&tbp=rbox&toolbarid=blekkotb_soc&u=2012042352734C56A70B50A707AFC5BE&q={searchTerms} IE - HKU\S-1-5-21-1060284298-796845957-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1060284298-796845957-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local IE - HKU\S-1-5-21-1060284298-796845957-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = www.msn.com:80 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..browser.search.selectedEngine: "Blekko" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153 FF - prefs.js..extensions.enabledItems: GameTapPlayer@gametap.com:4.4.0.8 FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm186YYUS&ptb=ETkYX51EoIG1ZiqNmTecCg&ind=2011080615&ptnrS=RGxdm186YYUS&si=&n=77dea7a7&psa=&st=kwd&searchfor=" FF - prefs.js..network.proxy.type: 4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Tasha Jacobs\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Tasha Jacobs\Application Data\Facebook\npfbplugin_1_0_1.dll ( ) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Tasha Jacobs\Application Data\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Tasha Jacobs\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/22 18:18:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/22 18:18:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Tasha Jacobs\Application Data\Move Networks [2009/10/02 18:41:45 | 000,000,000 | ---D | M] [2009/01/08 23:17:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Extensions [2012/04/23 07:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\extensions [2012/02/03 11:22:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012/03/22 13:06:03 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2009/04/08 23:02:58 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}(2) [2009/04/08 23:00:20 | 000,000,000 | ---D | M] ("Upromise TurboSaver") -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\extensions\FFToolbar@upromise(2) [2011/08/06 15:51:14 | 000,000,000 | ---D | M] (GameTap) -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\extensions\GameTapPlayer@gametap.com [2009/04/09 19:55:00 | 000,002,434 | ---- | M] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\searchplugins\google-scholar.xml [2012/04/23 07:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2009/10/02 18:41:45 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\TASHA JACOBS\APPLICATION DATA\MOVE NETWORKS File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TASHA JACOBS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8RBFRWZU.DEFAULT\EXTENSIONS\{7D9E1ADC-7DB1-4EAF-B6C7-7E062074E6BE} File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TASHA JACOBS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8RBFRWZU.DEFAULT\EXTENSIONS\CROSSRIDERAPP2258@CROSSRIDER.COM [2012/03/17 08:13:32 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/04/22 20:39:30 | 000,002,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml [2011/11/10 18:40:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/04/22 21:06:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.) O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1060284298-796845957-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1060284298-796845957-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1060284298-796845957-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1060284298-796845957-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCA1C17E-D9C5-41BC-AA1A-26B4C59602F6}: DhcpNameServer = 24.89.0.22 24.89.0.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5CA31D2-61BB-4F45-8967-BFF155A0C9FD}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Tasha Jacobs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tasha Jacobs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/01/07 23:41:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/04/23 08:02:03 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tasha Jacobs\Desktop\OTL.exe [2012/04/23 07:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\SigmaTel [2012/04/23 07:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tasha Jacobs\Start Menu\Programs\vGrabber [2012/04/23 07:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\v-Grabber [2012/04/23 07:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012/04/23 07:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tasha Jacobs\Desktop\Unused Desktop Shortcuts [2012/04/23 07:18:13 | 000,000,000 | ---D | C] -- C:\ComboFix [2012/04/23 07:05:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2012/04/23 06:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tasha Jacobs\Desktop\Anti-Virus Programs [2012/04/23 06:00:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012/04/22 21:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tasha Jacobs\Application Data\InstallShield [2012/04/22 21:10:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012/04/22 20:52:54 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/04/22 20:43:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/04/22 20:43:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/04/22 20:43:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/04/22 20:43:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/04/22 20:43:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012/04/22 20:43:12 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/04/22 20:42:42 | 004,472,002 | R--- | C] (Swearware) -- C:\Documents and Settings\Tasha Jacobs\Desktop\ComboFix.exe [2012/04/22 20:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Free Download Manager [2012/04/22 20:37:22 | 000,340,296 | ---- | C] (AirInstaller Inc.) -- C:\Documents and Settings\Tasha Jacobs\Desktop\setup.exe [2012/04/22 20:35:34 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012/04/22 20:01:57 | 002,072,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tasha Jacobs\Desktop\tdsskiller.exe [2012/04/22 17:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/04/22 16:51:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tasha Jacobs\Recent [2012/04/22 08:49:06 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Tasha Jacobs\Desktop\unhide.exe [2012/04/22 07:32:35 | 010,062,736 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tasha Jacobs\Desktop\mbam-consumer.exe [2012/04/20 17:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tasha Jacobs\Application Data\StreamTorrent [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [42 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/23 08:01:58 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tasha Jacobs\Desktop\OTL.exe [2012/04/23 07:25:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/04/23 07:10:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/04/22 21:06:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/04/22 20:53:00 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012/04/22 20:42:45 | 004,472,002 | R--- | M] (Swearware) -- C:\Documents and Settings\Tasha Jacobs\Desktop\ComboFix.exe [2012/04/22 20:37:18 | 000,340,296 | ---- | M] (AirInstaller Inc.) -- C:\Documents and Settings\Tasha Jacobs\Desktop\setup.exe [2012/04/22 20:35:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012/04/22 20:02:28 | 002,072,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tasha Jacobs\Desktop\tdsskiller.exe [2012/04/22 18:45:20 | 001,280,512 | ---- | M] () -- C:\Documents and Settings\Tasha Jacobs\Desktop\RogueKiller.exe [2012/04/22 18:29:08 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/04/22 18:26:16 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2012/04/22 18:03:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/22 16:52:55 | 000,002,427 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini [2012/04/22 16:50:12 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/04/22 16:30:59 | 000,032,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\48230029.sys [2012/04/22 12:44:59 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\mbam.context.scan [2012/04/22 11:38:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012/04/22 08:30:50 | 000,032,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2012/04/22 08:02:32 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Tasha Jacobs\Desktop\unhide.exe [2012/04/22 07:32:49 | 010,062,736 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tasha Jacobs\Desktop\mbam-consumer.exe [2012/04/21 17:50:23 | 000,436,276 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/04/21 17:50:23 | 000,069,006 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/04/16 14:48:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/04/12 17:04:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/04/05 14:01:37 | 000,001,560 | ---- | M] () -- C:\Documents and Settings\Tasha Jacobs\Desktop\vGrabber.lnk [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [42 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/22 21:01:58 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk [2012/04/22 20:53:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012/04/22 20:52:56 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/04/22 20:43:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/04/22 20:43:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/04/22 20:43:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/04/22 20:43:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/04/22 20:43:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/04/22 18:45:22 | 001,280,512 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Desktop\RogueKiller.exe [2012/04/22 18:26:16 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2012/04/22 18:26:16 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2012/04/22 18:03:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/22 16:30:59 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\48230029.sys [2012/04/22 12:44:59 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\mbam.context.scan [2012/04/22 08:30:50 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2012/04/22 08:28:51 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012/04/22 08:28:51 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/04/22 08:28:51 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2012/04/22 08:28:51 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk [2012/04/22 08:28:51 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/04/22 08:28:51 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk [2012/04/22 08:28:51 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2012/04/22 08:28:50 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [2012/04/22 08:28:50 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk [2012/04/22 08:28:47 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk [2012/04/22 08:28:47 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk [2012/04/05 14:01:36 | 000,001,560 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Desktop\vGrabber.lnk [2012/02/16 14:00:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/06/08 23:55:30 | 000,002,427 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini [2010/12/23 13:34:32 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Tasha Jacobs\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/17 12:12:24 | 000,067,328 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/10/03 15:36:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat ========== LOP Check ========== [2012/04/23 07:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games [2009/03/24 13:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure [2011/06/23 10:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO [2009/01/12 01:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo [2012/04/23 07:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX [2010/03/19 07:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2011/08/07 19:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo [2009/02/17 20:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2009/09/19 21:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA [2010/03/25 06:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir [2010/10/28 14:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/09/26 19:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/01/11 21:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo [2009/04/08 22:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\DMCache [2009/02/23 13:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\DriverCure [2010/04/18 13:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\Facebook [2009/04/17 20:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\GetRightToGo [2012/04/22 21:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\go [2009/04/08 23:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\IDM [2009/01/11 21:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\iolo [2009/02/17 18:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\SecondLife [2009/09/25 20:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\Smith Micro [2012/04/20 17:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\StreamTorrent [2009/02/14 22:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\Template [2010/02/26 22:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\Uniblue [2009/04/08 23:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tasha Jacobs\Application Data\uTorrent ========== Purity Check ========== < End of report > Extras File... OTL Extras logfile created on: 4/23/2012 8:03:23 AM - Run 1 OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Tasha Jacobs\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1013.97 Mb Total Physical Memory | 106.23 Mb Available Physical Memory | 10.48% Memory free 2.38 Gb Paging File | 1.65 Gb Available in Paging File | 69.22% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71.48 Gb Total Space | 42.45 Gb Free Space | 59.39% Space Free | Partition Type: NTFS Computer Name: SCHOOL-929EE6B6 | User Name: Tasha Jacobs | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1060284298-796845957-725345543-1004\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015 "1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016 "500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015 "1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016 "500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe" = C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent Media Player ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell "{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.18 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{901B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word 2003 "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003 "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig "{966A491F-8970-44E0-AC4E-9C845D9013EC}" = Microsoft DirectX 9.0 SDK Update (August 2005) "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5 "{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5 "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Aloha TriPeaks" = Aloha TriPeaks "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility "CutePDF Writer Installation" = CutePDF Writer 2.8 "Google Updater" = Google Updater "HDMI" = Intel® Graphics Media Accelerator Driver "ie8" = Windows Internet Explorer 8 "LimeWire" = LimeWire 5.2.13 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US) "MSNINST" = MSN "NVIDIA Drivers" = NVIDIA Drivers "ProInst" = Intel® PROSet/Wireless Software "vGrabber" = vGrabber "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "winusb0100" = Microsoft WinUsb 1.0 "Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1060284298-796845957-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In "Move Media Player" = Move Media Player ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >
  4. Ok, that worked. I didn't see any of the "bad" files go back on, just the Torrent program, which I uninstalled again. Speakers are working. You have been such a great help!!! Only other question is that I found two "shortcuts" to the program smart HDD. One was in the start menu, under programs. Deleted it. The other was a quick start icon on my tool bar, deleted it too. They did not return after I rebooted. Is there anything else I should do? Jeannine
  5. Ugh.... not sure if this is related, but now my speakers don't work. It says the driver is not installed and when I use the wizard to find one, it says error code 10.
