cgrammie2

Honorary Members
  • Content count

    107
  • Joined

  • Last visited

About cgrammie2

  • Rank
    Advanced Member

Contact Methods

  • ICQ
    0
  1. Received this message after updating MBAM - "The database was successfully updated from version 911122306 to 911122605". The version numbers seem way out of line - these large numbers have appeared the last several times I've updated MBAM. Could this indicate the presence of a virus/malware? Also in August I downloaded CutePDF Writer software which converts my completed Excel file into a PDF file. Ever since this download I receive the following message: "Internet Explorer - Seach Provider Default - A program on your computer has corrupted your default search provider setting for Internet Explorer. Internet Explorer has rset this setting to your original search provider, Google (www.google.com). Internet search will now open search settings where you can change this setting or install more seach providers". I then click "OK" and a new screen appears "Manage Add Ons - View and manage your Internet Explorer add-ons", etc. I have uninstalled and reinstalled the software and still unsuccessful in getting rid of this screen. Possible presence of virus/malware? THANK YOU for your help! Logs follow below: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Linda Cross at 16:05:55 on 2011-12-27 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.500 [GMT -7:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://phoenix.cox.net/cci/home uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore mURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\lindac~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238559981937 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5957/mcfscan.cab TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 TCP: Interfaces\{F92EE20A-73A9-4E7F-8699-A4ADDA1C9EF3} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-10-5 385536] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-4 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-16 314456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-16 20568] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-16 44768] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-31 366152] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-31 22216] S1 MpKsla3c22b50;MpKsla3c22b50;\??\c:\windows\system32\mpenginestore\mpksla3c22b50.sys --> c:\windows\system32\mpenginestore\MpKsla3c22b50.sys [?] S2 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-16 79816] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-10-5 35272] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-10-5 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-10-5 40552] . =============== Created Last 30 ================ . 2011-12-27 14:48:51 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{5367492a-04d0-4bff-af6b-79560a9a2606}\offreg.dll 2011-12-27 09:08:23 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{5367492a-04d0-4bff-af6b-79560a9a2606}\mpengine.dll . ==================== Find3M ==================== . 2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-05 15:26:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-05 17:41:20 72080 ----a-w- c:\documents and settings\linda cross\g2mdlhlpx.exe 2011-10-03 12:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-03 09:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl . ============= FINISH: 16:07:50.29 =============== MBAM Log 07:50:27 (null) MESSAGE Protection started successfully 07:50:43 Linda Cross MESSAGE IP Protection started successfully 07:50:43 Linda Cross MESSAGE IP Protection stopped 12:28:01 Linda Cross MESSAGE Database updated successfully attach.zip
  2. Thank you again!
  3. Elise - I think finally my computer problems have all been resolved! Thank you - Thank you - Thank you!!! B)
