Jump to content

befuddled

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I don't want to receive emails from the forum anymore. How do I stop them?
  2. I've done everything except the system restore. Do I turn it off and then turn it on again to reset?
  3. Thank you so much. everthing seems to be working fine now. Here is the OTL log: OTL logfile created on: 10/17/2010 1:53:57 PM - Run 2 OTL by OldTimer - Version 3.2.15.2 Folder = E:\ Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,015.00 Mb Total Physical Memory | 474.00 Mb Available Physical Memory | 47.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 52.35 Gb Total Space | 23.62 Gb Free Space | 45.11% Space Free | Partition Type: NTFS Drive E: | 3.74 Gb Total Space | 2.30 Gb Free Space | 61.46% Space Free | Partition Type: FAT32 Computer Name: SARAH | User Name: Sarah T | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - E:\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) ========== Modules (SafeList) ========== MOD - E:\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe () ========== Driver Services (SafeList) ========== DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (VX3000) -- C:\WINDOWS\system32\drivers\VX3000.sys (Microsoft Corporation) DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.) DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.) DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions) DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions) DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 57 8C CD 60 95 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.3.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: {D5493C6A-FD62-4255-AA85-AB7E7D0F0001}:1.0 FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/06/06 16:27:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/06 14:41:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/11 18:19:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/11 18:20:34 | 000,000,000 | ---D | M] [2008/12/21 14:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah T\Application Data\Mozilla\Extensions [2010/06/18 18:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah T\Application Data\Mozilla\Firefox\Profiles\2ufdigro.default\extensions [2010/06/18 18:27:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sarah T\Application Data\Mozilla\Firefox\Profiles\2ufdigro.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/12/01 10:17:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Sarah T\Application Data\Mozilla\Firefox\Profiles\2ufdigro.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/06/22 21:40:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Sarah T\Application Data\Mozilla\Firefox\Profiles\2ufdigro.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/12/01 10:14:14 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Documents and Settings\Sarah T\Application Data\Mozilla\Firefox\Profiles\2ufdigro.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} [2010/02/01 18:27:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Sarah T\Application Data\Mozilla\Firefox\Profiles\2ufdigro.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/06/18 18:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah T\Application Data\Mozilla\Firefox\Profiles\2ufdigro.default\extensions\staged-xpis [2009/09/06 18:07:48 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Sarah T\Application Data\Mozilla\Firefox\Profiles\2ufdigro.default\searchplugins\bing.xml [2010/06/06 20:27:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/06/06 20:27:52 | 000,000,000 | ---D | M] (BarQuery) -- C:\Program Files\Mozilla Firefox\extensions\{D5493C6A-FD62-4255-AA85-AB7E7D0F0001} [2010/01/20 20:29:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com [2008/04/28 16:13:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll O1 HOSTS File: ([2010/10/16 12:49:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Shop to Win 2) - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files\Shop to Win 2\ShoppingBHO.dll (Freecause Inc.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [iSUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation) O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/E/3.../OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Sarah T\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sarah T\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/10/17 09:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/10/16 12:42:55 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/10/16 12:39:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/10/16 12:39:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/10/16 12:39:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/10/16 12:39:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/10/16 12:38:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/10/16 12:38:54 | 000,000,000 | ---D | C] -- C:\ComboFix [2010/10/16 12:37:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/10/14 16:02:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/10/14 16:02:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/10/14 16:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/10/13 07:56:40 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll [2010/10/13 07:56:39 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010/10/13 07:56:39 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010/10/13 07:56:18 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2010/10/11 18:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/10/11 18:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/10/11 18:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/10/11 18:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010/10/11 18:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\Safari [1 C:\Documents and Settings\Sarah T\My Documents\*.tmp files -> C:\Documents and Settings\Sarah T\My Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/10/17 01:37:32 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/10/16 12:49:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/10/16 12:43:00 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2010/10/16 12:36:02 | 003,879,098 | R--- | M] () -- C:\Documents and Settings\Sarah T\Desktop\ComboFix.exe [2010/10/16 11:49:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/10/16 11:48:44 | 1064,763,392 | -HS- | M] () -- C:\hiberfil.sys [2010/10/16 11:48:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/10/15 16:49:32 