  6. Why did they download? Don't know. I clicked on ComboFix, was redirected to the download page and after the wizard finished the download manager program opened. ??? I hit the back button on my browser to confirm that the download was for combofix and that is what the page said. I clicked a second time and then the correct program downloaded. I have uninstalled and deleted them. The stream torrent program was from my hubby, who streams hockey games. The luxor program is a game, not sure why it's on there, we don't use this computer for anything other than email, pandora and the occasional hockey game. Thank you again for all of your help!!!!! Jeannine
  7. Ok. I will paste the log below. Unfortunately, I accidentally downloaded something called "download manager" and "PC Speed Maximizer". Were they supposed to install with the combofix? Here is the log... ComboFix 12-04-22.02 - Tasha Jacobs 04/22/2012 20:55:07.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.131 [GMT -4:00] Running from: c:\documents and settings\Tasha Jacobs\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\program files\Internet Explorer\SETBB.tmp c:\program files\Internet Explorer\SETBC.tmp c:\program files\Internet Explorer\SETBE.tmp c:\program files\Luxor 2 c:\program files\Luxor 2\3rdparty.gvf c:\program files\Luxor 2\activation_info.xml c:\program files\Luxor 2\assets\splashscreen.jpg c:\program files\Luxor 2\bfgstate.xml c:\program files\Luxor 2\data.mjz c:\program files\Luxor 2\DSETUP.dll c:\program files\Luxor 2\engine.dll c:\program files\Luxor 2\file.dll c:\program files\Luxor 2\fmodex.dll c:\program files\Luxor 2\gfx.dll c:\program files\Luxor 2\gfx_dd7.dll c:\program files\Luxor 2\gfx_dx8.dll c:\program files\Luxor 2\img_jpg.dll c:\program files\Luxor 2\img_png.dll c:\program files\Luxor 2\img_tga.dll c:\program files\Luxor 2\LaunchGame.bfg c:\program files\Luxor 2\locale\english.mjz c:\program files\Luxor 2\logger.dll c:\program files\Luxor 2\Luxor 2.exe c:\program files\Luxor 2\pics\175x150.swf c:\program files\Luxor 2\pics\60x40.jpg c:\program files\Luxor 2\pics\80x80.jpg c:\program files\Luxor 2\pics\feature.jpg c:\program files\Luxor 2\platform.dll c:\program files\Luxor 2\Read_Me.html c:\program files\Luxor 2\snd3d.dll c:\program files\Luxor 2\snd3d_fmod.dll c:\program files\Luxor 2\thread.dll c:\program files\Luxor 2\Uninstall.exe c:\program files\Luxor 2\UnlockGame.bfg c:\program files\Luxor 2\wxrgvcj.exe C:\Setup.exe c:\windows\system32\drivers\1028_DELL_XPS_Vostro 1500 .MRK c:\windows\system32\drivers\DELL_XPS_Vostro 1500 .MRK c:\windows\system32\SETC8.tmp c:\windows\system32\SETC9.tmp c:\windows\system32\SETCB.tmp c:\windows\system32\SETCC.tmp c:\windows\system32\SETCD.tmp c:\windows\system32\SETCE.tmp c:\windows\system32\SETCF.tmp c:\windows\system32\SETD1.tmp c:\windows\system32\SETD3.tmp c:\windows\system32\SETD4.tmp c:\windows\system32\SETD5.tmp c:\windows\system32\SETD8.tmp c:\windows\system32\SETD9.tmp c:\windows\system32\SETDC.tmp c:\windows\system32\SETDD.tmp c:\windows\system32\SETDF.tmp c:\windows\system32\SETE2.tmp c:\windows\system32\SETE3.tmp c:\windows\system32\SETE4.tmp c:\windows\system32\SETE5.tmp c:\windows\system32\SETE6.tmp c:\windows\system32\SETE7.tmp c:\windows\system32\SETEB.tmp c:\windows\system32\SETEC.tmp c:\windows\system32\SETED.tmp c:\windows\system32\SETEE.tmp c:\windows\system32\SETEF.tmp c:\windows\system32\SETF0.tmp c:\windows\system32\SETF1.tmp c:\windows\system32\SETF2.tmp c:\windows\system32\SETF3.tmp c:\windows\system32\SETF4.tmp c:\windows\system32\SETF5.tmp c:\windows\system32\SETF7.tmp c:\windows\system32\SETF8.tmp c:\windows\system32\SETF9.tmp c:\windows\system32\SETFA.tmp . . ((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 ))))))))))))))))))))))))))))))) . . 2012-04-23 01:00 . 2012-04-23 01:00 -------- d-----w- c:\documents and settings\Tasha Jacobs\Application Data\PC Speed Maximizer 2012-04-23 00:40 . 2012-04-23 01:04 -------- d-----w- c:\documents and settings\Tasha Jacobs\Application Data\Free Download Manager 2012-04-23 00:40 . 2012-04-23 00:40 -------- d-----w- c:\program files\PC Speed Maximizer 2012-04-23 00:40 . 2012-04-23 00:40 -------- d-----w- c:\program files\Free Download Manager 2012-04-23 00:39 . 2012-04-23 00:39 -------- d-----w- c:\documents and settings\Tasha Jacobs\Local Settings\Application Data\I Want This 2012-04-23 00:39 . 2012-04-23 00:39 -------- d-----w- c:\program files\I Want This 2012-04-23 00:39 . 2012-04-23 00:39 -------- d-----w- c:\documents and settings\Tasha Jacobs\Local Settings\Application Data\antiphishing-vmninternethelper1_1dn 2012-04-23 00:39 . 2012-04-23 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor 2012-04-23 00:39 . 2012-04-23 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars 2012-04-23 00:39 . 2012-04-23 00:39 -------- d-----w- c:\documents and settings\Tasha Jacobs\Application Data\blekkotb_soc 2012-04-23 00:39 . 2012-04-23 00:39 -------- d-----w- c:\program files\blekkotb_soc 2012-04-23 00:35 . 2012-04-23 00:35 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-04-22 20:30 . 2012-04-22 20:30 32072 ----a-w- c:\windows\system32\drivers\48230029.sys 2012-04-22 12:30 . 2012-04-22 12:30 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-04-22 11:40 . 2012-04-22 11:41 -------- d-----w- c:\documents and settings\Administrator 2012-04-22 10:58 . 2012-04-22 12:46 515330 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2012-04-20 21:50 . 2012-04-20 21:50 -------- d-----w- c:\documents and settings\Tasha Jacobs\Application Data\StreamTorrent 2012-04-20 21:50 . 2012-04-20 21:50 -------- d-----w- c:\program files\StreamTorrent 1.0 2012-04-05 18:01 . 2012-04-05 18:01 -------- d-----w- c:\program files\v-Grabber . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-04 19:56 . 2011-07-22 11:34 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-01 11:01 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2004-08-04 10:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2004-08-04 10:00 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec 2012-02-03 09:22 . 2004-08-04 10:00 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-03-17 12:13 . 2011-10-15 11:45 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}] 2012-03-14 19:42 85288 ----a-w- c:\program files\blekkotb_soc\blekkotb_019X.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}"= "c:\program files\blekkotb_soc\blekkotb_019X.dll" [2012-03-14 85288] . [HKEY_CLASSES_ROOT\clsid\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-19 39408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-18 17360520] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-25 2220032] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-17 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-17 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-17 138008] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "BYR_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2012-03-15 392280] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] MBCameraMonitor.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2009-9-19 541976] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/22/2011 7:34 AM 654408] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/22/2011 7:34 AM 22344] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/22/2012 8:35 PM 40776] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/22/2012 8:30 AM 32072] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 48758298 *NewlyCreated* - 70615840 *NewlyCreated* - MBAMSWISSARMY *Deregistered* - 48758298 *Deregistered* - 70615840 *Deregistered* - TrueSight . Contents of the 'Scheduled Tasks' folder . 2012-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34] . 2012-04-22 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-19 16:19] . . ------- Supplementary Scan ------- . uStart Page = hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&toolbarid=blekkotb_soc&u=2012042352734C56A70B50A707AFC5BE&tbp=homepage uInternet Settings,ProxyServer = www.msn.com:80 uInternet Settings,ProxyOverride = <local>;*.local IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\documents and settings\Tasha Jacobs\Application Data\Mozilla\Firefox\Profiles\8rbfrwzu.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - prefs.js: browser.search.selectedEngine - My Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm186YYUS&ptb=ETkYX51EoIG1ZiqNmTecCg&ind=2011080615&ptnrS=RGxdm186YYUS&si=&n=77dea7a7&psa=&st=kwd&searchfor= FF - prefs.js: browser.search.selectedEngine - Blekko FF - prefs.js: network.proxy.type - 4 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-PC Speed Maximizer - c:\program files\PC Speed Maximizer\SPMStarter.exe HKCU-Run-SPMTray - c:\program files\PC Speed Maximizer\SPMTray.exe AddRemove-BFG-Luxor 2 - c:\program files\Luxor 2\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-22 21:06 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(680) c:\windows\System32\BCMLogon.dll . Completion time: 2012-04-22 21:10:36 ComboFix-quarantined-files.txt 2012-04-23 01:10 . Pre-Run: 44,077,273,088 bytes free Post-Run: 45,798,854,656 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 8C096B8ECFD99186F8948CFA0C2E179D