  4. I forgot to check the CDrom before I posted the log - after I rebooted my computer I put in a CD - it prompted me to choose how I wanted the audio to play - I selected Rhapsody which came up and played my CD - yay!!! I think it's fixed finally!! THANK YOU!!
  5. Here is the log - AutoFix [V5.2.3790.67] Time [2010-09-03 19:07:26] Microsoft Windows Version [5.1 (Service Pack 3) <2600>] Test [The Shell Hardware Detection service is running.] - Instance [N/A]: Result [AutoStart Setting]: OK Result [The Shell Hardware Detection service is running.]: OK Test [Policies] - Instance [D:\, Drive Type: 5]: Result [HKCU\...\Policies!NoDrives]: OK {Present} Result [HKCU\...\Policies!NoDriveAutorun]: OK {Present} Result [HKCU\...\Policies!NoDriveTypeAutorun]: OK {Present} Result [HKLM\...\Policies!NoDrives]: OK {Present} Result [HKLM\...\Policies!NoDriveAutorun]: Problems {Present} Result [HKLM\...\Policies!NoDriveTypeAutorun]: OK {Present} >> Repair << [HKLM\...\Policies!NoDriveAutorun] Step: Resetting policy HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDriveAutorun to 0x03FFFFF7. Result: This AutoPlay setting was successfully fixed. >> Required action: The user must log off and log on again
  6. Well I rebooted after running AutoFix - still no autoplay Here's the log - AutoFix [V5.2.3790.67] Time [2010-09-03 09:21:47] Microsoft Windows Version [5.1 (Service Pack 3) <2600>] Test [The Shell Hardware Detection service is running.] - Instance [N/A]: Result [AutoStart Setting]: OK Result [The Shell Hardware Detection service is running.]: OK Test [Policies] - Instance [D:\, Drive Type: 5]: Result [HKCU\...\Policies!NoDrives]: OK {Present} Result [HKCU\...\Policies!NoDriveAutorun]: Problems {Present} Result [HKCU\...\Policies!NoDriveTypeAutorun]: OK {Present} >> Repair << [HKCU\...\Policies!NoDriveAutorun] Step: Resetting policy HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDriveAutorun to 0x03FFFFF7. Result: This AutoPlay setting was successfully fixed. >> Required action: The user must log off and log on again
  7. Here you go: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=dword:00000001 "DefaultDomainName"="GRAMMIE" "DefaultUserName"="Linda Cross" "LegalNoticeCaption"="" "LegalNoticeText"="" "PowerdownAfterShutdown"="0" "ReportBootOk"="1" "Shell"="Explorer.exe" "ShutdownWithoutLogon"="0" "VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\"" "SfcQuota"=dword:ffffffff "allocatecdroms"="0" "allocatedasd"="0" "allocatefloppies"="0" "cachedlogonscount"="10" "forceunlocklogon"=dword:00000000 "passwordexpirywarning"=dword:0000000e "scremoveoption"="0" "AllowMultipleTSSessions"=dword:00000001 "UIHost"=hex(2):6c,00,6f,00,67,00,6f,00,6e,00,75,00,69,00,2e,00,65,00,78,00,65,\ 00,00,00 "LogonType"=dword:00000001 "Background"="0 0 0" "DebugServerCommand"="no" "SFCDisable"=dword:00000000 "WinStationsDisabled"="0" "HibernationPreviouslyEnabled"=dword:00000001 "ShowLogonOptions"=dword:00000000 "AltDefaultUserName"="Linda Cross" "AltDefaultDomainName"="GRAMMIE" "ChangePasswordUseKerberos"=dword:00000001 "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," @="" "LegalNotice Text"="" "System"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}] @="Microsoft Disk Quota" "NoMachinePolicy"=dword:00000000 "NoUserPolicy"=dword:00000001 "NoSlowLink"=dword:00000001 "NoBackgroundPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "PerUserLocalSettings"=dword:00000000 "RequiresSuccessfulRegistry"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000000 "DllName"=hex(2):64,00,73,00,6b,00,71,00,75,00,6f,00,74,00,61,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "ProcessGroupPolicy"="ProcessGroupPolicy" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}] @="Internet Explorer Zonemapping" "DllName"="C:\\WINDOWS\\system32\\iedkcs32.dll" "ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap" "NoGPOListChanges"=dword:00000001 "RequiresSucessfulRegistry"=dword:00000001 "DisplayName"="@C:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051" "RequiresSuccessfulRegistry"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}] @="Internet Explorer User Accelerators" "DisplayName"="@C:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051" "DllName"="C:\\WINDOWS\\system32\\iedkcs32.dll" "NoGPOListChanges"=dword:00000001 "ProcessGroupPolicy"="ProcessGroupPolicyForActivities" "ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx" "RequiresSuccessfulRegistry"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}] "ProcessGroupPolicy"="SceProcessSecurityPolicyGPO" "GenerateGroupPolicy"="SceGenerateGroupPolicy" "ExtensionRsopPlanningDebugLevel"=dword:00000001 "ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx" "ExtensionDebugLevel"=dword:00000001 "DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\ 00,00 @="Security" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 "MaxNoGPOListChangesInterval"=dword:000003c0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}] "ProcessGroupPolicyEx"="ProcessGroupPolicyEx" "GenerateGroupPolicy"="GenerateGroupPolicy" "ProcessGroupPolicy"="ProcessGroupPolicy" "DllName"=hex(2):69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,00,64,00,\ 6c,00,6c,00,00,00 @="Internet Explorer Branding" "NoSlowLink"=dword:00000001 "NoBackgroundPolicy"=dword:00000000 "NoGPOListChanges"=dword:00000001 "NoMachinePolicy"=dword:00000001 "DisplayName"="@C:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}] "ProcessGroupPolicy"="SceProcessEFSRecoveryGPO" "DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\ 00,00 @="EFS recovery" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "RequiresSuccessfulRegistry"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}] @="802.3 Group Policy" "DisplayName"=hex(2):40,00,64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,\ 00,74,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,30,00,00,00 "ProcessGroupPolicyEx"="ProcessLANPolicyEx" "GenerateGroupPolicy"="GenerateLANPolicy" "DllName"=hex(2):64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,00,74,00,\ 2e,00,64,00,6c,00,6c,00,00,00 "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}] @="Microsoft Offline Files" "DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\ 00,73,00,63,00,75,00,69,00,2e,00,64,00,6c,00,6c,00,00,00 "EnableAsynchronousProcessing"=dword:00000000 "NoBackgroundPolicy"=dword:00000000 "NoGPOListChanges"=dword:00000000 "NoMachinePolicy"=dword:00000000 "NoSlowLink"=dword:00000000 "NoUserPolicy"=dword:00000001 "PerUserLocalSettings"=dword:00000000 "ProcessGroupPolicy"="ProcessGroupPolicy" "RequiresSuccessfulRegistry"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}] @="Software Installation" "DllName"=hex(2):61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx" "GenerateGroupPolicy"="GenerateGroupPolicy" "NoBackgroundPolicy"=dword:00000000 "RequiresSucessfulRegistry"=dword:00000000 "NoSlowLink"=dword:00000001 "PerUserLocalSettings"=dword:00000001 "EventSources"=hex(7):28,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\ 00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,\ 74,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\ 00,29,00,00,00,28,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\ 6c,00,65,00,72,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\ 00,6f,00,6e,00,29,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}] @="Internet Explorer Machine Accelerators" "DisplayName"="@C:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051" "DllName"="C:\\WINDOWS\\system32\\iedkcs32.dll" "NoGPOListChanges"=dword:00000001 "ProcessGroupPolicy"="ProcessGroupPolicyForActivities" "ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx" "RequiresSuccessfulRegistry"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] "Asynchronous"=dword:00000001 "DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,\ 