Jump to content

pedsdoc12

Honorary Members
  • Posts

    38
  • Joined

  • Last visited

Everything posted by pedsdoc12

  1. Thank you. In addition this came up from auto-protect symantec during the scan: 2 files A0049412.exe and A0049413.exe, bloodhound.MalPE in c:\system volume information\_restore{202... ESET ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6522 # api_version=3.0.2 # EOSSerial=70c50d7d485c0d4da807a8d3862b25e8 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-06-01 01:20:11 # local_time=2011-05-31 09:20:11 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 97519776 97519776 0 0 # compatibility_mode=8192 67108863 100 0 32720609 32720609 0 0 # scanned=138169 # found=2 # cleaned=2 # scan_time=8445 C:\Documents and Settings\Erik\Application Data\Sun\Java\Deployment\cache\6.0\27\77aee51b-536408ce a variant of Java/TrojanDownloader.OpenStream.NBV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Erik\Application Data\Sun\Java\Deployment\cache\6.0\27\77aee51b-6ddaa6a0 a variant of Java/TrojanDownloader.OpenStream.NBV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C And Security Check... Results of screen317's Security Check version 0.99.12 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Symantec AntiVirus ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 21 Out of date Java installed! Flash Player Out of Date! Adobe Flash Player 10.2.159.1 Adobe Reader X (10.0.1) Mozilla Firefox (3.6.4) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Symantec AntiVirus DefWatch.exe Symantec AntiVirus SavRoam.exe Symantec AntiVirus Rtvscan.exe ``````````End of Log````````````
  2. Appologies... here is the DDS . DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Run by Erik at 9:09:40 on 2011-05-29 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2323 [GMT -4:00] . AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\RTHDCPL.EXE C:\program files\real\realplayer\update\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Sandboxie\SbieCtrl.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\explorer.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Erik\Desktop\dds.scr C:\WINDOWS\system32\WSCRIPT.exe . ============== Pseudo HJT Report =============== . uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080417 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [sandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe" uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [ECenter] c:\dell\e-center\EULALauncher.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\docume~1\erik\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe StartupFolder: c:\docume~1\erik\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: intuit.com\ttlc DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://vpn.emory.edu/vdesk/terminal/urxvpn.cab#version=6030,2009,327,1607 DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://vpn.emory.edu/vdesk/terminal/f5tunsrv.cab#version=6030,2009,416,937 DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\docume~1\erik\locals~1\temp\ixp000.tmp\InstallerControl.cab DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/30.66/uploader2.cab DPF: {541AEDD4-20E8-4E6F-B12B-0FDD38BB712F} - hxxps://choapacs.choa.org/amI/install/amiviewer.cab DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxps://choapacs.choa.org/amI/install/msxml4.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {988E583E-D78B-4BC5-8011-7F6674484D9C} - hxxps://choapacs.choa.org/amI/install/amiviewer.cab DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} - hxxps://choapacs.choa.org/amI/install/amiviewer.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://vpn.emory.edu/vdesk/terminal/urxshost.cab#version=6030,2009,327,1553 DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://vpn.emory.edu/vdesk/terminal/urxhost.cab#version=6030,2009,327,1548 Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\erik\application data\mozilla\firefox\profiles\1b6peenr.default\ FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - Ext: Diccionario espa
  3. Combofix log ComboFix 11-05-27.02 - Erik 05/29/2011 8:41.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2270 [GMT -4:00] Running from: c:\documents and settings\Erik\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Erik\g2mdlhlpx.exe . . ((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-29 ))))))))))))))))))))))))))))))) . . 2011-05-20 22:37 . 2011-05-20 22:37 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr 2011-03-07 05:33 . 2004-08-10 17:02 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37 . 2004-08-10 16:51 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2004-08-10 16:51 1857920 ----a-w- c:\windows\system32\win32k.sys 2009-10-02 00:36 . 2009-10-02 00:35 7570944 ----a-w- c:\program files\ica32web.msi 2007-06-21 22:38 . 2007-06-21 22:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2007-06-21 22:38 . 2007-06-21 22:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2007-06-21 22:38 . 2007-06-21 22:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2007-06-21 22:38 . 2007-06-21 22:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2007-06-21 22:39 . 2007-06-21 22:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2007-06-21 22:39 . 2007-06-21 22:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2007-06-21 22:39 . 2007-06-21 22:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll 2007-06-21 22:39 . 2007-06-21 22:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2007-06-21 22:40 . 2007-06-21 22:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2010-07-30 00:27 . 2009-11-28 02:58 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-17 68856] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-12-01 389120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-30 30192] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 52840] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-12-20 125632] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-10 274608] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] . c:\documents and settings\L'Anita\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] Skyscape SmartUpdate.lnk - c:\program files\Common Files\Skyscape\SmartUpdate.exe [2009-1-26 12496896] . c:\documents and settings\Erik\Start Menu\Programs\Startup\ HotSync Manager.LNK - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"= "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\palmOne\\Hotsync.exe"= "c:\\Program Files\\Common Files\\Epocrates\\AutoUpdate\\Win32\\Win32_Exe\\AutoUpdate.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\SRWare Iron\\iron.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2967:UDP"= 2967:UDP:AAIT Symantec-UDP 2967 "2967:TCP"= 2967:TCP:AAIT Symantec-TCP 2967 "38293:UDP"= 38293:UDP:AAIT Symantec-UDP 38293 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [12/20/2006 2:29 PM 116928] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [12/17/2009 6:32 PM 497856] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/20/2011 1:07 PM 105592] R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [3/27/2009 12:08 PM 33920] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 9:20 PM 135664] S3 atidgllk;atidgllk;c:\dell\drivers\R169419\atidgllk.sys [5/12/2008 11:35 AM 12048] S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [5/5/2009 6:56 PM 10752] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/17/2008 10:14 AM 30192] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 9:20 PM 135664] . Contents of the 'Scheduled Tasks' folder . 2011-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 01:20] . 2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 01:20] . 2011-04-30 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13] . 2011-05-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1253600377-259343990-3635174423-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33] . 2011-05-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1253600377-259343990-3635174423-1007.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33] . 2011-05-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1253600377-259343990-3635174423-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33] . 2011-05-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1253600377-259343990-3635174423-1007.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33] . 2011-05-29 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13] . 2011-05-29 c:\windows\Tasks\User_Feed_Synchronization-{5F487C58-72F9-44BB-8D8E-13D338485A76}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31] . . ------- Supplementary Scan ------- . uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080417 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.0.1 DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab DPF: {541AEDD4-20E8-4E6F-B12B-0FDD38BB712F} - hxxps://choapacs.choa.org/amI/install/amiviewer.cab DPF: {988E583E-D78B-4BC5-8011-7F6674484D9C} - hxxps://choapacs.choa.org/amI/install/amiviewer.cab FF - ProfilePath - c:\documents and settings\Erik\Application Data\Mozilla\Firefox\Profiles\1b6peenr.default\ FF - Ext: Diccionario espa
  4. 2nd time is the charm... . DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Run by Erik at 8:56:04 on 2011-05-27 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2262 [GMT -4:00] . AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\RTHDCPL.EXE C:\program files\real\realplayer\update\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sandboxie\SbieCtrl.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\palmOne\Hotsync.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Documents and Settings\Erik\Desktop\dds.scr C:\WINDOWS\system32\WSCRIPT.exe . ============== Pseudo HJT Report =============== . uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080417 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [sandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe" uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [ECenter] c:\dell\e-center\EULALauncher.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\docume~1\erik\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe StartupFolder: c:\docume~1\erik\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe uPolicies-explorer: NoDesktop = IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: intuit.com\ttlc DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://vpn.emory.edu/vdesk/terminal/urxvpn.cab#version=6030,2009,327,1607 DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://vpn.emory.edu/vdesk/terminal/f5tunsrv.cab#version=6030,2009,416,937 DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\docume~1\erik\locals~1\temp\ixp000.tmp\InstallerControl.cab DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/30.66/uploader2.cab DPF: {541AEDD4-20E8-4E6F-B12B-0FDD38BB712F} - hxxps://choapacs.choa.org/amI/install/amiviewer.cab DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxps://choapacs.choa.org/amI/install/msxml4.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {988E583E-D78B-4BC5-8011-7F6674484D9C} - hxxps://choapacs.choa.org/amI/install/amiviewer.cab DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} - hxxps://choapacs.choa.org/amI/install/amiviewer.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://vpn.emory.edu/vdesk/terminal/urxshost.cab#version=6030,2009,327,1553 DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://vpn.emory.edu/vdesk/terminal/urxhost.cab#version=6030,2009,327,1548 Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\erik\application data\mozilla\firefox\profiles\1b6peenr.default\ FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\erik\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\erik\application data\move networks\plugins\npqmp071701000002.dll FF - plugin: c:\documents and settings\erik\application data\move networks\plugins\npqmp071705000014.dll FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\picasa2\npPicasa3.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - Ext: Diccionario espa