  8. Ok. Here is the report... 20:02:35.0343 3004 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47 20:02:36.0203 3004 ============================================================ 20:02:36.0203 3004 Current date / time: 2012/04/22 20:02:36.0203 20:02:36.0203 3004 SystemInfo: 20:02:36.0203 3004 20:02:36.0203 3004 OS Version: 5.1.2600 ServicePack: 3.0 20:02:36.0203 3004 Product type: Workstation 20:02:36.0203 3004 ComputerName: SCHOOL-929EE6B6 20:02:36.0203 3004 UserName: Tasha Jacobs 20:02:36.0203 3004 Windows directory: C:\WINDOWS 20:02:36.0203 3004 System windows directory: C:\WINDOWS 20:02:36.0203 3004 Processor architecture: Intel x86 20:02:36.0203 3004 Number of processors: 1 20:02:36.0203 3004 Page size: 0x1000 20:02:36.0203 3004 Boot type: Normal boot 20:02:36.0203 3004 ============================================================ 20:02:40.0125 3004 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 20:02:40.0125 3004 \Device\Harddisk0\DR0: 20:02:40.0125 3004 MBR partitions: 20:02:40.0125 3004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x8EF54B3 20:02:40.0250 3004 C: <-> \Device\Harddisk0\DR0\Partition0 20:02:40.0250 3004 Initialize success 20:02:40.0250 3004 ============================================================ 20:03:13.0281 2112 ============================================================ 20:03:13.0281 2112 Scan started 20:03:13.0281 2112 Mode: Manual; SigCheck; TDLFS; 20:03:13.0281 2112 ============================================================ 20:03:13.0546 2112 Abiosdsk - ok 20:03:13.0593 2112 abp480n5 - ok 20:03:13.0640 2112 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 20:03:15.0734 2112 ACPI - ok 20:03:15.0843 2112 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 20:03:16.0000 2112 ACPIEC - ok 20:03:16.0031 2112 adpu160m - ok 20:03:16.0078 2112 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 20:03:16.0218 2112 aec - ok 20:03:16.0281 2112 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys 20:03:16.0296 2112 AegisP ( UnsignedFile.Multi.Generic ) - warning 20:03:16.0296 2112 AegisP - detected UnsignedFile.Multi.Generic (1) 20:03:16.0359 2112 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 20:03:16.0453 2112 AFD - ok 20:03:16.0468 2112 Aha154x - ok 20:03:16.0468 2112 aic78u2 - ok 20:03:16.0500 2112 aic78xx - ok 20:03:16.0546 2112 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 20:03:16.0656 2112 Alerter - ok 20:03:16.0671 2112 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 20:03:16.0796 2112 ALG - ok 20:03:16.0796 2112 AliIde - ok 20:03:16.0812 2112 amsint - ok 20:03:16.0875 2112 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 20:03:16.0890 2112 APPDRV ( UnsignedFile.Multi.Generic ) - warning 20:03:16.0890 2112 APPDRV - detected UnsignedFile.Multi.Generic (1) 20:03:17.0031 2112 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:03:17.0046 2112 Apple Mobile Device - ok 20:03:17.0062 2112 AppMgmt - ok 20:03:17.0109 2112 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 20:03:17.0218 2112 Arp1394 - ok 20:03:17.0234 2112 asc - ok 20:03:17.0250 2112 asc3350p - ok 20:03:17.0250 2112 asc3550 - ok 20:03:17.0359 2112 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 20:03:17.0375 2112 aspnet_state - ok 20:03:17.0406 2112 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 20:03:17.0515 2112 AsyncMac - ok 20:03:17.0546 2112 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 20:03:17.0671 2112 atapi - ok 20:03:17.0671 2112 Atdisk - ok 20:03:17.0734 2112 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 20:03:17.0843 2112 Atmarpc - ok 20:03:17.0890 2112 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 20:03:18.0000 2112 AudioSrv - ok 20:03:18.0062 2112 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 20:03:18.0187 2112 audstub - ok 20:03:18.0296 2112 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 20:03:18.0500 2112 BCM43XX - ok 20:03:18.0578 2112 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 20:03:18.0718 2112 Beep - ok 20:03:18.0765 2112 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 20:03:18.0937 2112 BITS - ok 20:03:19.0078 2112 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe 20:03:19.0093 2112 Bonjour Service - ok 20:03:19.0171 2112 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 20:03:19.0296 2112 Browser - ok 20:03:19.0328 2112 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 20:03:19.0468 2112 cbidf2k - ok 20:03:19.0531 2112 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 20:03:19.0656 2112 CCDECODE - ok 20:03:19.0671 2112 cd20xrnt - ok 20:03:19.0734 2112 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 20:03:19.0875 2112 Cdaudio - ok 20:03:19.0921 2112 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 20:03:20.0046 2112 Cdfs - ok 20:03:20.0078 2112 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 20:03:20.0187 2112 Cdrom - ok 20:03:20.0250 2112 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys 20:03:20.0281 2112 cercsr6 ( UnsignedFile.Multi.Generic ) - warning 20:03:20.0281 2112 cercsr6 - detected UnsignedFile.Multi.Generic (1) 20:03:20.0296 2112 Changer - ok 20:03:20.0328 2112 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 20:03:20.0484 2112 CiSvc - ok 20:03:20.0515 2112 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 20:03:20.0609 2112 ClipSrv - ok 20:03:20.0734 2112 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:03:20.0750 2112 clr_optimization_v2.0.50727_32 - ok 20:03:20.0796 2112 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 20:03:20.0906 2112 CmBatt - ok 20:03:20.0921 2112 CmdIde - ok 20:03:20.0937 2112 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 20:03:21.0046 2112 Compbatt - ok 20:03:21.0062 2112 COMSysApp - ok 20:03:21.0093 2112 Cpqarray - ok 20:03:21.0140 2112 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 20:03:21.0250 2112 CryptSvc - ok 20:03:21.0265 2112 dac2w2k - ok 20:03:21.0281 2112 dac960nt - ok 20:03:21.0328 2112 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 20:03:21.0421 2112 DcomLaunch - ok 20:03:21.0484 2112 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 20:03:21.0609 2112 Dhcp - ok 20:03:21.0625 2112 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 20:03:21.0734 2112 Disk - ok 20:03:21.0750 2112 dmadmin - ok 20:03:21.0812 2112 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 20:03:21.0984 2112 dmboot - ok 20:03:22.0031 2112 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 20:03:22.0140 2112 dmio - ok 20:03:22.0187 2112 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 20:03:22.0328 2112 dmload - ok 20:03:22.0375 2112 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 20:03:22.0468 2112 dmserver - ok 20:03:22.0515 2112 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 20:03:22.0625 2112 DMusic - ok 20:03:22.0671 2112 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 20:03:22.0781 2112 Dnscache - ok 20:03:22.0843 2112 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 20:03:22.0968 2112 Dot3svc - ok 20:03:22.0984 2112 dpti2o - ok 20:03:23.0046 2112 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 20:03:23.0156 2112 drmkaud - ok 20:03:23.0203 2112 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 