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\Sarah T\Desktop\Shortcut to RKUnhookerLE.lnk [2010/10/15 16:00:39 | 000,031,036 | ---- | M] () -- C:\Documents and Settings\Sarah T\Application Data\wklnhst.dat [2010/10/15 15:59:28 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Sarah T\My Documents\netsvcs.doc [2010/10/15 15:53:50 | 000,000,260 | ---- | M] () -- C:\Documents and Settings\Sarah T\Desktop\Shortcut to OTL.lnk [2010/10/14 19:16:43 | 000,000,314 | ---- | M] () -- C:\Documents and Settings\Sarah T\Desktop\Shortcut to MicrosoftFixit50267.lnk [2010/10/14 16:02:49 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/14 12:06:54 | 000,243,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/10/14 03:10:05 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/10/14 03:09:22 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk [2010/10/11 18:54:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/10/11 18:25:54 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/10/11 18:20:20 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2010/10/11 18:04:13 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf [2010/10/11 18:03:30 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2010/10/11 18:03:30 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Sarah T\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2010/10/06 03:05:59 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/10/06 03:05:59 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll [2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll [2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll [2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll [2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll [2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll [2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [1 C:\Documents and Settings\Sarah T\My Documents\*.tmp files -> C:\Documents and Settings\Sarah T\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/10/16 12:43:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010/10/16 12:42:57 | 000,260,272 | RHS- | C] () -- C:\cmldr [2010/10/16 12:39:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/10/16 12:39:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/10/16 12:39:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/10/16 12:39:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/10/16 12:39:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/10/16 12:36:02 | 003,879,098 | R--- | C] () -- C:\Documents and Settings\Sarah T\Desktop\ComboFix.exe [2010/10/15 16:49:32 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\Sarah T\Desktop\Shortcut to RKUnhookerLE.lnk [2010/10/15 15:59:28 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Sarah T\My Documents\netsvcs.doc [2010/10/15 15:53:50 | 000,000,260 | ---- | C] () -- C:\Documents and Settings\Sarah T\Desktop\Shortcut to OTL.lnk [2010/10/14 19:16:42 | 000,000,314 | ---- | C] () -- C:\Documents and Settings\Sarah T\Desktop\Shortcut to MicrosoftFixit50267.lnk [2010/10/14 16:02:49 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/11 18:25:54 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/10/11 18:20:20 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2010/10/11 18:03:30 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2010/10/11 18:03:30 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Sarah T\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2010/05/22 15:35:34 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Sarah T\Local Settings\Application Data\fusioncache.dat [2010/03/16 11:55:07 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010/02/19 12:22:01 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2010/01/21 11:55:53 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2009/09/06 17:45:49 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini [2009/02/21 08:25:20 | 000,691,592 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2008/05/24 15:13:12 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Sarah T\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/01/11 22:41:46 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\E7867E0562.sys [2006/12/25 19:54:22 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/07/09 18:45:05 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2006/07/09 18:45:02 | 000,000,086 | ---- | C] () -- C:\WINDOWS\ka.ini [2005/12/26 14:25:24 | 000,031,036 | ---- | C] () -- C:\Documents and Settings\Sarah T\Application Data\wklnhst.dat [2005/12/26 14:10:28 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005/12/26 14:10:28 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\62057E86E7.sys [2005/12/11 19:56:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/12/11 19:51:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/12/11 19:43:58 | 000,000,460 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005/12/11 19:38:53 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare [2005/12/11 19:14:12 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/06/22 13:37:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/08/10 14:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI < End of report >
  4. The ESET scanner cleaned two infected files. The screen has a box that I can check to delete the quarantined files. What should I do? Here is the log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=4eb441fce7cbf8409dc311658e334bcc # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=false # utc_time=2010-10-17 03:10:15 # local_time=2010-10-17 11:10:15 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=3584 16777215 100 0 0 0 0 0 # compatibility_mode=5891 16776533 100 100 0 16835544 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=83875 # found=2 # cleaned=2 # scan_time=4052 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1332\A0140194.mof Win32/RogueAV.A trojan (cleaned by deleting - quarantined) 43915B4E51D673519914924C8B10E4FD C C:\WINDOWS\system32\drivers\etc\hosts.old Win32/Qhost trojan (cleaned by deleting - quarantined) 29712390F406D45EF10D4A1B2D8D23EC C