  5. Thank you Screen317, Here is the MBAM log, but the DDS froze and I had to restart the computer. I'll try again later. Of note the defogger had an error when I ran it, but said not to disable more than once so I did not repeat. Also should I be working in safe mode currently? Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6691 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/27/2011 8:04:03 AM mbam-log-2011-05-27 (08-04-03).txt Scan type: Quick scan Objects scanned: 181775 Time elapsed: 16 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VcuVoQGfeSxd (Rogue.Agent.SA) -> Value: VcuVoQGfeSxd -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  6. New MBAM log. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6658 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/24/2011 8:05:04 AM mbam-log-2011-05-24 (08-05-04).txt Scan type: Quick scan Objects scanned: 181578 Time elapsed: 4 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  7. Haven't heard back in a few days so just wanted to repost so I don't get burried and lost. I realized that my GMER was not in text so I'll attach that. I reran the symantec and found an additional trojan.gen.2. Guess I'll run MBAM again for good measure... Thanks for your help. -e ark1.txt
  8. I was cruising along when all my documents and pics etc disappeared. Anti-virus notified me of two trojans (trojan.pidief and backdoor.tidserv) so I ran MBAM and found a few more problems. I discovered that my pics and such were "hidden" rather than totally gone, but I want to make sure that the machine is clean. I am still missing my desktop icons and program bar shows empty. I ran defogger, but got an error and no log was produced... Ran DDS anyway and GMER. here is my MBAM: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6630 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/20/2011 9:19:10 PM mbam-log-2011-05-20 (21-19-10).txt Scan type: Full scan (C:\|) Objects scanned: 300817 Time elapsed: 1 hour(s), 9 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\all users\application data\vcuvoqgfesxd.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully. c:\documents and settings\Erik\application data\Sun\Java\deployment\cache\6.0\50\19c93af2-4aff3952 (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\17751844.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\18800420.exe (Trojan.Agent) -> Quarantined and deleted successfully. DDS: . DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Run by L'Anita at 21:48:24 on 2011-05-20 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2258 [GMT -4:00] . AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\L'Anita\Desktop\dds.pif C:\WINDOWS\system32\WSCRIPT.exe . ============== Pseudo HJT Report =============== . uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080417 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [ECenter] c:\dell\e-center\EULALauncher.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\docume~1\l'anita\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\l'anita\startm~1\programs\startup\skysca~1.lnk - c:\program files\common files\skyscape\SmartUpdate.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: intuit.com\ttlc DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://vpn.emory.edu/vdesk/terminal/urxvpn.cab#version=6030,2009,327,1607 DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://vpn.emory.edu/vdesk/terminal/f5tunsrv.cab#version=6030,2009,416,937 DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\docume~1\erik\locals~1\temp\ixp000.tmp\InstallerControl.cab DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/30.66/uploader2.cab DPF: {541AEDD4-20E8-4E6F-B12B-0FDD38BB712F} - hxxps://choapacs.choa.org/amI/install/amiviewer.cab DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxps://choapacs.choa.org/amI/install/msxml4.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {988E583E-D78B-4BC5-8011-7F6674484D9C} - hxxps://choapacs.choa.org/amI/install/amiviewer.cab DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} - hxxps://choapacs.choa.org/amI/install/amiviewer.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://vpn.emory.edu/vdesk/terminal/urxshost.cab#version=6030,2009,327,1553 DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://vpn.emory.edu/vdesk/terminal/urxhost.cab#version=6030,2009,327,1548 Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\l'anita\application data\mozilla\firefox\profiles\pzldqkzc.default\ FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\erik\application data\move networks\plugins\npqmp071701000002.dll FF - plugin: c:\documents and settings\erik\application data\move networks\plugins\npqmp071705000014.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\picasa2\npPicasa3.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592] R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576] R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-12-20 116928] R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-12-20 1814720] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-20 105592] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110520.002\naveng.sys [2011-5-20 86008] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110520.002\navex15.sys [2011-5-20 1542392] R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-12-1 119296] R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2009-3-27 33920] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-12 135664] S3 atidgllk;atidgllk;c:\dell\drivers\r169419\atidgllk.sys [2008-5-12 12048] S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2009-5-5 10752] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-17 30192] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-12 135664] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec 2009-10-02 00:36:10 7570944 ----a-w- c:\program files\ica32web.msi . ============= FINISH: 21:49:26.45 =============== Thanks for your help. attach.txt ark.log
  9. I ran the ESET scanner an no treats were detected. So how do I know if my backdoor has been exploited again? Any other scans to run? Thanks
  10. Great! Everything appears to be working fine now. So how do I know if I am all clean? Do I need to be on constant vigil? Run MBAM every couple days? Or should I back up the important files using flash disinfector and if anything comes back just wipe the whole computer? Thanks for your help. All processes killed ========== OTL ========== HKU\S-1-5-21-1253600377-259343990-3635174423-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-1253600377-259343990-3635174423-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKU\S-1-5-21-1253600377-259343990-3635174423-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 49152 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Erik ->Temp folder emptied: 726167 bytes ->Temporary Internet Files folder emptied: 13059763 bytes ->Java cache emptied: 10954956 bytes ->FireFox cache emptied: 24101297 bytes ->Flash cache emptied: 166573 bytes User: L'Anita ->Temp folder emptied: 829414 bytes ->Temporary Internet Files folder emptied: 4181266 bytes ->Java cache emptied: 9018709 bytes ->FireFox cache emptied: 36883766 bytes ->Flash cache emptied: 183775 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 1162769 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16384 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes RecycleBin emptied: 82622 bytes Total Files Cleaned = 97.00 mb OTL by OldTimer - Version 3.2.4.1 log created on 05062010_204720 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  11. OTL OTL logfile created on: 5/6/2010 7:33:42 AM - Run 2 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Erik\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 294.73 Gb Total Space | 243.81 Gb Free Space | 82.72% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HEISS Current User Name: Erik Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/05/06 07:32:39 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erik\Desktop\OTL.exe PRC - [2010/04/25 21:19:23 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/04/14 19:59:12 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2009/12/01 09:55:10 | 000,389,120 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieCtrl.exe PRC - [2009/12/01 09:55:10 | 000,066,560 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe PRC - [2009/11/27 22:57:21 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe PRC - [2009/05/21 12:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe PRC - [2008/04/17 10:13:59 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2006/12/20 14:29:40 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe PRC - [2006/12/20 14:29:34 | 000,116,928 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe PRC - [2006/12/20 14:29:30 | 001,814,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe PRC - [2006/12/20 14:29:20 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe PRC - [2006/11/21 21:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe PRC - [2006/11/21 21:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe PRC - [2006/11/21 21:38:28 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe PRC - [2006/09/25 09:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe PRC - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe PRC - [2004/06/09 14:16:08 | 000,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe ========== Modules (SafeList) ========== MOD - [2010/05/06 07:32:39 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erik\Desktop\OTL.exe MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2009/12/01 09:55:10 | 000,066,560 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2009/11/27 22:57:21 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829) SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) SRV - [2006/12/20 14:29:34 | 000,116,928 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam) SRV - [2006/12/20 14:29:30 | 001,814,720 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2006/12/20 14:29:20 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch) SRV - [2006/11/21 21:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr) SRV - [2006/11/21 21:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr) SRV - [2006/08/25 12:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate) SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc) SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc) ========== Driver Services (SafeList) ========== DRV - [2009/12/02 13:16:05 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100504.004\NAVEX15.SYS -- (NAVEX15) DRV - [2009/12/02 13:15:56 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100504.004\NAVENG.SYS -- (NAVENG) DRV - [2009/12/01 09:55:10 | 000,119,296 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2009/08/27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009/08/17 20:15:31 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009/03/27 12:09:03 | 000,033,920 | ---- | M] (F5 Networks, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\covpndrv.sys -- (urvpndrv) DRV - [2009/03/27 12:09:00 | 000,010,752 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw) DRV - [2008/08/19 21:33:37 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD) DRV - [2008/05/12 11:29:26 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008/01/15 20:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/11/02 01:52:06 | 002,644,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007/07/19 18:26:24 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor) DRV - [2007/04/13 21:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel® DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT) DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL) DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2006/07/19 12:04:18 | 000,012,048 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\dell\drivers\R169419\atidgllk.sys -- (atidgllk) DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080417 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080417 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080417 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080417 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1253600377-259343990-3635174423-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-1253600377-259343990-3635174423-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKU\S-1-5-21-1253600377-259343990-3635174423-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080417 IE - HKU\S-1-5-21-1253600377-259343990-3635174423-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-1253600377-259343990-3635174423-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-1253600377-259343990-3635174423-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.0 FF - prefs.js..extensions.enabledItems: es-AR@dictionaries.addons.mozilla.org:1.1.