20:03:23.0312 2112 EapHost - ok 20:03:23.0375 2112 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 20:03:23.0484 2112 ERSvc - ok 20:03:23.0531 2112 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 20:03:23.0578 2112 Eventlog - ok 20:03:23.0625 2112 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 20:03:23.0656 2112 EventSystem - ok 20:03:23.0812 2112 EvtEng (4c6fa3fd55087b7c35707068723a1710) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 20:03:23.0843 2112 EvtEng ( UnsignedFile.Multi.Generic ) - warning 20:03:23.0843 2112 EvtEng - detected UnsignedFile.Multi.Generic (1) 20:03:23.0921 2112 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 20:03:24.0046 2112 Fastfat - ok 20:03:24.0078 2112 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 20:03:24.0156 2112 FastUserSwitchingCompatibility - ok 20:03:24.0203 2112 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 20:03:24.0312 2112 Fdc - ok 20:03:24.0343 2112 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 20:03:24.0468 2112 Fips - ok 20:03:24.0484 2112 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 20:03:24.0593 2112 Flpydisk - ok 20:03:24.0625 2112 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 20:03:24.0718 2112 FltMgr - ok 20:03:24.0843 2112 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 20:03:24.0859 2112 FontCache3.0.0.0 - ok 20:03:24.0890 2112 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:03:25.0031 2112 Fs_Rec - ok 20:03:25.0140 2112 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 20:03:25.0281 2112 Ftdisk - ok 20:03:25.0343 2112 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 20:03:25.0359 2112 GEARAspiWDM - ok 20:03:25.0406 2112 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 20:03:25.0515 2112 Gpc - ok 20:03:25.0625 2112 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 20:03:25.0640 2112 gusvc - ok 20:03:25.0687 2112 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 20:03:25.0796 2112 HDAudBus - ok 20:03:25.0859 2112 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 20:03:25.0968 2112 helpsvc - ok 20:03:25.0984 2112 HidServ - ok 20:03:26.0015 2112 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 20:03:26.0125 2112 HidUsb - ok 20:03:26.0187 2112 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 20:03:26.0281 2112 hkmsvc - ok 20:03:26.0296 2112 hpn - ok 20:03:26.0375 2112 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 20:03:26.0421 2112 HTTP - ok 20:03:26.0468 2112 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 20:03:26.0578 2112 HTTPFilter - ok 20:03:26.0593 2112 i2omgmt - ok 20:03:26.0609 2112 i2omp - ok 20:03:26.0640 2112 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 20:03:26.0734 2112 i8042prt - ok 20:03:27.0015 2112 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 20:03:27.0468 2112 ialm - ok 20:03:27.0625 2112 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 20:03:27.0640 2112 IDriverT ( UnsignedFile.Multi.Generic ) - warning 20:03:27.0640 2112 IDriverT - detected UnsignedFile.Multi.Generic (1) 20:03:27.0750 2112 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:03:27.0843 2112 idsvc - ok 20:03:27.0906 2112 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 20:03:28.0015 2112 Imapi - ok 20:03:28.0062 2112 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 20:03:28.0171 2112 ImapiService - ok 20:03:28.0187 2112 ini910u - ok 20:03:28.0203 2112 IntelIde - ok 20:03:28.0234 2112 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 20:03:28.0328 2112 intelppm - ok 20:03:28.0390 2112 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 20:03:28.0515 2112 Ip6Fw - ok 20:03:28.0578 2112 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:03:28.0703 2112 IpFilterDriver - ok 20:03:28.0765 2112 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 20:03:28.0890 2112 IpInIp - ok 20:03:28.0921 2112 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 20:03:29.0031 2112 IpNat - ok 20:03:29.0156 2112 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe 20:03:29.0234 2112 iPod Service - ok 20:03:29.0281 2112 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 20:03:29.0390 2112 IPSec - ok 20:03:29.0437 2112 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 20:03:29.0562 2112 IRENUM - ok 20:03:29.0609 2112 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 20:03:29.0718 2112 isapnp - ok 20:03:29.0734 2112 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 20:03:29.0843 2112 Kbdclass - ok 20:03:29.0890 2112 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 20:03:30.0000 2112 kmixer - ok 20:03:30.0031 2112 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 20:03:30.0125 2112 KSecDD - ok 20:03:30.0156 2112 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 20:03:30.0234 2112 lanmanserver - ok 20:03:30.0296 2112 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 20:03:30.0343 2112 lanmanworkstation - ok 20:03:30.0359 2112 lbrtfdc - ok 20:03:30.0421 2112 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 20:03:30.0531 2112 LmHosts - ok 20:03:30.0578 2112 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys 20:03:30.0875 2112 mbamchameleon - ok 20:03:30.0937 2112 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys 20:03:30.0953 2112 MBAMProtector - ok 20:03:31.0093 2112 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 20:03:31.0140 2112 MBAMService - ok 20:03:31.0218 2112 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe 20:03:31.0234 2112 McComponentHostService - ok 20:03:31.0296 2112 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 20:03:31.0312 2112 MDM - ok 20:03:31.0406 2112 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 20:03:31.0531 2112 Messenger - ok 20:03:31.0578 2112 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 20:03:31.0718 2112 mnmdd - ok 20:03:31.0750 2112 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 20:03:31.0843 2112 mnmsrvc - ok 20:03:31.0906 2112 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 20:03:32.0015 2112 Modem - ok 20:03:32.0062 2112 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 20:03:32.0171 2112 Mouclass - ok 20:03:32.0234 2112 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 20:03:32.0359 2112 mouhid - ok 20:03:32.0406 2112 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 20:03:32.0515 2112 MountMgr - ok 20:03:32.0531 2112 mraid35x - ok 20:03:32.0562 2112 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 20:03:32.0671 2112 MRxDAV - ok 20:03:32.0703 2112 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:03:32.0828 2112 MRxSmb - ok 20:03:32.0859 2112 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 20:03:32.0984 2112 MSDTC - ok 20:03:33.0015 2112 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 20:03:33.0125 2112 Msfs - ok 20:03:33.0140 2112 MSIServer - ok 20:03:33.0187 2112 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 20:03:33.0281 2112 MSKSSRV - ok 20:03:33.0328 2112 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 20:03:33.0453 2112 MSPCLOCK - ok 20:03:33.0500 2112 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 20:03:33.0609 2112 MSPQM - ok 20:03:33.0656 2112 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 20:03:33.0765 2112 mssmbios - ok 20:03:33.0812 2112 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 20:03:33.0937 2112 MSTEE - ok 20:03:33.0968 2112 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 20:03:34.0031 2112 Mup - ok 20:03:34.0078 2112 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 20:03:34.0203 2112 NABTSFEC - ok 20:03:34.0265 2112 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 20:03:34.0375 2112 napagent - ok 20:03:34.0406 2112 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 20:03:34.0515 2112 NDIS - ok 20:03:34.0562 2112 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys 20:03:34.0687 2112 ndiscm - ok 20:03:34.0750 2112 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 20:03:34.0859 2112 NdisIP - ok 20:03:34.0953 2112 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:03:35.0000 2112 NdisTapi - ok 20:03:35.0062 2112 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 20:03:35.0187 2112 Ndisuio - ok 20:03:35.0187 2112 