  5. You are so awesome! The virus appears to be gone. I will run the other scan anyway. Here is the malware log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4861 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/17/2010 9:35:53 AM mbam-log-2010-10-17 (09-35-53).txt Scan type: Quick scan Objects scanned: 146933 Time elapsed: 10 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  6. Here is the combofix log: ComboFix 10-10-15.04 - Sarah T 10/16/2010 12:44:41.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.565 [GMT -4:00] Running from: c:\documents and settings\Sarah T\Desktop\ComboFix.exe AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Sarah T\Recent\ANTIGEN.sys c:\documents and settings\Sarah T\Recent\cid.exe c:\documents and settings\Sarah T\Recent\CLSV.drv c:\documents and settings\Sarah T\Recent\CLSV.sys c:\documents and settings\Sarah T\Recent\ddv.exe c:\documents and settings\Sarah T\Recent\ddv.tmp c:\documents and settings\Sarah T\Recent\eb.drv c:\documents and settings\Sarah T\Recent\energy.dll c:\documents and settings\Sarah T\Recent\FS.dll c:\documents and settings\Sarah T\Recent\FS.drv c:\documents and settings\Sarah T\Recent\FS.tmp c:\documents and settings\Sarah T\Recent\FW.exe c:\documents and settings\Sarah T\Recent\gid.sys c:\documents and settings\Sarah T\Recent\kernel32.dll c:\documents and settings\Sarah T\Recent\kernel32.drv c:\documents and settings\Sarah T\Recent\PE.exe c:\documents and settings\Sarah T\Recent\PE.sys c:\documents and settings\Sarah T\Recent\tempdoc.exe c:\documents and settings\Sarah T\Recent\tjd.tmp c:\documents and settings\Sarah T\Start Menu\Programs\Smart Engine.lnk c:\documents and settings\Sarah T\Start Menu\Smart Engine.lnk c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf . ((((((((((((((((((((((((( Files Created from 2010-09-16 to 2010-10-16 ))))))))))))))))))))))))))))))) . 2010-10-15 17:06 . 2010-09-09 22:52 6084944 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{35A8D1FE-D69C-42CC-AA06-E3958E5FB33E}\mpengine.dll 2010-10-14 20:02 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-14 20:02 . 2010-10-14 20:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-14 20:02 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-13 11:56 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll 2010-10-13 11:56 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2010-10-13 11:56 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2010-10-13 11:56 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll 2010-10-11 22:24 . 2010-10-11 22:24 -------- d-----w- c:\program files\iPod 2010-10-11 22:24 . 2010-10-11 22:25 -------- d-----w- c:\program files\iTunes 2010-10-11 22:16 . 2010-10-11 22:16 -------- d-----w- c:\program files\Bonjour 2010-10-11 22:03 . 2010-10-11 22:03 -------- d-----w- c:\program files\Safari . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA}] 2010-05-22 19:33 638976 ----a-w- c:\program files\Shop to Win 2\ShoppingBHO.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 729178] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688] "SigmatelSysTrayApp"="stsystra.exe" [2005-08-24 393216] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-12-11 26112] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912] "VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-11 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2010-10-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-09-06 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job - c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45] 2010-10-16 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40] . . ------- Supplementary Scan ------- . uStart Page = hxxp://att.my.yahoo.com/ uInternet Connection Wizard,ShellNext = iexplore FF - ProfilePath - c:\documents and settings\Sarah T\Application Data\Mozilla\Firefox\Profiles\2ufdigro.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q= FF - component: c:\documents and settings\Sarah T\Application Data\Mozilla\Firefox\Profiles\2ufdigro.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npdeploytk.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npmozax.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npnul32.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\nppdf32.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin2.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin3.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin4.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin5.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin6.dll FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin7.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess"); . - - - - ORPHANS REMOVED - - - - HKCU-Run-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe HKCU-Run-ares ultra - c:\program files\Ares Ultra\AresUltra.exe AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(768) c:\windows\System32\BCMLogon.dll . Completion time: 2010-10-16 12:52:30 ComboFix-quarantined-files.txt 2010-10-16 16:52 Pre-Run: 25,492,799,488 bytes free Post-Run: 25,453,608,960 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 57489FCE47D7681E29EAE16A26762DF5
  7. You are a GENIUS!! I will run combofix now. Here is the OTL log: All processes killed ========== OTL ========== HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Community Tools deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Weather deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MsnMsgr deleted successfully. C:\Documents and Settings\Sarah T\Application Data\Smart Engine folder moved successfully. C:\Documents and Settings\All Users\Application Data\SMPBZTRE folder moved successfully. C:\Documents and Settings\All Users\Application Data\044ba1\SMESys folder moved successfully. C:\Documents and Settings\All Users\Application Data\044ba1\Quarantine Items folder moved successfully. C:\Documents and Settings\All Users\Application Data\044ba1\BackUp folder moved successfully. C:\Documents and Settings\All Users\Application Data\044ba1 folder moved successfully. C:\Documents and Settings\Sarah T\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Engine.lnk moved successfully. C:\WINDOWS\system32\drivers\etc\hosts.old moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 124416 bytes ->Temporary Internet Files folder emptied: 21011390 bytes ->Flash cache emptied: 621 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 6193102 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 5123630 bytes User: NetworkService ->Temp folder emptied: 1024510 bytes ->Temporary Internet Files folder emptied: 167563642 bytes ->Flash cache emptied: 405 bytes User: Sarah T ->Temp folder emptied: 1345089523 bytes ->Temporary Internet Files folder emptied: 9330754 bytes ->Java cache emptied: 58082718 bytes ->FireFox cache emptied: 42513918 bytes ->Apple Safari cache emptied: 63203328 bytes ->Flash cache emptied: 2202207 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19999 bytes %systemroot%\System32 .tmp files removed: 3861393 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 106446762 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 67293872 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1,811.00 mb HOSTS file reset successfully OTL by OldTimer - Version 3.2.15.2 log created on 10162010_114446 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  8. Also, please keep in mind that I cannot download anything directly from the internet to the computer that we are working on. I have to transfer everything using a flashdrive and a different computer with working internet.