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/25 21:19:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/25 21:19:28 | 000,000,000 | ---D | M] [2008/09/15 22:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\Mozilla\Extensions [2010/04/15 12:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\1b6peenr.default\extensions [2010/01/02 10:48:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\1b6peenr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/01/29 22:41:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\1b6peenr.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} [2009/05/20 21:20:55 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\1b6peenr.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2009/07/30 20:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\1b6peenr.default\extensions\es-AR@dictionaries.addons.mozilla.org [2008/05/13 14:13:11 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\1b6peenr.default\searchplugins\wikipedia-eng.xml [2008/09/15 22:18:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2007/06/21 18:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll [2007/06/21 18:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll [2007/06/21 18:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll [2008/06/18 03:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll [2007/06/21 18:39:34 | 000,325,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll [2007/06/21 18:40:02 | 000,030,280 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll O1 HOSTS File: ([2010/01/02 11:22:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-1253600377-259343990-3635174423-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe () O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation) O4 - HKU\S-1-5-21-1253600377-259343990-3635174423-1006..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKU\S-1-5-21-1253600377-259343990-3635174423-1006..\Run: [sandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk) O4 - HKU\S-1-5-21-1253600377-259343990-3635174423-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc) O4 - Startup: C:\Documents and Settings\Erik\Start Menu\Programs\Startup\HotSync Manager.LNK = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc) O4 - Startup: C:\Documents and Settings\Erik\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\L'Anita\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1253600377-259343990-3635174423-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1253600377-259343990-3635174423-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1253600377-259343990-3635174423-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1253600377-259343990-3635174423-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-1253600377-259343990-3635174423-1006\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O15 - HKU\S-1-5-21-1253600377-259343990-3635174423-1006\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-1253600377-259343990-3635174423-1006\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} http://www.ritzpix.com/net/Uploader/LPUploader45.cab (Image Uploader Control) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://vpn.emory.edu/vdesk/terminal/urxvpn...0,2009,327,1607 (F5 Networks VPN Manager) O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://vpn.emory.edu/vdesk/terminal/f5tuns...30,2009,416,937 (F5 Networks Dynamic Application Tunnel Control) O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\DOCUME~1\Erik\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab (F5 Networks Auto Update) O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/30.66/uploader2.cab (UploadListView Class) O16 - DPF: {541AEDD4-20E8-4E6F-B12B-0FDD38BB712F} https://choapacs.choa.org/amI/install/amiviewer.cab (Centricity Web ViewApp Control 3.0 SPa02) O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} https://choapacs.choa.org/amI/install/msxml4.cab (XML DOM Document 4.0) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} https://choapacs.choa.org/amI/install/amiviewer.cab (AMI Pictorial Control CWeb 2.1 SPa06) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://vpn.emory.edu/vdesk/terminal/urxsho...0,2009,327,1553 (F5 Networks SuperHost Class) O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://vpn.emory.edu/vdesk/terminal/urxhos...0,2009,327,1548 (F5 Networks Host Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Erik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Erik\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/05/06 07:32:41 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Erik\Desktop\OTL.exe [2010/05/06 07:31:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/05/03 12:29:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010/05/03 12:17:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/05/03 12:17:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/05/03 12:17:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/05/03 12:16:40 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/04/30 21:02:52 | 000,000,000 | ---D | C] -- C:\HelpAsst_backup [2010/04/30 21:02:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe [2010/04/25 21:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\My Documents\malwarebytes [2010/04/24 22:35:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Local Settings\Application Data\serximlwg [2010/04/14 20:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Local Settings\Application Data\Real [2010/04/13 14:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\My Documents\TurboTax [2010/04/13 14:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage [2010/04/13 14:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Local Settings\Application Data\Intuit [2010/04/13 14:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Application Data\Intuit [2010/04/13 14:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0 [2010/04/13 14:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit [2010/04/13 14:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erik\Local Settings\Application Data\IsolatedStorage [2010/04/13 14:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit [2010/04/13 14:32:01 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\Erik\Desktop\*.tmp files -> C:\Documents and Settings\Erik\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/05/06 07:32:39 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erik\Desktop\OTL.exe [2010/05/06 07:29:48 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\Flash_Disinfector.exe [2010/05/06 07:09:04 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5F487C58-72F9-44BB-8D8E-13D338485A76}.job [2010/05/05 20:37:39 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/05/05 08:44:10 | 000,445,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/05/05 08:44:10 | 000,072,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/05/05 08:44:09 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/05/05 08:39:54 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1253600377-259343990-3635174423-1006.job [2010/05/05 08:39:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/05/05 08:39:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/05/05 08:39:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/05/05 08:39:22 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys [2010/05/04 18:41:39 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Erik\NTUSER.DAT [2010/05/04 18:41:39 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Erik\ntuser.ini [2010/05/04 11:01:58 | 004,311,808 | -H-- | M] () -- C:\Documents and Settings\Erik\Local Settings\Application Data\IconCache.db [2010/05/03 12:27:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/05/03 12:12:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/04/30 20:58:52 | 000,490,232 | ---- | M] () -- C:\Documents and Settings\Erik\My Documents\HelpAsst_mebroot_fix.exe [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe [2010/04/25 19:44:16 | 000,001,188 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini [2010/04/24 17:29:41 | 000,001,274 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr [2010/04/24 13:33:05 | 000,120,320 | ---- | M] () -- C:\Documents and Settings\Erik\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/21 20:00:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1253600377-259343990-3635174423-1006.job [2010/04/20 21:22:01 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\pulmonology sched.xls [2010/04/20 21:20:15 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\Coverage for Rotations 11-13[1].doc [2010/04/17 22:28:41 | 000,012,123 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\Cars.docx [2010/04/17 21:22:25 | 000,021,403 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\EQ 2010 Teaching Schedule.xlsx [2010/04/15 14:21:24 | 000,012,168 | ---- | M] () -- C:\Documents and Settings\Erik\My Documents\RS spotlight questionnaire.docx [2010/04/14 20:01:06 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk [2010/04/14 20:00:03 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2010/04/14 19:59:53 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2010/04/14 19:59:53 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2010/04/14 19:59:15 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll [2010/04/14 19:53:57 | 000,362,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/04/14 19:32:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/04/13 14:37:04 | 000,092,952 | ---- | M] () -- C:\Documents and Settings\Erik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/04/13 14:36:26 | 000,070,007 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\TaxReturn09.pdf [2010/04/10 21:15:43 | 000,025,966 | ---- | M] () -- C:\Documents and Settings\Erik\Desktop\Accord2004.png [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\Erik\Desktop\*.tmp files -> C:\Documents and Settings\Erik\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/05/06 07:29:53 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\Flash_Disinfector.exe [2010/05/03 12:17:25 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/05/03 12:17:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/05/03 12:17:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/05/01 19:02:29 | 000,000,327 | ---- | C] () -- C:\Documents and Settings\Erik\mbr.log [2010/04/30 21:02:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/04/30 21:02:50 | 000,077,312 | ---- | C] () -- C:\WINDOWS\mbr.exe [2010/04/30 20:58:57 | 000,490,232 | ---- | C] () -- C:\Documents and Settings\Erik\My Documents\HelpAsst_mebroot_fix.exe [2010/04/26 20:35:34 | 3219,308,544 | -HS- | C] () -- C:\hiberfil.sys [2010/04/20 21:21:58 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\pulmonology sched.xls [2010/04/20 21:20:15 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\Coverage for Rotations 11-13[1].doc [2010/04/17 22:00:43 | 000,012,123 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\Cars.docx [2010/04/17 21:22:23 | 000,021,403 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\EQ 2010 Teaching Schedule.xlsx [2010/04/15 13:41:50 | 000,012,168 | ---- | C] () -- C:\Documents and Settings\Erik\My Documents\RS spotlight questionnaire.docx [2010/04/14 20:00:12 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1253600377-259343990-3635174423-1006.job [2010/04/14 20:00:11 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1253600377-259343990-3635174423-1006.job [2010/04/14 19:51:28 | 000,789,880 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/04/13 14:36:26 | 000,070,007 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\TaxReturn09.pdf [2010/04/13 14:34:14 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk [2010/04/10 21:15:43 | 000,025,966 | ---- | C] () -- C:\Documents and Settings\Erik\Desktop\Accord2004.png [2010/01/07 15:01:12 | 000,001,188 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini [2009/12/27 21:36:35 | 000,001,027 | ---- | C] () -- C:\WINDOWS\ATICIM.INI [2008/09/20 16:44:14 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008/08/19 23:07:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI [2008/08/09 10:26:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI [2008/08/04 00:11:29 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini [2008/05/12 11:16:41 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2008/04/17 10:22:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/04/17 09:49:21 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll [2008/04/17 09:48:01 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini < End of report >
  12. I am using the windows XP firewall. Outside of the browser problem do you think that the computer is fit to use now? Is there any risk of downloading files from it and transfering to another computer?