00,69,00,6d,00,73,00,6e,00,74,00,66,00,79,00,2e,00,64,00,6c,00,6c,00,00,00 "Startup"="WlDimsStartup" "Shutdown"="WlDimsShutdown" "Logon"="WlDimsLogon" "Logoff"="WlDimsLogoff" "StartShell"="WlDimsStartShell" "Lock"="WlDimsLock" "Unlock"="WlDimsUnlock" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] @="" "DLLName"="igfxsrvc.dll" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "Unlock"="WinlogonUnlockEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] "Logon"="WLEventLogon" "Logoff"="WLEventLogoff" "Startup"="WLEventStartup" "Shutdown"="WLEventShutdown" "StartScreenSaver"="WLEventStartScreenSaver" "StopScreenSaver"="WLEventStopScreenSaver" "Lock"="WLEventLock" "Unlock"="WLEventUnlock" "StartShell"="WLEventStartShell" "PostShell"="WLEventPostShell" "Disconnect"="WLEventDisconnect" "Reconnect"="WLEventReconnect" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000000 "SafeMode"=dword:00000001 "MaxWait"=dword:ffffffff "DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Event"=dword:00000002 "EulaAccepted"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings] "Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\ 00,00,2c,a5,22,82,9d,1a,85,46,8c,b0,08,3e,bb,19,24,4b,04,00,00,00,04,00,00,\ 00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,45,f1,10,df,b4,c1,a7,ae,\ 17,0b,14,d2,26,4f,b3,5a,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,4a,\ bc,fc,a6,78,a9,9c,f2,74,37,aa,7b,05,fb,b5,c2,b8,01,00,00,2f,da,2a,75,9a,1b,\ 15,3e,0f,6f,7a,f4,c7,d4,f6,43,6e,1d,5a,f6,c7,3e,3a,e2,a9,cb,95,8a,bb,ac,02,\ 29,24,3f,f9,59,74,5f,c5,ff,71,18,fd,ca,71,b9,56,76,3c,24,1e,46,d8,fa,9c,e4,\ c2,6b,9a,41,85,1e,59,95,48,7d,f9,a3,dd,0c,2e,ab,5b,b1,b9,a0,19,fd,3f,d1,a0,\ bd,80,69,21,53,e1,90,7c,ab,ed,f1,0f,12,48,d1,be,f0,4c,38,ca,e9,dc,3a,f8,e7,\ 22,9d,5d,8b,c1,0b,eb,7a,63,e2,c8,ce,f7,81,7f,c2,27,c0,33,bd,ee,9d,e5,2d,c6,\ 82,5b,1c,47,3e,46,15,bf,42,c4,ec,85,08,3e,62,d3,c1,22,44,ce,e3,6d,a1,16,3c,\ 63,9a,46,44,43,9a,ed,14,60,fe,81,b7,4f,03,16,9e,88,cf,5f,10,d7,5e,04,6e,de,\ 09,1d,10,27,30,fd,ec,46,fd,3e,b9,0d,cc,9b,dc,a2,00,b2,15,eb,87,16,08,ba,dc,\ 0a,2c,31,45,3f,02,0c,61,16,88,01,1e,15,81,9d,d3,1d,a1,9e,5e,f3,18,24,52,6a,\ 0c,06,6c,a2,3c,7a,42,4c,2b,ba,92,ca,d2,07,45,d6,bd,0f,d8,b9,92,11,ef,16,f5,\ 4a,d4,19,a6,e1,0a,5e,58,68,1f,44,2c,f2,4d,92,88,b2,1f,ca,ac,81,d3,8b,f1,e0,\ ad,e6,2f,a6,41,aa,c1,7f,43,20,7c,60,7f,3c,4d,0d,95,47,d4,cd,14,29,26,90,31,\ 93,39,63,95,01,5b,e1,a8,b4,5c,97,b0,0a,8d,d3,60,72,9b,42,6b,67,36,a4,0c,03,\ e7,5e,0b,54,7f,76,98,cf,45,11,8e,31,80,74,31,c3,93,f4,d1,91,25,0d,8a,fc,d2,\ 04,92,44,c4,1f,77,65,71,c4,83,81,7d,76,6a,d0,57,d4,cd,3a,4a,f7,29,dc,8f,b3,\ 75,7d,dc,ce,d0,e9,a9,93,97,e2,a0,4f,4f,cc,b7,25,94,5b,cb,be,cd,43,03,57,56,\ 50,e2,77,5a,17,f4,bb,d5,a9,81,f8,3f,d9,33,2b,52,d2,8d,5f,ee,b0,a6,29,4d,59,\ 50,f4,ad,f1,4b,80,38,1a,7c,14,00,00,00,e7,7a,b6,7c,2c,de,75,ec,79,9f,ef,09,\ a5,dd,1f,b9,be,71,44,16 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SCLogon] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList] "HelpAssistant"=dword:00000000 "TsInternetUser"=dword:00000000 "SQLAgentCmdExec"=dword:00000000 "NetShowServices"=dword:00000000 "IWAM_"=dword:00010000 "IUSR_"=dword:00010000 "VUSR_"=dword:00010000
  8. yes it was. in fact I stopped it - restarted it - and rebooted my computer - still no autoplay.
  9. still nothing happens.
  10. Okay. I'd definitely like to get this resolved. What's the other forum I can go to? THANK YOU for all your help!
  11. there is nothing - just dead silence...
  12. Ran the scan but no log was produced - no comments made.
  13. okay. just needed to be sure this software will remain untouched. thanks!! will run the scan....
  14. Hi Elise - I've got licensed software on my pc that I use for my job - If I run this scan will the software be comprised at all? If I have to use my XP CD and reload stuff it could cost me several hundreds of dollars to renew my license.