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:03:35.0296 2112 NdisWan - ok 20:03:35.0359 2112 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 20:03:35.0437 2112 NDProxy - ok 20:03:35.0484 2112 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 20:03:35.0578 2112 NetBIOS - ok 20:03:35.0609 2112 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 20:03:35.0718 2112 NetBT - ok 20:03:35.0765 2112 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 20:03:35.0859 2112 NetDDE - ok 20:03:35.0875 2112 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 20:03:35.0968 2112 NetDDEdsdm - ok 20:03:36.0000 2112 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:03:36.0109 2112 Netlogon - ok 20:03:36.0156 2112 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 20:03:36.0265 2112 Netman - ok 20:03:37.0109 2112 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:03:37.0125 2112 NetTcpPortSharing - ok 20:03:37.0156 2112 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 20:03:37.0265 2112 NIC1394 - ok 20:03:37.0328 2112 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 20:03:37.0375 2112 Nla - ok 20:03:37.0421 2112 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 20:03:37.0531 2112 Npfs - ok 20:03:37.0578 2112 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 20:03:37.0750 2112 Ntfs - ok 20:03:37.0796 2112 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:03:37.0890 2112 NtLmSsp - ok 20:03:37.0968 2112 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 20:03:38.0093 2112 NtmsSvc - ok 20:03:38.0140 2112 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 20:03:38.0250 2112 Null - ok 20:03:38.0312 2112 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 20:03:38.0437 2112 NwlnkFlt - ok 20:03:38.0468 2112 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 20:03:38.0593 2112 NwlnkFwd - ok 20:03:38.0625 2112 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 20:03:38.0734 2112 NwlnkIpx - ok 20:03:38.0750 2112 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 20:03:38.0859 2112 NwlnkNb - ok 20:03:38.0890 2112 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 20:03:39.0000 2112 NwlnkSpx - ok 20:03:39.0062 2112 NwSapAgent (4b83fcbbe72af5f99d109798653e8b78) C:\WINDOWS\System32\ipxsap.dll 20:03:39.0187 2112 NwSapAgent - ok 20:03:39.0234 2112 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 20:03:39.0343 2112 ohci1394 - ok 20:03:39.0453 2112 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:03:39.0453 2112 ose - ok 20:03:39.0484 2112 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 20:03:39.0593 2112 Parport - ok 20:03:39.0609 2112 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 20:03:39.0718 2112 PartMgr - ok 20:03:39.0781 2112 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 20:03:39.0875 2112 ParVdm - ok 20:03:39.0937 2112 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 20:03:40.0031 2112 PCI - ok 20:03:40.0046 2112 PCIDump - ok 20:03:40.0078 2112 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 20:03:40.0218 2112 PCIIde - ok 20:03:40.0250 2112 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 20:03:40.0359 2112 Pcmcia - ok 20:03:40.0359 2112 PDCOMP - ok 20:03:40.0375 2112 PDFRAME - ok 20:03:40.0390 2112 PDRELI - ok 20:03:40.0406 2112 PDRFRAME - ok 20:03:40.0421 2112 perc2 - ok 20:03:40.0437 2112 perc2hib - ok 20:03:40.0515 2112 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 20:03:40.0562 2112 PlugPlay - ok 20:03:40.0578 2112 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:03:40.0687 2112 PolicyAgent - ok 20:03:40.0718 2112 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 20:03:40.0828 2112 PptpMiniport - ok 20:03:40.0843 2112 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:03:40.0937 2112 ProtectedStorage - ok 20:03:40.0953 2112 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 20:03:41.0093 2112 PSched - ok 20:03:41.0140 2112 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 20:03:41.0265 2112 Ptilink - ok 20:03:41.0265 2112 ql1080 - ok 20:03:41.0281 2112 Ql10wnt - ok 20:03:41.0296 2112 ql12160 - ok 20:03:41.0312 2112 ql1240 - ok 20:03:41.0328 2112 ql1280 - ok 20:03:41.0359 2112 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:03:41.0468 2112 RasAcd - ok 20:03:41.0515 2112 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 20:03:41.0609 2112 RasAuto - ok 20:03:41.0640 2112 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 20:03:41.0734 2112 Rasl2tp - ok 20:03:41.0781 2112 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 20:03:41.0890 2112 RasMan - ok 20:03:41.0906 2112 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:03:42.0031 2112 RasPppoe - ok 20:03:42.0046 2112 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 20:03:42.0171 2112 Raspti - ok 20:03:42.0203 2112 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:03:42.0296 2112 Rdbss - ok 20:03:42.0312 2112 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 20:03:42.0421 2112 RDPCDD - ok 20:03:42.0500 2112 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 20:03:42.0546 2112 RDPWD - ok 20:03:42.0593 2112 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 20:03:42.0703 2112 RDSessMgr - ok 20:03:42.0734 2112 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 20:03:42.0828 2112 redbook - ok 20:03:42.0968 2112 RegSrvc (8ac155995f5d10fc0d3ad949a1a68075) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 20:03:43.0000 2112 RegSrvc ( UnsignedFile.Multi.Generic ) - warning 20:03:43.0000 2112 RegSrvc - detected UnsignedFile.Multi.Generic (1) 20:03:43.0046 2112 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 20:03:43.0171 2112 RemoteAccess - ok 20:03:43.0234 2112 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 20:03:43.0296 2112 rimmptsk - ok 20:03:43.0312 2112 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 20:03:43.0375 2112 rimsptsk - ok 20:03:43.0406 2112 RimUsb - ok 20:03:43.0468 2112 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys 20:03:43.0562 2112 RimVSerPort - ok 20:03:43.0593 2112 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 20:03:43.0609 2112 rismxdp - ok 20:03:43.0656 2112 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 20:03:43.0781 2112 ROOTMODEM - ok 20:03:43.0828 2112 RoxLiveShare9 - ok 20:03:43.0875 2112 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 20:03:44.0000 2112 RpcLocator - ok 20:03:44.0062 2112 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 20:03:44.0125 2112 RpcSs - ok 20:03:44.0203 2112 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 20:03:44.0312 2112 RSVP - ok 20:03:44.0421 2112 S24EventMonitor (131d50f081d2e29ebd1365b21f6b9736) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 20:03:44.0515 2112 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning 20:03:44.0515 2112 S24EventMonitor - detected UnsignedFile.Multi.Generic (1) 20:03:44.0546 2112 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys 20:03:44.0546 2112 s24trans ( UnsignedFile.Multi.Generic ) - warning 20:03:44.0546 2112 s24trans - detected UnsignedFile.Multi.Generic (1) 20:03:44.0593 2112 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 20:03:44.0687 2112 SamSs - ok 20:03:44.0734 2112 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 20:03:44.0859 2112 SCardSvr - ok 20:03:44.0921 2112 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 20:03:45.0031 2112 Schedule - ok 20:03:45.0062 2112 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 20:03:45.0156 2112 sdbus - ok 20:03:45.0203 2112 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 20:03:45.0328 2112 Secdrv - ok 20:03:45.0359 2112 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 20:03:45.0468 2112 seclogon - ok 20:03:45.0500 2112 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 20:03:45.0593 2112 SENS - ok 20:03:45.0625 2112 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 20:03:45.0734 2112 Serial - ok 20:03:45.0781 2112 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 20:03:45.0890 2112 Sfloppy - ok 20:03:45.0953 2112 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 20:03:46.0062 2112 SharedAccess - ok 20:03:46.0109 2112 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 20:03:46.0109 2112 ShellHWDetection - ok 20:03:46.0125 2112 Simbad - ok 20:03:46.0171 2112 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 20:03:46.0296 2112 SLIP - ok 20:03:46.0359 2112 SMNDIS5 - ok 20:03:46.0375 2112 Sparrow - ok 20:03:46.0390 2112 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 20:03:46.0500 2112 splitter - ok 20:03:46.0546 2112 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 20:03:46.0625 2112 Spooler - ok 20:03:46.0656 2112 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 20:03:46.0765 2112 sr - ok 20:03:46.0812 2112 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 20:03:46.0906 2112 srservice - ok 20:03:46.0968 2112 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 20:03:47.0046 2112 Srv - ok 20:03:47.0093 2112 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 20:03:47.0203 2112 SSDPSRV - ok 20:03:47.0296 2112 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys 20:03:47.0437 2112 STHDA - ok 20:03:47.0484 2112 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 20:03:47.0609 2112 stisvc - ok 20:03:47.0671 2112 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 20:03:47.0765 2112 streamip - ok 20:03:47.0796 2112 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 20:03:47.0906 2112 swenum - ok 20:03:47.0953 2112 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 20:03:48.0062 2112 swmidi - ok 20:03:48.0078 2112 SwPrv - ok 20:03:48.0093 2112 symc810 - ok 20:03:48.0109 2112 symc8xx - ok 20:03:48.0125 2112 sym_hi - ok 20:03:48.0140 2112 sym_u3 - ok 20:03:48.0187 2112 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 20:03:48.0296 2112 sysaudio - ok 20:03:48.0390 2112 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 20:03:48.0500 2112 SysmonLog - ok 20:03:48.0546 2112 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 20:03:48.0656 2112 TapiSrv - ok 20:03:48.0703 2112 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 20:03:48.0750 2112 Tcpip - ok 20:03:48.0843 2112 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 20:03:48.0953 2112 TDPIPE - ok 20:03:48.0984 2112 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 20:03:49.0093 2112 TDTCP - ok 20:03:49.0140 2112 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 20:03:49.0234 2112 TermDD - ok 20:03:49.0281 2112 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 20:03:49.0375 2112 TermService - ok 20:03:49.0437 2112 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 20:03:49.0453 2112 Themes - ok 20:03:49.0453 2112 TosIde - ok 20:03:49.0484 2112 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 20:03:49.0593 2112 TrkWks - ok 20:03:49.0625 2112 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 20:03:49.0734 2112 Udfs - ok 20:03:49.0750 2112 ultra - ok 20:03:49.0781 2112 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe 20:03:49.0828 2112 UMWdf - ok 20:03:49.0906 2112 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 20:03:50.0031 2112 Update - ok 20:03:50.0078 2112 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 20:03:50.0187 2112 upnphost - ok 20:03:50.0218 2112 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 20:03:50.0312 2112 UPS - ok 20:03:50.0390 2112 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 20:03:50.0406 2112 USBAAPL - ok 20:03:50.0453 2112 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 20:03:50.0578 2112 usbaudio - ok 20:03:50.0625 2112 usbbus (af9388e736af0c325067f05edc350010) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys 20:03:50.0734 2112 usbbus - ok 20:03:50.0765 2112 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 20:03:50.0875 2112 usbccgp - ok 20:03:50.0906 2112 UsbDiag (ae30ea96e60e823c7b525da356283ae8) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys 20:03:50.0937 2112 UsbDiag - ok 20:03:50.0984 2112 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 20:03:51.0109 2112 usbehci - ok 20:03:51.0156 2112 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 20:03:51.0265 2112 usbhub - ok 20:03:51.0296 2112 USBModem (46ac66df3d6efe81f69bea823a53aab5) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys 20:03:51.0296 2112 USBModem - ok 20:03:51.0343 2112 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 20:03:51.0468 2112 usbprint - ok 20:03:51.0484 2112 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 20:03:51.0593 2112 usbscan - ok 20:03:51.0656 2112 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:03:51.0765 2112 USBSTOR - ok 20:03:51.0796 2112 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20:03:51.0890 2112 usbuhci - ok 20:03:51.0953 2112 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 20:03:52.0062 2112 usbvideo - ok 20:03:52.0093 2112 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 20:03:52.0203 2112 VgaSave - ok 20:03:52.0218 2112 ViaIde - ok 20:03:52.0265 2112 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 20:03:52.0359 2112 VolSnap - ok 20:03:52.0421 2112 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 20:03:52.0546 2112 VSS - ok 20:03:52.0578 2112 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 20:03:52.0703 2112 W32Time - ok 20:03:52.0734 2112 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:03:52.0828 2112 Wanarp - ok 20:03:52.0843 2112 WDICA - ok 20:03:52.0890 2112 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 20:03:52.0984 2112 wdmaud - ok 20:03:53.0031 2112 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 20:03:53.0156 2112 WebClient - ok 20:03:53.0265 2112 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 20:03:53.0375 2112 winmgmt - ok 20:03:53.0546 2112 WLANKEEPER (8880769b9f88918e27f8e7332aa1aa01) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe 20:03:53.0562 2112 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning 20:03:53.0562 2112 WLANKEEPER - detected UnsignedFile.Multi.Generic (1) 20:03:53.0578 2112 wltrysvc - ok 20:03:53.0640 2112 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll 20:03:53.0671 2112 WmdmPmSN - ok 20:03:53.0734 2112 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 20:03:53.0828 2112 WmiAcpi - ok 20:03:53.0906 2112 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 20:03:54.0015 2112 WmiApSrv - ok 20:03:54.0046 2112 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys 20:03:54.0078 2112 WpdUsb - ok 20:03:54.0140 2112 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 20:03:54.0265 2112 WS2IFSL - ok 20:03:54.0312 2112 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 20:03:54.0453 2112 wscsvc - ok 20:03:54.0515 2112 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 20:03:54.0593 2112 WSTCODEC - ok 20:03:54.0656 2112 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 20:03:54.0750 2112 wuauserv - ok 20:03:54.0812 2112 WudfPf (729f76cd53af1685ca4c4c058519c58c) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 20:03:54.0859 2112 WudfPf - ok 20:03:54.0921 2112 WudfRd (a2aafcc8a204736296d937c7c545b53f) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 20:03:54.0953 2112 WudfRd - ok 20:03:55.0000 2112 WudfSvc (db5bf5aab72b1b99b5331231d09ebb26) C:\WINDOWS\System32\WUDFSvc.dll 20:03:55.0031 2112 WudfSvc - ok 20:03:55.0093 2112 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 20:03:55.0218 2112 WZCSVC - ok 20:03:55.0375 2112 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 20:03:55.0500 2112 xmlprov - ok 20:03:55.0531 2112 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 20:03:55.0859 2112 \Device\Harddisk0\DR0 - ok 20:03:55.0875 2112 Boot (0x1200) (766637c154896451eaace5df5584fefe) \Device\Harddisk0\DR0\Partition0 20:03:55.0875 2112 \Device\Harddisk0\DR0\Partition0 - ok 20:03:55.0875 2112 ============================================================ 20:03:55.0875 2112 Scan finished 20:03:55.0875 2112 ============================================================ 20:03:55.0984 3988 Detected object count: 9 20:03:55.0984 3988 Actual detected object count: 9 20:06:37.0265 3988 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user 20:06:37.0265 3988 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:06:37.0265 3988 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user 20:06:37.0265 3988 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:06:37.0265 3988 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user 20:06:37.0265 3988 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:06:37.0265 3988 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user 20:06:37.0265 3988 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:06:37.0265 3988 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 20:06:37.0265 3988 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:06:37.0265 3988 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user 20:06:37.0265 3988 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:06:37.0281 3988 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user 20:06:37.0281 3988 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:06:37.0281 3988 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user 20:06:37.0281 3988 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:06:37.0281 3988 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user 20:06:37.0281 3988 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:08:28.0156 2148 Deinitialize success