  13. I did what you suggested. The two browsers still do not connect. This comes up on the IE. HTTP, HTTPS, FTP connectivity info HTTPS: Successfully connected to www.microsoft.com. warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established info FTP (Passive): Successfully connected to ftp.microsoft.com. warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established error Could not make an HTTP connection. info Redirecting user to support call info Redirecting user to support call The following proxy configuration is being used by IE: Automatically Detect Settings:Disabled Automatic Configuration Script: Proxy Server:http=127.0.0.1:5555 Proxy Bypass list:<local> **** Network Diagnostics for Windows XI) windows cannot connect to the Internet using HTTP. HTTPs. or FTP. This is probably caused by firewall settings on this computer. Check the firewall settings for the IHFfTP port (80). IHfITPS port (443) and FTP port(2l). You might need to contact your Internet service provider (IsP) or the manufacturer of your firewall software. **** This does not make sense to me that the firewall would be the problem if I can use the program logged in as another user. Curiously, I was able to log into gmail and read my mail, and open calender and documents, but any other bookmarked site or even typing in the web address yields the same error. Maybe I just need to re-install the program.
  14. apologies... Long night. I missed a step. Here goes again. Windows IP Configuration Host Name . . . . . . . . . . . . : Heiss Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection Physical Address. . . . . . . . . : 00-1D-09-91-0C-A3 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.1 Lease Obtained. . . . . . . . . . : Wednesday, May 05, 2010 8:40:57 AM Lease Expires . . . . . . . . . . : Thursday, May 06, 2010 8:40:57 AM Server: UnKnown Address: 192.168.0.1 Name: google.com Addresses: 74.125.157.106, 74.125.157.99, 74.125.157.105, 74.125.157.103 74.125.157.104, 74.125.157.147 Server: UnKnown Address: 192.168.0.1 Name: yahoo.com Addresses: 209.191.122.70, 67.195.160.76, 69.147.125.65, 72.30.2.43 98.137.149.56 Pinging google.com [74.125.67.106] with 32 bytes of data: Reply from 74.125.67.106: bytes=32 time=14ms TTL=48 Reply from 74.125.67.106: bytes=32 time=15ms TTL=48 Ping statistics for 74.125.67.106: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 14ms, Maximum = 15ms, Average = 14ms Pinging yahoo.com [69.147.125.65] with 32 bytes of data: Reply from 69.147.125.65: bytes=32 time=30ms TTL=46 Reply from 69.147.125.65: bytes=32 time=29ms TTL=46 Ping statistics for 69.147.125.65: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 29ms, Maximum = 30ms, Average = 29ms =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 1d 09 91 0c a3 ...... Intel® 82562V-2 10/100 Network Connection - Packet Scheduler Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 169.254.0.0 255.255.0.0 192.168.0.2 192.168.0.2 20 192.168.0.0 255.255.255.0 192.168.0.2 192.168.0.2 20 192.168.0.2 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.0.255 255.255.255.255 192.168.0.2 192.168.0.2 20 224.0.0.0 240.0.0.0 192.168.0.2 192.168.0.2 20 255.255.255.255 255.255.255.255 192.168.0.2 192.168.0.2 1 Default Gateway: 192.168.0.1 =========================================================================== Persistent Routes: None Windows IP Configuration Host Name . . . . . . . . . . . . : Heiss Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection Physical Address. . . . . . . . . : 00-1D-09-91-0C-A3 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.1 Lease Obtained. . . . . . . . . . : Wednesday, May 05, 2010 8:40:57 AM Lease Expires . . . . . . . . . . : Thursday, May 06, 2010 8:40:57 AM Server: UnKnown Address: 192.168.0.1 Name: google.com Addresses: 74.125.157.105, 74.125.157.147, 74.125.157.99, 74.125.157.103 74.125.157.106, 74.125.157.104 Server: UnKnown Address: 192.168.0.1 Name: yahoo.com Addresses: 98.137.149.56, 209.191.122.70, 67.195.160.76, 69.147.125.65 72.30.2.43 Pinging google.com [74.125.157.147] with 32 bytes of data: Reply from 74.125.157.147: bytes=32 time=15ms TTL=48 Reply from 74.125.157.147: bytes=32 time=15ms TTL=48 Ping statistics for 74.125.157.147: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 15ms, Maximum = 15ms, Average = 15ms Pinging yahoo.com [209.191.122.70] with 32 bytes of data: Reply from 209.191.122.70: bytes=32 time=41ms TTL=46 Reply from 209.191.122.70: bytes=32 time=41ms TTL=46 Ping statistics for 209.191.122.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 41ms, Maximum = 41ms, Average = 41ms =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 1d 09 91 0c a3 ...... Intel® 82562V-2 10/100 Network Connection - Packet Scheduler Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 169.254.0.0 255.255.0.0 192.168.0.2 192.168.0.2 20 192.168.0.0 255.255.255.0 192.168.0.2 192.168.0.2 20 192.168.0.2 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.0.255 255.255.255.255 192.168.0.2 192.168.0.2 20 224.0.0.0 240.0.0.0 192.168.0.2 192.168.0.2 20 255.255.255.255 255.255.255.255 192.168.0.2 192.168.0.2 1 Default Gateway: 192.168.0.1 =========================================================================== Persistent Routes: None
  15. The internet was already setup that way... here is the log. Windows IP Configuration Host Name . . . . . . . . . . . . : Heiss Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection Physical Address. . . . . . . . . : 00-1D-09-91-0C-A3 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.1 Lease Obtained. . . . . . . . . . : Wednesday, May 05, 2010 8:40:57 AM Lease Expires . . . . . . . . . . : Thursday, May 06, 2010 8:40:57 AM Server: UnKnown Address: 192.168.0.1 Name: google.com Addresses: 74.125.157.106, 74.125.157.99, 74.125.157.105, 74.125.157.103 74.125.157.104, 74.125.157.147 Server: UnKnown Address: 192.168.0.1 Name: yahoo.com Addresses: 209.191.122.70, 67.195.160.76, 69.147.125.65, 72.30.2.43 98.137.149.56 Pinging google.com [74.125.67.106] with 32 bytes of data: Reply from 74.125.67.106: bytes=32 time=14ms TTL=48 Reply from 74.125.67.106: bytes=32 time=15ms TTL=48 Ping statistics for 74.125.67.106: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 14ms, Maximum = 15ms, Average = 14ms Pinging yahoo.com [69.147.125.65] with 32 bytes of data: Reply from 69.147.125.65: bytes=32 time=30ms TTL=46 Reply from 69.147.125.65: bytes=32 time=29ms TTL=46 Ping statistics for 69.147.125.65: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 29ms, Maximum = 30ms, Average = 29ms =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 1d 09 91 0c a3 ...... Intel® 82562V-2 10/100 Network Connection - Packet Scheduler Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 169.254.0.0 255.255.0.0 192.168.0.2 192.168.0.2 20 192.168.0.0 255.255.255.0 192.168.0.2 192.168.0.2 20 192.168.0.2 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.0.255 255.255.255.255 192.168.0.2 192.168.0.2 20 224.0.0.0 240.0.0.0 192.168.0.2 192.168.0.2 20 255.255.255.255 255.255.255.255 192.168.0.2 192.168.0.2 1 Default Gateway: 192.168.0.1 =========================================================================== Persistent Routes: None
  16. No the browers did not - that was one of the initial problems that started with the pop ups and the other programs not opening. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/4/2010 11:00:34 AM mbam-log-2010-05-04 (11-00-34).txt Scan type: Full scan (C:\|) Objects scanned: 244911 Time elapsed: 1 hour(s), 4 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  17. MBAM is running, and I have only done very little with the computer since starting the cleaning. Two of the internet browsers do not connect. IE says certain ports won't allow it - something due to the firewall. SW iron is the other and it just says that it cannot connect.