  15. Here's the log - thanks! -------------------------------------------------------------------- MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000001d Kernel Drivers (total 130): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806EE000 \WINDOWS\system32\hal.dll 0xF7A23000 \WINDOWS\system32\KDCOM.DLL 0xF7933000 \WINDOWS\system32\BOOTVID.dll 0xF74D4000 ACPI.sys 0xF7A25000 \WINDOWS\System32\DRIVERS\WMILIB.SYS 0xF74C3000 pci.sys 0xF7523000 isapnp.sys 0xF7AEB000 pciide.sys 0xF77A3000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS 0xF7533000 MountMgr.sys 0xF74A4000 ftdisk.sys 0xF77AB000 PartMgr.sys 0xF7543000 VolSnap.sys 0xF748C000 atapi.sys 0xF7553000 disk.sys 0xF7563000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS 0xF746C000 fltmgr.sys 0xF745A000 sr.sys 0xF77B3000 PxHelp20.sys 0xF7443000 KSecDD.sys 0xF7430000 WudfPf.sys 0xF73A3000 Ntfs.sys 0xF7376000 NDIS.sys 0xF735C000 Mup.sys 0xF7300000 mfehidk.sys 0xF76E3000 \SystemRoot\System32\DRIVERS\intelppm.sys 0xF71F2000 \SystemRoot\System32\DRIVERS\ialmnt5.sys 0xF71DE000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS 0xF783B000 \SystemRoot\System32\DRIVERS\usbuhci.sys 0xF71BA000 \SystemRoot\System32\DRIVERS\USBPORT.SYS 0xF7843000 \SystemRoot\System32\DRIVERS\usbehci.sys 0xF70AD000 \SystemRoot\System32\DRIVERS\BCMSM.sys 0xF708A000 \SystemRoot\System32\DRIVERS\ks.sys 0xF784B000 \SystemRoot\System32\Drivers\Modem.SYS 0xF76F3000 \SystemRoot\System32\DRIVERS\bcm4sbxp.sys 0xF7703000 \SystemRoot\System32\DRIVERS\cdrom.sys 0xF7713000 \SystemRoot\System32\DRIVERS\redbook.sys 0xF7723000 \SystemRoot\System32\DRIVERS\imapi.sys 0xF7006000 \SystemRoot\system32\drivers\smwdm.sys 0xF6FE2000 \SystemRoot\system32\drivers\portcls.sys 0xF7733000 \SystemRoot\system32\drivers\drmk.sys 0xF7A3D000 \SystemRoot\system32\drivers\aeaudio.sys 0xF7853000 \SystemRoot\System32\DRIVERS\fdc.sys 0xF7743000 \SystemRoot\System32\DRIVERS\serial.sys 0xF7A07000 \SystemRoot\System32\DRIVERS\serenum.sys 0xF6FCE000 \SystemRoot\System32\DRIVERS\parport.sys 0xF7753000 \SystemRoot\System32\DRIVERS\i8042prt.sys 0xF785B000 \SystemRoot\System32\DRIVERS\mouclass.sys 0xF7863000 \SystemRoot\System32\DRIVERS\kbdclass.sys 0xF7B7A000 \SystemRoot\System32\DRIVERS\audstub.sys 0xF7763000 \SystemRoot\System32\DRIVERS\rasl2tp.sys 0xF7A0B000 \SystemRoot\System32\DRIVERS\ndistapi.sys 0xF6F5A000 \SystemRoot\System32\DRIVERS\ndiswan.sys 0xF7773000 \SystemRoot\System32\DRIVERS\raspppoe.sys 0xF7783000 \SystemRoot\System32\DRIVERS\raspptp.sys 0xF786B000 \SystemRoot\System32\DRIVERS\TDI.SYS 0xF6F49000 \SystemRoot\System32\DRIVERS\psched.sys 0xF7793000 \SystemRoot\System32\DRIVERS\msgpc.sys 0xF7873000 \SystemRoot\System32\DRIVERS\ptilink.sys 0xF787B000 \SystemRoot\System32\DRIVERS\raspti.sys 0xF7593000 \SystemRoot\System32\DRIVERS\termdd.sys 0xF7A3F000 \SystemRoot\System32\DRIVERS\swenum.sys 0xF6EC3000 \SystemRoot\System32\DRIVERS\update.sys 0xF7883000 \SystemRoot\System32\DRIVERS\omci.sys 0xF7A1F000 \SystemRoot\System32\DRIVERS\mssmbios.sys 0xF75A3000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF75D3000 \SystemRoot\System32\DRIVERS\usbhub.sys 0xF7A45000 \SystemRoot\System32\DRIVERS\USBD.SYS 0xF788B000 \SystemRoot\System32\DRIVERS\flpydisk.sys 0xF79AF000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xEED5C000 \SystemRoot\System32\Drivers\pwd_2k.SYS 0xF7A4B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7C4D000 \SystemRoot\System32\Drivers\Null.SYS 0xF7A4D000 \SystemRoot\System32\Drivers\Beep.SYS 0xF789B000 \SystemRoot\System32\drivers\vga.sys 0xF7A4F000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7A51000 \SystemRoot\SYSTEM32\DRIVERS\RDPCDD.SYS 0xF78A3000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF78AB000 \SystemRoot\System32\Drivers\Npfs.SYS 0xEED09000 \SystemRoot\System32\Drivers\UdfReadr_xp.SYS 