  9. Yes, it worked! THANK YOU!!!!! Here is the report... Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.22.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Tasha Jacobs :: SCHOOL-929EE6B6 [administrator] Protection: Disabled 4/22/2012 7:46:35 PM mbam-log-2012-04-22 (19-46-35).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 208921 Time elapsed: 9 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  10. Progress! I managed to get things almost back to normal. I redid the rougekiller program and deleted the one file from the registry that you suggested. Here is the report. RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Tasha Jacobs [Admin rights] Mode: Scan -- Date: 04/22/2012 19:19:35 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 5 ¤¤¤ [sUSP PATH] HKLM\[...]\Run : BYR_AGENT (C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe) -> FOUND [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (www.msn.com:80) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD800BEVS-75RST0 +++++ --- User --- [MBR] dbd76fe17ce7d74b2edb945fb90cc3ff [bSP] 924c3ccc7cf16975da73c299d9d5d6d2 : Windows XP MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 73194 Mo 2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 149998905 | Size: 3074 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt
  11. I'm unable to open Malwarebytes anymore. I did it before, in a round about way, but I can't seem to do it again. I keep getting a "run time error 5". I did the rougekiller and here is the report... RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Tasha Jacobs [Admin rights] Mode: Scan -- Date: 04/22/2012 17:00:12 ¤¤¤ Bad processes: 3 ¤¤¤ [WINDOW : SMART HDD] d3cgLnuZ83xxGd.exe -- C:\Documents and Settings\All Users\Application Data\d3cgLnuZ83xxGd.exe -> KILLED [TermProc] [sUSP PATH] VZWNotiAgent.exe -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe -> KILLED [TermProc] [sUSP PATH] cdEaqoYrltbao.exe -- C:\Documents and Settings\All Users\Application Data\cdEaqoYrltbao.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 19 ¤¤¤ [sUSP PATH] HKLM\[...]\Run : BYR_AGENT (C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe) -> FOUND [sUSP PATH] HKLM\[...]\Run : cdEaqoYrltbao.exe (C:\Documents and Settings\All Users\Application Data\cdEaqoYrltbao.exe) -> FOUND [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (www.msn.com:80) -> FOUND [HJPOL] HKCU\[...]\Policies\Explorer\Explorer : NoDesktop (1) -> FOUND [WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : Rogue.FakeHDD ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD800BEVS-75RST0 +++++ --- User --- [MBR] dbd76fe17ce7d74b2edb945fb90cc3ff [bSP] 924c3ccc7cf16975da73c299d9d5d6d2 : Windows XP MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 73194 Mo 2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 149998905 | Size: 3074 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  12. I have read the other posts on this nasty virus and have not been able to remove the virus. I have Malwarebytes PRO installed and updated, it scans, detects 8 items, but the same virus keeps popping up after I reboot. What am I doing wrong? . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 1/7/2009 10:43:41 PM System Uptime: 4/22/2012 1:34:39 PM (0 hours ago) . Motherboard: Dell Inc. | | 0NX907 Processor: Intel Pentium II processor | Microprocessor | 1861/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 71 GiB total, 36.898 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Modem Device on High Definition Audio Bus Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F1000F&REV_1000\4&CE4CBCD&0&0102 Manufacturer: Name: Modem Device on High Definition Audio Bus PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F1000F&REV_1000\4&CE4CBCD&0&0102 Service: . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Ethernet Controller Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_02281028&REV_02\4&28D6DE3B&0&00F0 Manufacturer: Name: Ethernet Controller PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_02281028&REV_02\4&28D6DE3B&0&00F0 Service: . ==== System Restore Points =================== . RP836: 1/24/2012 10:43:21 AM - System Checkpoint RP837: 1/25/2012 10:56:51 AM - System Checkpoint RP838: 1/26/2012 11:44:25 AM - System Checkpoint RP839: 1/27/2012 12:43:21 PM - System Checkpoint RP840: 1/28/2012 1:43:20 PM - System Checkpoint RP841: 1/29/2012 2:46:20 PM - System Checkpoint RP842: 1/30/2012 3:43:16 PM - System Checkpoint RP843: 1/31/2012 4:57:18 PM - System Checkpoint RP844: 2/1/2012 5:38:16 PM - System Checkpoint RP845: 2/2/2012 5:50:29 PM - System Checkpoint RP846: 2/3/2012 6:44:24 PM - System Checkpoint RP847: 2/4/2012 7:43:19 PM - System Checkpoint RP848: 2/5/2012 8:43:19 PM - System Checkpoint RP849: 2/6/2012 9:43:24 PM - System Checkpoint RP850: 2/7/2012 5:00:27 PM - Software Distribution Service 3.0 RP851: 2/8/2012 5:06:41 PM - System Checkpoint RP852: 2/9/2012 5:43:24 PM - System Checkpoint RP853: 2/10/2012 6:19:10 PM - System Checkpoint RP854: 2/11/2012 7:19:11 PM - System Checkpoint RP855: 2/12/2012 8:19:12 PM - System Checkpoint RP856: 2/13/2012 9:19:11 PM - System Checkpoint RP857: 2/14/2012 10:19:10 PM - System Checkpoint RP858: 2/15/2012 11:19:12 PM - System Checkpoint RP859: 2/16/2012 5:00:31 PM - Software Distribution Service 3.0 RP860: 2/17/2012 5:33:07 PM - System Checkpoint RP861: 2/18/2012 6:01:36 PM - System Checkpoint RP862: 2/19/2012 7:02:41 PM - System Checkpoint RP863: 2/20/2012 8:01:35 PM - System Checkpoint RP864: 2/21/2012 8:04:57 PM - System Checkpoint RP865: 2/22/2012 9:05:02 PM - System Checkpoint RP866: 2/23/2012 10:04:57 PM - System Checkpoint RP867: 2/25/2012 8:06:04 AM - System Checkpoint RP868: 2/26/2012 9:04:58 AM - System Checkpoint RP869: 2/27/2012 10:04:58 AM - System Checkpoint RP870: 2/28/2012 10:06:04 AM - System Checkpoint RP871: 2/29/2012 11:06:02 AM - System Checkpoint RP872: 3/1/2012 12:04:58 PM - System Checkpoint RP873: 3/2/2012 12:06:03 PM - System Checkpoint RP874: 3/3/2012 12:26:53 PM - System Checkpoint RP875: 3/4/2012 3:37:01 PM - System Checkpoint RP876: 3/5/2012 3:39:42 PM - System Checkpoint RP877: 3/6/2012 4:39:41 PM - System Checkpoint RP878: 3/7/2012 4:40:48 PM - System Checkpoint RP879: 3/8/2012 8:02:45 PM - System Checkpoint RP880: 3/9/2012 9:55:13 PM - System Checkpoint RP881: 3/11/2012 10:08:46 AM - System Checkpoint RP882: 3/12/2012 7:06:27 PM - System Checkpoint RP883: 3/14/2012 2:46:33 AM - System Checkpoint RP884: 3/14/2012 5:00:26 PM - Software Distribution Service 3.0 RP885: 3/15/2012 8:11:54 PM - System Checkpoint RP886: 3/16/2012 8:13:25 PM - System Checkpoint RP887: 3/18/2012 7:34:58 AM - System Checkpoint RP888: 3/19/2012 8:25:16 AM - System Checkpoint RP889: 3/20/2012 8:41:58 AM - System Checkpoint RP890: 3/21/2012 9:00:56 AM - System Checkpoint RP891: 3/22/2012 9:13:17 AM - System Checkpoint RP892: 3/23/2012 9:59:50 AM - System Checkpoint RP893: 3/24/2012 10:59:51 AM - System Checkpoint RP894: 3/25/2012 11:59:49 AM - System Checkpoint RP895: 3/26/2012 2:22:09 PM - System Checkpoint RP896: 3/27/2012 2:29:01 PM - System Checkpoint RP897: 3/28/2012 2:30:04 PM - System Checkpoint RP898: 3/29/2012 3:28:58 PM - System Checkpoint RP899: 3/30/2012 4:04:16 PM - System Checkpoint RP900: 3/31/2012 5:22:52 PM - System Checkpoint RP901: 4/1/2012 5:54:54 PM - System Checkpoint RP902: 4/2/2012 6:05:12 PM - System Checkpoint RP903: 4/3/2012 6:54:55 PM - System Checkpoint RP904: 4/4/2012 7:54:49 PM - System Checkpoint RP905: 4/5/2012 8:18:36 PM - System Checkpoint RP906: 4/6/2012 8:38:02 PM - System Checkpoint RP907: 4/7/2012 9:38:00 PM - System Checkpoint RP908: 4/9/2012 10:34:14 AM - System Checkpoint RP909: 4/10/2012 10:38:01 AM - System Checkpoint RP910: 4/11/2012 11:38:01 AM - System Checkpoint RP911: 4/12/2012 1:35:19 PM - System Checkpoint RP912: 4/12/2012 5:00:32 PM - Software Distribution Service 3.0 RP913: 4/13/2012 5:33:49 PM - System Checkpoint RP914: 4/14/2012 6:23:53 PM - System Checkpoint RP915: 4/15/2012 6:34:52 PM - System Checkpoint RP916: 4/16/2012 10:26:38 PM - System Checkpoint RP917: 4/17/2012 10:33:47 PM - System Checkpoint RP918: 4/19/2012 12:17:05 AM - System Checkpoint RP919: 4/20/2012 12:40:08 AM - System Checkpoint RP920: 4/21/2012 1:33:50 AM - System Checkpoint RP921: 4/22/2012 10:03:12 AM - System Checkpoint . ==== Installed Programs ====================== . Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 7.0.5 Adobe Shockwave Player 11.5 Aloha TriPeaks Apple Application Support Apple Mobile Device Support Apple Software Update Big Fish Games: Game Manager BlackBerry App World Browser Plugin BlackBerry Desktop Software 4.5 Bonjour Click to Call with Skype Compatibility Pack for the 2007 Office system Coupon Printer for Windows CutePDF Writer 2.8 Dell Resource CD Dell Wireless WLAN Card Utility Digital Photo Navigator 1.5 EasyBits GO Everio MediaBrowser Facebook Plug-In Google Updater High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Intel® Graphics Media Accelerator Driver Intel® PROSet/Wireless Software iTunes KhalInstallWrapper LG United Mobile Drivers LimeWire 5.2.13 Luxor 2 Malwarebytes Anti-Malware version 1.60.1.1000 McAfee Security Scan Plus mCore mDriver mDrWiFi MediaDirect mHlpDell Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft DirectX 9.0 SDK Update (August 2005) Microsoft Office File Validation Add-In Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Small Business Edition 2003 Microsoft Office Word 2003 Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.5 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft WinUsb 1.0 Microsoft Works mIWA mLogView mMHouse MobileMe Control Panel Move Media Player Mozilla Firefox 11.0 (x86 en-US) MP3 Player Utilities 4.18 mPfMgr mPfWiz mProSafe mSCfg MSN mSSO MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) mWlsSafe mWMI mZConfig NVIDIA Drivers OutlookAddinSetup QuickSet QuickTime Roxio Media Manager Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974455) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) SigmaTel Audio Skype™ 5.5 StreamTorrent 1.0 TimeLeft Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) vGrabber WebFldrs XP Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) Windows Imaging Component Windows Internet Explorer 8 Windows Media Format Runtime Windows XP Service Pack 3 Yahoo! Messenger . ==== Event Viewer Messages From Past Week ======== . 4/22/2012 7:42:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm 4/22/2012 7:41:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/22/2012 7:17:25 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. 4/21/2012 7:08:43 PM, error: RemoteAccess [20106] - Unable to add the interface {E5B8C49F-9672-43D5-B364-64CB88009925} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function. 4/21/2012 7:08:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect. 4/21/2012 5:46:36 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) . ==== End Of File =========================== . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Tasha Jacobs at 13:48:15 on 2012-04-22 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.316 [GMT -4:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Documents and Settings\All Users\Application Data\cdEaqoYrltbao.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Documents and Settings\All Users\Application Data\d3cgLnuZ83xxGd.exe C:\WINDOWS\system32\attrib.exe C:\WINDOWS\system32\attrib.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=RGxdm186YYUS&ptb=ETkYX51EoIG1ZiqNmTecCg uInternet Settings,ProxyServer = www.msn.com:80 uInternet Settings,ProxyOverride = <local>;*.local BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe" mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sigmatelSysTrayApp] "c:\program files\sigmatel\c-major audio\wdm\stsystra.exe" mRun: [<NO NAME>] mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [bYR_AGENT] c:\documents and settings\all users\application data\lgmobileax\byr_client\VZWNotiAgent.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [cdEaqoYrltbao.exe] c:\documents and settings\all users\application data\cdEaqoYrltbao.exe dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\tashaj~1\startm~1\programs\startup\timeleft.lnk - c:\program files\timeleft3\TimeLeft.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mbcame~1.lnk - c:\program files\pixela\everio mediabrowser\MBCameraMonitor.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe uPolicies-explorer: NoDesktop = 1 (0x1) IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.18\amvconverter\grab.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {21196042-830F-419f-A594-F9D456A6C29A} - {21196042-830F-419f-A594-F9D456A6C29A} c:\program files\timeleft3\tlintergie.html - c:\program files\timeleft3\tlintergie.html\inprocserver32 does not exist! IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{BCA1C17E-D9C5-41BC-AA1A-26B4C59602F6} : DhcpNameServer = 24.89.0.22 24.89.0.21 TCP: Interfaces\{F5CA31D2-61BB-4F45-8967-BFF155A0C9FD} : DhcpNameServer = 192.168.2.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\tasha jacobs\application data\mozilla\firefox\profiles\8rbfrwzu.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - prefs.js: browser.search.selectedEngine - My Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm186YYUS&ptb=ETkYX51EoIG1ZiqNmTecCg&ind=2011080615&ptnrS=RGxdm186YYUS&si=&n=77dea7a7&psa=&st=kwd&searchfor= FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\tasha jacobs\application data\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\documents and settings\tasha jacobs\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\tasha jacobs\application data\move networks\plugins\npqmp071505000010.dll FF - plugin: c:\documents and settings\tasha jacobs\application data\mozilla\firefox\profiles\8rbfrwzu.default\extensions\gametapplayer@gametap.com\plugins\npGameTapWebPlayer.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll . ============= SERVICES / DRIVERS =============== . R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-22 22344] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-4-22 32072] . =============== Created Last 30 ================ . 2012-04-22 17:01:17 221184 ---ha-w- c:\documents and settings\all users\application data\d3cgLnuZ83xxGd.exe 2012-04-22 12:30:50 32072 ---ha-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-04-22 10:58:55 515330 ---ha-w- c:\windows\system32\PerfStringBackup.TMP 2012-04-21 21:09:08 300032 ---ha-w- c:\documents and settings\all users\application data\cdEaqoYrltbao.exe 2012-04-20 21:50:50 -------- d--h--w- c:\documents and settings\tasha jacobs\application data\StreamTorrent 2012-04-20 21:50:49 -------- d--h--w- c:\program files\StreamTorrent 1.0 2012-04-05 18:01:02 -------- d--h--w- c:\program files\v-Grabber . ==================== Find3M ==================== . 2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-01 11:01:32 916992 ---ha-w- c:\windows\system32\wininet.dll 2012-03-01 11:01:32 43520 ---ha-w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01:32 1469440 ---ha-w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10:16 177664 ---ha-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10:16 148480 ---ha-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17:40 385024 ---ha-w- c:\windows\system32\html.iec 2012-02-03 09:22:18 1860096 ---ha-w- c:\windows\system32\win32k.sys . ============= FINISH: 13:54:13.67 ===============