  18. OK, combofix log ComboFix 10-05-02.03 - L'Anita 05/03/2010 12:20:01.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2384 [GMT -4:00] Running from: c:\documents and settings\L'Anita\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\WindowsUpdate . ((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 ))))))))))))))))))))))))))))))) . 2010-05-03 16:20 . 2009-12-02 17:16 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd313602.vdb\NAVEX15.SYS 2010-05-03 16:20 . 2009-11-10 21:48 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd313602.vdb\NAVEX32A.DLL 2010-05-03 16:20 . 2009-11-10 21:48 177520 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd313602.vdb\NAVENG32.DLL 2010-05-03 16:20 . 2010-04-27 08:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd313602.vdb\ECMSVR32.DLL 2010-05-03 16:20 . 2009-12-07 23:01 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd313602.vdb\CCERASER.DLL 2010-05-03 16:20 . 2009-12-02 17:15 84912 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd313602.vdb\NAVENG.SYS 2010-05-03 16:20 . 2009-08-17 23:15 102448 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd313602.vdb\ERASER.SYS 2010-05-03 16:20 . 2009-08-17 23:15 371248 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd313602.vdb\EECTRL.SYS 2010-05-03 16:16 . 2009-12-02 17:16 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd314405.vdb\NAVEX15.SYS 2010-05-03 16:16 . 2009-12-02 17:15 84912 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd314405.vdb\NAVENG.SYS 2010-05-03 16:16 . 2009-11-10 21:48 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd314405.vdb\NAVEX32A.DLL 2010-05-03 16:16 . 2009-11-10 21:48 177520 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd314405.vdb\NAVENG32.DLL 2010-05-03 16:16 . 2010-05-02 08:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd314405.vdb\ECMSVR32.DLL 2010-05-03 16:16 . 2009-12-07 23:01 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd314405.vdb\CCERASER.DLL 2010-05-03 16:16 . 2009-08-17 23:15 102448 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd314405.vdb\ERASER.SYS 2010-05-03 16:16 . 2009-08-17 23:15 371248 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd314405.vdb\EECTRL.SYS 2010-05-01 01:02 . 2010-05-01 01:02 -------- d-----w- C:\HelpAsst_backup 2010-05-01 00:45 . 2010-05-01 00:45 -------- d-sh--w- c:\documents and settings\L'Anita\IECompatCache 2010-04-25 02:35 . 2010-04-26 01:21 -------- d-----w- c:\documents and settings\Erik\Local Settings\Application Data\serximlwg 2010-04-15 00:00 . 2010-04-15 00:00 -------- d-----w- c:\documents and settings\Erik\Local Settings\Application Data\Real 2010-04-15 00:00 . 2010-04-15 00:00 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-04-15 00:00 . 2010-04-15 00:00 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-04-15 00:00 . 2010-04-15 00:00 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-04-15 00:00 . 2010-04-15 00:00 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-04-15 00:00 . 2010-04-15 00:00 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-04-15 00:00 . 2010-04-15 00:00 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-04-15 00:00 . 2010-04-15 00:00 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-04-15 00:00 . 2010-04-15 00:00 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-04-15 00:00 . 2010-04-15 00:00 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll 2010-04-14 23:51 . 2010-04-25 19:55 789880 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-04-13 18:37 . 2010-04-13 18:37 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\IsolatedStorage 2010-04-13 18:37 . 2010-04-13 18:37 -------- d-----w- c:\documents and settings\Erik\Local Settings\Application Data\Intuit 2010-04-13 18:35 . 2010-04-13 18:35 -------- d-----w- c:\documents and settings\Erik\Application Data\Intuit 2010-04-13 18:35 . 2010-04-13 18:35 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0 2010-04-13 18:33 . 2010-04-13 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit 2010-04-13 18:33 . 2010-04-13 18:33 -------- d-----w- c:\documents and settings\Erik\Local Settings\Application Data\IsolatedStorage 2010-04-13 18:33 . 2010-04-13 18:35 -------- d-----w- c:\program files\Common Files\Intuit 2010-04-13 18:32 . 2010-04-13 18:32 -------- d-----w- c:\program files\TurboTax 2010-04-04 14:36 . 2010-04-04 14:36 34062 ----a-w- c:\documents and settings\L'Anita\Application Data\Move Networks\ie_bin\Uninst.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-03 16:15 . 2008-05-12 15:29 -------- d-----w- c:\program files\Symantec AntiVirus 2010-04-26 00:01 . 2009-12-25 03:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-26 00:01 . 2010-01-05 05:34 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-04-25 23:59 . 2008-04-25 02:01 92952 ----a-w- c:\documents and settings\L'Anita\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-25 01:54 . 2008-05-19 17:17 -------- d-----w- c:\documents and settings\Erik\Application Data\EndNote 2010-04-15 00:00 . 2008-04-17 14:17 -------- d-----w- c:\program files\Common Files\Real 2010-04-14 23:59 . 2008-04-17 14:17 -------- d-----w- c:\program files\Real 2010-04-14 23:36 . 2008-05-14 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-13 18:37 . 2008-05-08 00:44 92952 ----a-w- c:\documents and settings\Erik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-06 21:00 . 2008-05-22 01:04 -------- d-----w- c:\program files\Picasa2 2010-04-04 15:42 . 2009-10-06 10:57 -------- d-----w- c:\documents and settings\L'Anita\Application Data\Move Networks 2010-03-30 04:46 . 2009-12-25 03:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-30 04:45 . 2009-12-25 03:47 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-30 01:01 . 2009-06-04 16:53 -------- d-----w- c:\documents and settings\L'Anita\Application Data\EndNote 2010-03-24 23:22 . 2010-03-24 23:22 -------- d-----w- c:\documents and settings\L'Anita\Application Data\Malwarebytes 2010-03-10 06:15 . 2004-08-10 16:51 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-05 01:38 . 2010-03-05 01:30 -------- d-----w- c:\documents and settings\L'Anita\Application Data\ICAClient 2010-02-25 06:24 . 2004-08-10 16:51 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-08-10 16:51 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr 2010-02-16 14:08 . 2004-08-10 16:51 2146304 ------w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-04 02:59 2024448 ------w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:33 . 2004-08-10 16:50 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-08-10 16:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2009-10-02 00:36 . 2009-10-02 00:35 7570944 ----a-w- c:\program files\ica32web.msi 2009-10-02 00:16 . 2009-10-02 00:16 1598 ----a-w- c:\program files\launch.ica 2009-11-28 02:57 . 2009-11-28 02:58 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2007-06-21 22:38 . 2007-06-21 22:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2007-06-21 22:38 . 2007-06-21 22:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2007-06-21 22:38 . 2007-06-21 22:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2007-06-21 22:38 . 2007-06-21 22:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2007-06-21 22:39 . 2007-06-21 22:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2007-06-21 22:39 . 2007-06-21 22:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2007-06-21 22:39 . 2007-06-21 22:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll 2007-06-21 22:39 . 2007-06-21 22:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2007-06-21 22:40 . 2007-06-21 22:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-17 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-28 30192] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 52840] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-12-20 125632] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-14 202256] c:\documents and settings\Erik\Start Menu\Programs\Startup\ HotSync Manager.LNK - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\L'Anita\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"= "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\palmOne\\Hotsync.exe"= "c:\\Program Files\\Common Files\\Epocrates\\AutoUpdate\\Win32\\Win32_Exe\\AutoUpdate.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2967:UDP"= 2967:UDP:AAIT Symantec-UDP 2967 "2967:TCP"= 2967:TCP:AAIT Symantec-TCP 2967 "38293:UDP"= 38293:UDP:AAIT Symantec-UDP 38293 R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [12/20/2006 2:29 PM 116928] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/1/2009 6:39 PM 102448] R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [3/27/2009 12:08 PM 33920] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 9:20 PM 135664] S3 atidgllk;atidgllk;c:\dell\drivers\R169419\atidgllk.sys [5/12/2008 11:35 AM 12048] S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [5/5/2009 6:56 PM 10752] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/17/2008 10:14 AM 30192] . Contents of the 'Scheduled Tasks' folder 2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 01:20] 2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 01:20] 2010-05-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1253600377-259343990-3635174423-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] 2010-04-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1253600377-259343990-3635174423-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] 2010-05-03 c:\windows\Tasks\User_Feed_Synchronization-{5F487C58-72F9-44BB-8D8E-13D338485A76}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31] . . ------- Supplementary Scan ------- . uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080417 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab DPF: {541AEDD4-20E8-4E6F-B12B-0FDD38BB712F} - hxxps://choapacs.choa.org/amI/install/amiviewer.cab FF - ProfilePath - c:\documents and settings\L'Anita\Application Data\Mozilla\Firefox\Profiles\pzldqkzc.default\ FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\Erik\Application Data\Move Networks\plugins\npqmp071701000002.dll FF - plugin: c:\documents and settings\Erik\Application Data\Move Networks\plugins\npqmp071705000014.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll FF - plugin: c:\program files\Picasa2\npPicasa3.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS REMOVED - - - - HKCU-Run-OE_OEM - c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe AddRemove-HijackThis - c:\documents and settings\Erik\Local Settings\Temporary Internet Files\Content.IE5\M660N8LL\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-03 12:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2652) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-05-03 12:29:12 ComboFix-quarantined-files.txt 2010-05-03 16:29 ComboFix2.txt 2010-01-02 15:27 Pre-Run: 261,635,145,728 bytes free Post-Run: 261,796,159,488 bytes free - - End Of File - - F06E8D801065505EE965C795BF6B882B
  19. C:\Documents and Settings\Erik\My Documents\HelpAsst_mebroot_fix.exe Fri 04/30/2010 at 21:17:14.62 HelpAssistant account Inactive ~~ Checking for termsrv32.dll ~~ termsrv32.dll not found ~~ Checking firewall ports ~~ HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list ~~ Checking profile list ~~ No HelpAssistant profile in registry ~~ Checking mbr ~~ user & kernel MBR OK ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Status check on Sat 05/01/2010 at 19:24:57.20 Account active No Local Group Memberships ~~ Checking mbr ~~ Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 0x02542D6C1 malicious code @ sector 0x02542D6C4 ! PE file found in sector at 0x02542D6DA ! ~~ Checking for termsrv32.dll ~~ termsrv32.dll not found HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll ~~ Checking profile list ~~ No HelpAssistant profile in registry ~~ Checking for HelpAssistant directories ~~ none found ~~ Checking firewall ports ~~ [HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] ~~ EOF ~~
  20. I am wondering how long the backdoor infection has been there. I tried to remove a rootkit back in January and thought that I had been successful. What tells you that I have a very bad malware? Is it the name or what it has been doing to my system. Is the Trojan.FakeAV!gen28 a bad one or did it just jump in through an already open back door? Things just seemed to go haywire all at once with the pop up scan for some virus scanning program which I recognize as maleware. Not sure how I got infected either. We have a netgear router with built in firewall and symantec anti virus with autodetect and windows firewall. Supposing that I am unable to completely clear the trojan, what can I do to with my files on the computer? Can I back up pictures, docs and music as long as they are not executable files? Or is everything considered infected?