0xF79C7000 \SystemRoot\System32\DRIVERS\rasacd.sys 0xEECE4000 \SystemRoot\System32\DRIVERS\ipsec.sys 0xEEC8B000 \SystemRoot\System32\DRIVERS\tcpip.sys 0xF7613000 \SystemRoot\System32\Drivers\aswTdi.SYS 0xEEC63000 \SystemRoot\System32\DRIVERS\netbt.sys 0xF79CF000 \SystemRoot\System32\drivers\ws2ifsl.sys 0xEEC41000 \SystemRoot\System32\drivers\afd.sys 0xF7623000 \SystemRoot\System32\DRIVERS\netbios.sys 0xEEC16000 \SystemRoot\System32\DRIVERS\rdbss.sys 0xEEB7E000 \SystemRoot\System32\DRIVERS\mrxsmb.sys 0xF7653000 \SystemRoot\System32\Drivers\Fips.SYS 0xEEB58000 \SystemRoot\System32\DRIVERS\ipnat.sys 0xF7663000 \SystemRoot\System32\DRIVERS\wanarp.sys 0xF79EF000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xF7673000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF78B3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xEEB31000 \SystemRoot\System32\Drivers\aswSP.SYS 0xF78C3000 \SystemRoot\System32\Drivers\Aavmker4.SYS 0xF79F3000 \SystemRoot\System32\DRIVERS\usbscan.sys 0xF78CB000 \SystemRoot\System32\DRIVERS\usbprint.sys 0xF76B3000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xEEB19000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF7AAD000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xEED7B000 \SystemRoot\System32\drivers\Dxapi.sys 0xF790B000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7B1D000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF020000 \SystemRoot\System32\ialmdnt5.dll 0xBF012000 \SystemRoot\System32\ialmrnt5.dll 0xBF03F000 \SystemRoot\System32\ialmdev5.DLL 0xBF06B000 \SystemRoot\System32\ialmdd5.DLL 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xEEA59000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0xEE9B1000 \SystemRoot\System32\DRIVERS\ndisuio.sys 0xEE792000 \SystemRoot\System32\Drivers\aswMon2.SYS 0xEE50D000 \SystemRoot\System32\DRIVERS\mrxdav.sys 0xEE4A8000 \SystemRoot\system32\drivers\wdmaud.sys 0xEE67A000 \SystemRoot\system32\drivers\sysaudio.sys 0xF7AAB000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xF7AB3000 \SystemRoot\system32\DRIVERS\dsunidrv.sys 0xF7AB7000 \SystemRoot\System32\Drivers\MCSTRM.SYS 0xEE243000 \SystemRoot\System32\DRIVERS\srv.sys 0xF77FB000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys 0xEDD7A000 \SystemRoot\System32\Drivers\HTTP.sys 0xF78DB000 \SystemRoot\System32\Drivers\aswRdr.SYS 0xEE2BE000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xED96C000 \SystemRoot\system32\drivers\kmixer.sys 0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll Processes (total 29): 0 System Idle Process 4 System 584 C:\WINDOWS\SYSTEM32\smss.exe 644 csrss.exe 668 C:\WINDOWS\SYSTEM32\winlogon.exe 712 C:\WINDOWS\SYSTEM32\services.exe 724 C:\WINDOWS\SYSTEM32\lsass.exe 880 C:\WINDOWS\SYSTEM32\svchost.exe 960 svchost.exe 1060 C:\Program Files\Windows Defender\MsMpEng.exe 1136 C:\WINDOWS\SYSTEM32\svchost.exe 1172 C:\WINDOWS\SYSTEM32\svchost.exe 1284 svchost.exe 1424 svchost.exe 1532 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 1804 C:\WINDOWS\SYSTEM32\LEXBCES.EXE 1840 C:\WINDOWS\SYSTEM32\LEXPPS.EXE 1844 C:\WINDOWS\SYSTEM32\spoolsv.exe 512 svchost.exe 1032 C:\WINDOWS\explorer.exe 1196 C:\Program Files\Java\jre6\bin\jqs.exe 1332 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 1404 C:\WINDOWS\SYSTEM32\svchost.exe 204 C:\Program Files\Alwil Software\Avast5\AvastUI.exe 244 C:\Program Files\Common Files\Java\Java Update\jusched.exe 252 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 312 C:\WINDOWS\SYSTEM32\ctfmon.exe 2460 alg.exe 2508 C:\Documents and Settings\Linda Cross\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`01f60800 (NTFS) PhysicalDrive0 Model Number: IC35L060AVV207-0, Rev: V22OA66A Size Device Name MBR Status -------------------------------------------- 55 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A Done!