  9. Sorry, but I am confused. Is combo fix something different from what you're telling me to run in the OTL window or is it the same thing?
  10. OK, here it the rootkit report: RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 3) Number of processors #1 ============================================== >Drivers ============================================== 0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2066816 bytes (Microsoft Corporation, NT Kernel & System) 0x804D7000 PnpManager 2066816 bytes 0x804D7000 RAW 2066816 bytes 0x804D7000 WMIxWDM 2066816 bytes 0xBF800000 Win32k 1855488 bytes 0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0xF7207000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1052672 bytes (Intel Corporation, Intel Graphics Miniport Driver) 0xAA579000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 1036288 bytes (Conexant Systems, Inc., HSF_DP driver) 0xAA6CC000 C:\WINDOWS\system32\drivers\sthda.sys 999424 bytes (SigmaTel, Inc., NDRC) 0xBF075000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology) 0xAA4C9000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 720896 bytes (Conexant Systems, Inc., HSF_CNXT driver) 0xF73E4000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver) 0xAA26D000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0xF7074000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver) 0xF714C000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 372736 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver) 0xAA352000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver) 0xA9B9A000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver) 0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver) 0xA9076000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack) 0xBF041000 C:\WINDOWS\System32\ialmdev5.DLL 212992 bytes (Intel Corporation, Component GHAL Driver) 0xAA676000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 204800 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver) 0xF711D000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver) 0xF7518000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT) 0xA9D0A000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0xF73B7000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver) 0xA8B4C000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer) 0xAA2DD000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0xF71CB000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a) 0xAA32A000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver) 0xAA247000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator) 0xA8B77000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver) 0xAA6A8000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0xF71A7000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0xF70FA000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library) 0xAA406000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 143360 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver) 0xAA308000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 135168 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver) 0x806D0000 ACPI_HAL 131840 bytes 0x806D0000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0xF74B0000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0xF74E8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver) 0xF739D000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0xAA098000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component) 0xAA07F000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component) 0xF74D0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver) 0xAA207000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes 0xF7471000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0xF70E3000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0xF7488000 drvmcdb.sys 90112 bytes (Sonic Solutions, Device Driver) 0xAA0B1000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component) 0xA9B85000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper) 0xF71F3000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver) 0xAA3AB000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver) 0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver) 0xF749E000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver) 0xF7507000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator) 0xF70D2000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler) 0xF7827000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver) 0xF76D7000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0xF7777000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0xF76E7000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver) 0xA9D97000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter) 0xF7787000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB) 0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver) 0xF7687000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll) 0xF76B7000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver) 0xF76F7000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0xF7667000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver) 0xF76A7000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 49152 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver) 0xF7717000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0xF77B7000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver) 0xF76C7000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver) 0xF7657000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager) 0xF7707000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0xF77D7000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager) 0xF7647000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver) 0xF7757000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy) 0xF7747000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver) 0xF7677000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver) 