  21. It has been busy at work... I will go ahead with the cleaning/disinfecting. I ran the help assist and it said "no helpassist profile found" press any key and then "user profile and kernel OK no mbr" did not shutdown. Do I still need to follow the remaining steps??? Any other scan? Much appreciated
  22. Sorry, The GMER crashed several times - the blue screen - IE says it was a driver that needs to be updated. Curious thing is that logging on my profile I cannot access the internet because I get an error about the Http, Https and FTP being blocked or not allowed - may be the firewall and I need to check firewall settings for http port (80), https port 443, ftp 21... I can use the internet fine logging on my wife's profile! here is the dds it you'd like... DDS (Ver_10-03-17.01) - NTFSx86 Run by L'Anita at 20:48:26.35 on Mon 04/26/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2380 [GMT -4:00] AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe svchost.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Dell Support Center\gs_agent\dsc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Documents and Settings\L'Anita\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080417 uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080417 uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [OE_OEM] "c:\program files\trend micro\internet security 14\tmas_oe\TMAS_OEMon.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [ECenter] c:\dell\e-center\EULALauncher.exe mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot StartupFolder: c:\docume~1\l'anita\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://vpn.emory.edu/vdesk/terminal/urxvpn.cab#version=6030,2009,327,1607 DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://vpn.emory.edu/vdesk/terminal/f5tunsrv.cab#version=6030,2009,416,937 DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\docume~1\erik\locals~1\temp\ixp000.tmp\InstallerControl.cab DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/30.66/uploader2.cab DPF: {541AEDD4-20E8-4E6F-B12B-0FDD38BB712F} - hxxps://choapacs.choa.org/amI/install/amiviewer.cab DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxps://choapacs.choa.org/amI/install/msxml4.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} - hxxps://choapacs.choa.org/amI/install/amiviewer.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://vpn.emory.edu/vdesk/terminal/urxshost.cab#version=6030,2009,327,1553 DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://vpn.emory.edu/vdesk/terminal/urxhost.cab#version=6030,2009,327,1548 Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\l'anita\applic~1\mozilla\firefox\profiles\pzldqkzc.default\ FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\erik\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\erik\application data\move networks\plugins\npqmp071701000002.dll FF - plugin: c:\documents and settings\erik\application data\move networks\plugins\npqmp071705000014.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll FF - plugin: c:\program files\picasa2\npPicasa3.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592] R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576] R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-12-20 116928] R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-12-20 1814720] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-1 102448] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100426.003\naveng.sys [2010-4-26 84912] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100426.003\navex15.sys [2010-4-26 1324720] R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-12-1 119296] R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2009-3-27 33920] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-12 135664] S3 atidgllk;atidgllk;c:\dell\drivers\r169419\atidgllk.sys [2008-5-12 12048] S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2009-5-5 10752] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-17 30192] =============== Created Last 30 ================ 2010-04-27 00:44:39 0 ----a-w- c:\documents and settings\l'anita\defogger_reenable 2010-04-13 18:35:36 0 d-----w- c:\program files\common files\AnswerWorks 5.0 2010-04-13 18:33:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit 2010-04-13 18:33:06 0 d-----w- c:\program files\common files\Intuit 2010-04-13 18:32:01 0 d-----w- c:\program files\TurboTax ==================== Find3M ==================== 2010-03-30 04:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-30 04:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll 2010-02-25 15:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll 2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr 2010-02-17 13:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\ntoskrnl.exe 2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe 2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\ntkrnlpa.exe 2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll 2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys 2009-10-02 00:36:10 7570944 ----a-w- c:\program files\ica32web.msi 2009-10-02 00:16:40 1598 ----a-w- c:\program files\launch.ica 2008-09-11 02:21:55 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091020080911\index.dat ============= FINISH: 20:49:12.32 =============== thanks, for your help. ddsattatch.txt
  23. OTL.Txt > OTL logfile created on: 4/26/2010 7:53:13 PM - Run 1 OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\L'Anita\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 294.73 Gb Total Space | 244.01 Gb Free Space | 82.79% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HEISS Current User Name: L'Anita Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/04/26 19:52:29 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\L'Anita\My Documents\Downloads\OTL.exe PRC - [2009/12/01 09:55:10 | 000,066,560 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe PRC - [2009/11/27 22:57:21 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe PRC - [2009/08/08 15:26:32 | 000,522,752 | ---- | M] (SRWare) -- C:\Program Files\SRWare Iron\iron.exe PRC - [2009/05/21 12:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe PRC - [2008/04/17 10:13:59 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2006/12/20 14:29:40 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe PRC - [2006/12/20 14:29:34 | 000,116,928 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe PRC - [2006/12/20 14:29:30 | 001,814,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe PRC - [2006/12/20 14:29:20 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe PRC - [2006/11/21 21:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe PRC - [2006/11/21 21:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe PRC - [2006/11/21 21:38:28 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe PRC - [2006/09/25 09:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe PRC - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe PRC - [2004/06/09 14:16:08 | 000,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe ========== Modules (SafeList) ========== MOD - [2010/04/26 19:52:29 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\L'Anita\My Documents\Downloads\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2009/12/01 09:55:10 | 000,066,560 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2009/11/27 22:57:21 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829) SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) SRV - [2006/12/20 14:29:34 | 000,116,928 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam) SRV - [2006/12/20 14:29:30 | 001,814,720 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2006/12/20 14:29:20 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch) SRV - [2006/11/21 21:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr) SRV - [2006/11/21 21:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr) SRV - [2006/08/25 12:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate) SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc) SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc) ========== Driver Services (SafeList) ========== DRV - [2009/12/02 13:16:05 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100426.003\NAVEX15.SYS -- (NAVEX15) DRV - [2009/12/02 13:15:56 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100426.003\NAVENG.SYS -- (NAVENG) DRV - [2009/12/01 09:55:10 | 000,119,296 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2009/08/27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009/08/17 20:15:31 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009/03/27 12:09:03 | 000,033,920 | ---- | M] (F5 Networks, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\covpndrv.sys -- (urvpndrv) DRV - [2009/03/27 12:09:00 | 000,010,752 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw) DRV - [2008/08/19 21:33:37 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD) DRV - [2008/05/12 11:29:26 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008/01/15 20:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/11/02 01:52:06 | 002,644,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007/07/19 18:26:24 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor) DRV - [2007/04/13 21:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel® DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT) DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL) DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2006/07/19 12:04:18 | 000,012,048 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\dell\drivers\R169419\atidgllk.sys -- (atidgllk) DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080417 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080417 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080417 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080417 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1253600377-259343990-3635174423-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080417 IE - HKU\S-1-5-21-1253600377-259343990-3635174423-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/...html?channel=us IE - HKU\S-1-5-21-1253600377-259343990-3635174423-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-1253600377-259343990-3635174423-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKU\S-1-5-21-1253600377-259343990-3635174423-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080417 IE - HKU\S-1-5-21-1253600377-259343990-3635174423-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/25 