0xF7897000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver) 0xF7727000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier) 0xF7797000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver) 0xA8F76000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0xF77E7000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component) 0xF77C7000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0xF79F7000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver) 0xF78E7000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver) 0xF79B7000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0xF78C7000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0xF7937000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component) 0xF7A37000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver) 0xF79CF000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter) 0xF79C7000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver) 0xF79BF000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver) 0xF7A3F000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component) 0xF79AF000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver) 0xF7A47000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0xF7A4F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver) 0xF79EF000 C:\WINDOWS\system32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver) 0xF78CF000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager) 0xF79DF000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library) 0xF78D7000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP) 0xF79E7000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver) 0xF79D7000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper) 0xF7917000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver) 0xAA0C7000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver) 0xF7068000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver) 0xF7A5F000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver) 0xF7B17000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver) 0xF7B37000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver) 0xAA07B000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver) 0xAA1FB000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component) 0xF7A57000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver) 0xF7A5B000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver) 0xAA3E2000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver) 0xF734C000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter) 0xA9DE3000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER) 0xF7B27000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0xF7B07000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0xF7BCB000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows ® 2000 DDK provider, TR Manager) 0xF7BF1000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver) 0xF7B75000 C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 8192 bytes (Gteko Ltd., Process Trigger Driver) 0xF7BCD000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver) 0xF7C0B000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes 0xF7BEF000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver) 0xF7B4B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver) 0xF7B47000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0xF7BF3000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator) 0xF7BF5000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport) 0xF7B85000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver) 0xF7B83000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component) 0xF7B87000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0xF7B67000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component) 0xF7B81000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0xF7B49000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0xF7C3A000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver) 0xF7D59000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk) 0xF7C67000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver) 0xF7C0F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver) 0xF7C18000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component) 0xF7C17000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component) ============================================== >Stealth ============================================== ============================================== >Files ============================================== !-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\MpScanCache-0.bin !-->[Hidden] C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb::$DATA !-->[Hidden] C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb::$DATA ============================================== >Hooks ============================================== ntkrnlpa.exe+0x0006AA9A, Type: Inline - RelativeJump 0x80541A9A-->80541AA1 [ntkrnlpa.exe] [1860]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll] [1860]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll] [1860]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll] [1860]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll] [1860]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll] [1860]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll] [1860]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
  11. Ok, here are the results from OTL: OTL logfile created on: 10/15/2010 4:02:11 PM - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = E:\ Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,015.00 Mb Total Physical Memory | 557.00 Mb Available Physical Memory | 55.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 52.35 Gb Total Space | 22.04 Gb Free Space | 42.09% Space Free | Partition Type: NTFS Drive E: | 3.74 Gb Total Space | 2.30 Gb Free Space | 61.55% Space Free | Partition Type: FAT32 Computer Name: SARAH | User Name: Sarah T | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - E:\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\WINDOWS\vVX3000.exe (Microsoft Corporation) PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) ========== Modules (SafeList) ========== MOD - E:\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe () ========== Driver Services (SafeList) ========== DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (VX3000) -- C:\WINDOWS\system32\drivers\VX3000.sys (Microsoft Corporation) DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.) DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.) DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions) DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions) DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...k/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 57 8C CD 60 95 CA 01 [binary data] IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25388 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.selectedEngine: "search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.3.