21:19:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/25 21:19:28 | 000,000,000 | ---D | M] [2008/09/11 13:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\L'Anita\Application Data\Mozilla\Extensions [2010/03/29 12:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\L'Anita\Application Data\Mozilla\Firefox\Profiles\pzldqkzc.default\extensions [2010/01/06 15:18:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\L'Anita\Application Data\Mozilla\Firefox\Profiles\pzldqkzc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008/07/30 00:05:11 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\L'Anita\Application Data\Mozilla\Firefox\Profiles\pzldqkzc.default\searchplugins\wikipedia-eng.xml [2008/09/15 22:18:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2007/06/21 18:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll [2007/06/21 18:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll [2007/06/21 18:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll [2008/06/18 03:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll [2007/06/21 18:39:34 | 000,325,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll [2007/06/21 18:40:02 | 000,030,280 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll O1 HOSTS File: ([2010/01/02 11:22:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-1253600377-259343990-3635174423-1007\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe () O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation) O4 - HKU\S-1-5-21-1253600377-259343990-3635174423-1007..\Run: [OE_OEM] C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe File not found O4 - HKU\S-1-5-21-1253600377-259343990-3635174423-1007..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc) O4 - Startup: C:\Documents and Settings\Erik\Start Menu\Programs\Startup\HotSync Manager.LNK = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc) O4 - Startup: C:\Documents and Settings\Erik\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\HotSync Manager.LNK = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc) O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\L'Anita\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1253600377-259343990-3635174423-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-1253600377-259343990-3635174423-1007\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-1253600377-259343990-3635174423-1007\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} http://www.ritzpix.com/net/Uploader/LPUploader45.cab (Image Uploader Control) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://vpn.emory.edu/vdesk/terminal/urxvpn...0,2009,327,1607 (F5 Networks VPN Manager) O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://vpn.emory.edu/vdesk/terminal/f5tuns...30,2009,416,937 (F5 Networks Dynamic Application Tunnel Control) O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\DOCUME~1\Erik\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab (F5 Networks Auto Update) O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/30.66/uploader2.cab (UploadListView Class) O16 - DPF: {541AEDD4-20E8-4E6F-B12B-0FDD38BB712F} https://choapacs.choa.org/amI/install/amiviewer.cab (Centricity Web ViewApp Control 3.0 SPa02) O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} https://choapacs.choa.org/amI/install/msxml4.cab (XML DOM Document 4.0) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} https://choapacs.choa.org/amI/install/amiviewer.cab (AMI Pictorial Control CWeb 2.1 SPa06) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://vpn.emory.edu/vdesk/terminal/urxsho...0,2009,327,1553 (F5 Networks SuperHost Class) O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://vpn.emory.edu/vdesk/terminal/urxhos...0,2009,327,1548 (F5 Networks Host Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\L'Anita\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\L'Anita\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/04/13 14:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage [2010/04/13 14:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0 [2010/04/13 14:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit [2010/04/13 14:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit [2010/04/13 14:32:01 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax [2010/04/03 10:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\LearningThings [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/04/26 19:43:15 | 000,445,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/04/26 19:43:15 | 000,072,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/04/26 19:43:14 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/04/26 19:42:08 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5F487C58-72F9-44BB-8D8E-13D338485A76}.job [2010/04/26 19:39:43 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1253600377-259343990-3635174423-1006.job [2010/04/26 19:39:42 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/04/26 19:38:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/04/26 19:38:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/04/26 19:38:27 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys [2010/04/26 19:37:28 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\L'Anita\NTUSER.DAT [2010/04/26 19:37:28 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\L'Anita\ntuser.ini [2010/04/26 19:35:33 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/04/25 19:59:54 | 000,092,952 | ---- | M] () -- C:\Documents and Settings\L'Anita\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/04/25 19:44:16 | 000,001,188 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini [2010/04/24 17:29:41 | 000,001,274 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr [2010/04/21 20:00:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1253600377-259343990-3635174423-1006.job [2010/04/14 20:01:06 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk [2010/04/14 20:00:03 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2010/04/14 19:59:53 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2010/04/14 19:59:53 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2010/04/14 19:59:15 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll [2010/04/14 19:53:57 | 000,362,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/04/14 19:32:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/04/04 10:16:01 | 000,163,328 | ---- | M] () -- C:\Documents and Settings\L'Anita\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/04 09:35:36 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\L'Anita\My Documents\tenstupidthings.doc [2010/04/04 09:35:36 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\L'Anita\My Documents\~$nstupidthings.doc [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/03/29 19:43:52 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\L'Anita\Desktop\Subs late days rotation 11.doc [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/04/14 20:00:12 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1253600377-259343990-3635174423-1006.job [2010/04/14 20:00:11 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1253600377-259343990-3635174423-1006.job [2010/04/14 19:51:28 | 000,789,880 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/04/13 14:34:14 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk [2010/04/04 09:35:36 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\L'Anita\My Documents\~$nstupidthings.doc [2010/04/04 09:35:35 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\L'Anita\My Documents\tenstupidthings.doc [2010/03/29 09:11:59 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\L'Anita\Desktop\Subs late days rotation 11.doc [2010/01/07 15:01:12 | 000,001,188 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini [2009/12/27 21:36:35 | 000,001,027 | ---- | C] () -- C:\WINDOWS\ATICIM.INI [2008/09/20 16:44:14 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008/08/19 23:07:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI [2008/08/09 10:26:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI [2008/08/04 00:11:29 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini [2008/05/12 11:16:41 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2008/04/17 10:22:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/04/17 09:49:21 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll [2008/04/17 09:48:01 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini < End of report > extras.txt > OTL Extras logfile created on: 4/26/2010 7:53:13 PM - Run 1 OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\L'Anita\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 294.73 Gb Total Space | 244.01 Gb Free Space | 82.79% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HEISS Current User Name: L'Anita Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-1253600377-259343990-3635174423-1007\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "2967:UDP" = 2967:UDP:*:Enabled:AAIT Symantec-UDP 2967 "2967:TCP" = 2967:TCP:*:Enabled:AAIT Symantec-TCP 2967 "38293:UDP" = 38293:UDP:*:Enabled:AAIT Symantec-UDP 38293 "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services "2479:TCP" = 2479:TCP:*:Enabled:Services "3246:TCP" = 3246:TCP:*:Enabled:Services "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "2967:UDP" = 2967:UDP:*:Enabled:AAIT Symantec-UDP 2967 "2967:TCP" = 2967:TCP:*:Enabled:AAIT Symantec-TCP 2967 "38293:UDP" = 38293:UDP:*:Enabled:AAIT Symantec-UDP 38293 "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services "2479:TCP" = 2479:TCP:*:Enabled:Services "3246:TCP" = 3246:TCP:*:Enabled:Services "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.) "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.) "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.) "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\palmOne\Hotsync.exe" = C:\Program Files\palmOne\Hotsync.exe:*:Enabled:HotSync Manager -- (PalmSource, Inc) "C:\Program Files\Common Files\Epocrates\AutoUpdate\Win32\Win32_Exe\AutoUpdate.exe" = C:\Program Files\Common Files\Epocrates\AutoUpdate\Win32\Win32_Exe\AutoUpdate.exe:*:Enabled:Epocrates -- (Epocrates, Inc.) "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2 "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10 "{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers "{374256A0-EAA2-012B-AD60-000000000000}" = TurboTax 2009 wgaiper "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper "{4CC04CB8-422A-4940-A5C9-90F233690509}_is1" = SRWare Iron 3.0.197.0 "{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0 "{87841AF8-C785-42FF-A76E-CC0F0C2816CC}" = ATI Catalyst Control Center "{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1 "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007 "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0 "{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher "{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support "{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher "{E622695B-3A22-4774-993D-318049488C0B}" = LDS Scriptures CD-ROM Resource Edition "{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F445476A-42DE-11D4-80D0-00C04F2750A6}" = Epocrates Essentials "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{FF8157AA-F640-45BD-B7C2-BAA1016B267A}" = palmOne "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe PDF IFilter 6.0" = Adobe PDF IFilter 6.0 "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "Coupon Printer for Windows4.0" = Coupon Printer for Windows "Dell_HostCD" = Dell Printer Software Uninstall "Google Desktop" = Google Desktop "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper "LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Money2006b" = Microsoft Money 2006 "Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "OrcaBrowser" = Orca Browser "Picasa 3" = Picasa 3 "Power Sound Editor Free_is1" = Power Sound Editor Free v5.7.5 "RealPlayer 12.0" = RealPlayer "Sandboxie" = Sandboxie 3.42 "SearchAssist" = SearchAssist "StreetPlugin" = Learn2 Player (Uninstall Only) "TurboTax 2009" = TurboTax 2009 "ULTIMATER" = Microsoft Office Ultimate 2007 "ViewpointMediaPlayer" = Viewpoint Media Player "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1253600377-259343990-3635174423-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/25/2010 9:22:55 PM | Computer Name = HEISS | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Risk: Trojan.FakeAV!gen28 in File: Unavailable by: Defwatch scan. Action: Clean was partially successful.. Action Description: Clean was partially successful. Error - 4/25/2010 9:36:58 PM | Computer Name = HEISS | Source = Symantec AntiVirus | ID = 16711726 Description = Security Risk Found!Risk: Trojan.FakeAV!gen28 in File: C:\Documents and Settings\Erik\Local Settings\temp\ldfcmb.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: Error - 4/25/2010 9:36:58 PM | Computer Name = HEISS | Source = Symantec AntiVirus | ID = 16711685 Description = Risk Found!Risk: Trojan.FakeAV!gen28 in File: C:\Documents and Settings\Erik\Local Settings\temp\ldfcmb.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: Error - 4/25/2010 9:37:09 PM | Computer Name = HEISS | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Risk: Trojan.FakeAV!gen28 in File: C:\Documents and Settings\Erik\Local Settings\temp\ldfcmb.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: Error - 4/26/2010 1:38:37 PM | Computer Name = HEISS | Source = Google Update | ID = 20 Description = Error - 4/26/2010 2:38:36 PM | Computer Name = HEISS | Source = Google Update | ID = 20 Description = Error - 4/26/2010 3:00:11 PM | Computer Name = HEISS | Source = Symantec AntiVirus | ID = 16711726 Description = Security Risk Found!Risk: Trojan.FakeAV!gen28 in File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0026705.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: Error - 4/26/2010 3:00:35 PM | Computer Name = HEISS | Source = Symantec AntiVirus | ID = 16711685 Description = Risk Found!Risk: Trojan.FakeAV!gen28 in File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0026705.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: Error - 4/26/2010 3:00:37 PM | Computer Name = HEISS | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Risk: Trojan.FakeAV!gen28 in File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0026705.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: Error - 4/26/2010 3:38:38 PM | Computer Name = HEISS | Source = Google Update | ID = 20 Description = [ OSession Events ] Error - 2/8/2009 11:28:40 PM | Computer Name = HEISS | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 460723 seconds with 240 seconds of active time. This session ended with a crash. [ System Events ] Error - 3/29/2010 11:20:58 AM | Computer Name = HEISS | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 59 minutes. NtpClient has no source of accurate time. Error - 3/29/2010 11:36:52 AM | Computer Name = HEISS | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.0.2 for the Network Card with network address 001D09910CA3 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). Error - 4/3/2010 10:19:34 AM | Computer Name = HEISS | Source = Dhcp | ID = 1000 Description = Your computer has lost the lease to its IP address 192.168.0.2 on the Network Card with network address 001D09910CA3. Error - 4/6/2010 10:28:24 AM | Computer Name = HEISS | Source = Dhcp | ID = 1000 Description = Your computer has lost the lease to its IP address 192.168.0.2 on the Network Card with network address 001D09910CA3. Error - 4/7/2010 2:14:49 PM | Computer Name = HEISS | Source = Dhcp | ID = 1000 Description = Your computer has lost the lease to its IP address 192.168.0.2 on the Network Card with network address 001D09910CA3. Error - 4/13/2010 1:47:57 PM | Computer Name = HEISS | Source = Dhcp | ID = 1000 Description = Your computer has lost the lease to its IP address 192.168.0.2 on the Network Card with network address 001D09910CA3. Error - 4/14/2010 7:15:56 PM | Computer Name = HEISS | Source = Dhcp | ID = 1000 Description = Your computer has lost the lease to its IP address 192.168.0.2 on the Network Card with network address 001D09910CA3. Error - 4/24/2010 1:00:07 PM | Computer Name = HEISS | Source = Dhcp | ID = 1000 Description = Your computer has lost the lease to its IP address 192.168.0.2 on the Network Card with network address 001D09910CA3. Error - 4/25/2010 3:07:41 PM | Computer Name = HEISS | Source = Dhcp | ID = 1000 Description = Your computer has lost the lease to its IP address 192.168.0.2 on the Network Card with network address 001D09910CA3. Error - 4/25/2010 9:31:44 PM | Computer Name = HEISS | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.0.2 for the Network Card with network address 001D09910CA3 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). < End of report >
  24. Had a popup that started scanning - bogus alerts and antivirus. So I ran the MBAM and found 2 infected files with Trojan.Fraudpack. They were deleted, but the pop ups keep popping when I am logged on. I cann't open anything and get an error you are infected box that pops up. Only when I logged in as another user could I run the program or do anything. Here are the results of the scans. Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3930 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/25/2010 9:00:29 PM mbam-log-2010-04-25 (21-00-29).txt Scan type: Full scan (C:\|) Objects scanned: 241663 Time elapsed: 56 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> No action taken. HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:18:37 PM, on 4/25/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\palmOne\Hotsync.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\SRWare Iron\iron.exe C:\Program Files\SRWare Iron\iron.exe C:\Program Files\SRWare Iron\iron.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Documents and Settings\Erik\My Documents\malwarebytes\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080417 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080417 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080417 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [xsymoxce] C:\Documents and Settings\Erik\Local Settings\Application Data\serximlwg\qelugubtssd.exe O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-21-1253600377-259343990-3635174423-1006\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'Erik') O4 - HKUS\S-1-5-21-1253600377-259343990-3635174423-1006\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Erik') O4 - HKUS\S-1-5-21-1253600377-259343990-3635174423-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Erik') O4 - HKUS\S-1-5-21-1253600377-259343990-3635174423-1006\..\Run: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" (User 'Erik') O4 - HKUS\S-1-5-21-1253600377-259343990-3635174423-1006\..\Run: [xsymoxce] C:\Documents and Settings\Erik\Local Settings\Application Data\serximlwg\qelugubtssd.exe (User 'Erik') O4 - S-1-5-21-1253600377-259343990-3635174423-1006 Startup: HotSync Manager.LNK = C:\Program Files\palmOne\Hotsync.exe (User 'Erik') O4 - S-1-5-21-1253600377-259343990-3635174423-1006 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Erik') O4 - S-1-5-21-1253600377-259343990-3635174423-1006 User Startup: HotSync Manager.LNK = C:\Program Files\palmOne\Hotsync.exe (User 'Erik') O4 - S-1-5-21-1253600377-259343990-3635174423-1006 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Erik') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://vpn.emory.edu/vdesk/terminal/urxvpn...0,2009,327,1607 O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - https://vpn.emory.edu/vdesk/terminal/f5tuns...30,2009,416,937 O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\Erik\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/30.66/uploader2.cab O16 - DPF: {541AEDD4-20E8-4E6F-B12B-0FDD38BB712F} (Centricity Web ViewApp Control 3.0 SPa02) - https://choapacs.choa.org/amI/install/amiviewer.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://choapacs.choa.org/amI/install/msxml4.cab O16 - DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} (AMI Pictorial Control CWeb 2.1 SPa06) - https://choapacs.choa.org/amI/install/amiviewer.cab O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://vpn.emory.edu/vdesk/terminal/urxsho...0,2009,327,1553 O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://vpn.emory.edu/vdesk/terminal/urxhos...0,2009,327,1548 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 13940 bytes Thanks for your help.
  25. So when my wife is logged on if the screen saver comes on she has to reselect herself as the user to continue work. Doesn't happen for me. But the bothersome part is if either of us logs on while the other still has work open that person is logged off within minutes (while I am working I hear the chime that she is being logged out).
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.