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {D5493C6A-FD62-4255-AA85-AB7E7D0F0001}:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6 FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/06/06 16:27:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/09 17:27:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/06 14:41:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/03/16 11:32:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/11 18:19:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/11 18:20:34 | 000,000,000 | ---D | M] [2008/12/21 14:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah T\Application Data\Mozilla\Extensions [2008/12/21 14:01:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sarah T\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/06/18 18:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah T\Application Data\Mozilla\Firefox\Profiles\2ufdigro.default\extensions [2010/06/18 18:27:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sarah T\Application Data\Mozilla\Firefox\Profiles\2ufdigro.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/12/01 10:17:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Sarah T\Application Data\Mozilla\Firefox\Profiles\2ufdigro.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/06/22 21:40:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Sarah T\Application Data\Mozilla\Firefox\Profiles\2ufdigro.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/12/01 10:14:14 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Documents and Settings\Sarah T\Application Data\Mozilla\Firefox\Profiles\2ufdigro.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} [2010/02/01 18:27:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Sarah T\Application Data\Mozilla\Firefox\Profiles\2ufdigro.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/06/18 18:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah T\Application Data\Mozilla\Firefox\Profiles\2ufdigro.default\extensions\staged-xpis [2009/09/06 18:07:48 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Sarah T\Application Data\Mozilla\Firefox\Profiles\2ufdigro.default\searchplugins\bing.xml [2010/06/06 20:27:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/01/27 10:15:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/11/04 19:29:50 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2008/07/09 13:54:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009/01/09 17:28:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/11/14 16:05:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010/01/20 19:58:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010/06/06 20:27:52 | 000,000,000 | ---D | M] (BarQuery) -- C:\Program Files\Mozilla Firefox\extensions\{D5493C6A-FD62-4255-AA85-AB7E7D0F0001} [2010/01/20 20:29:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com [2010/01/15 23:09:51 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/01/15 23:09:52 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2008/08/06 16:22:02 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll [2009/12/17 18:14:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2008/04/28 16:13:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll [2010/01/15 23:09:53 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2006/12/18 04:18:30 | 000,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2010/10/11 18:20:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2010/10/11 18:20:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2010/10/11 18:20:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2010/10/11 18:20:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2010/10/11 18:20:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2010/10/11 18:20:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2010/10/11 18:20:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2010/01/15 20:13:03 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010/01/15 20:13:03 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010/01/15 20:13:03 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/01/15 20:13:03 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2010/01/15 20:13:03 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/01/15 20:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010/01/15 20:13:03 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml Hosts file not found O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Shop to Win 2) - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files\Shop to Win 2\ShoppingBHO.dll (Freecause Inc.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [Dell Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc) O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation) O4 - HKCU..\Run: [ares ultra] C:\Program Files\Ares Ultra\AresUltra.exe File not found O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe File not found O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found O4 - HKCU..\Run: [My Web Search Community Tools] C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe File not found O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/E/3.../OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Sarah T\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sarah T\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found ========== Files/Folders - Created Within 30 Days ========== [2010/10/14 16:02:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/10/14 16:02:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/10/14 16:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/10/14 15:37:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sarah T\Application Data\Smart Engine [2010/10/14 15:37:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\SMPBZTRE [2010/10/14 15:36:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\044ba1 [2010/10/13 07:56:40 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll [2010/10/13 07:56:39 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010/10/13 07:56:39 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010/10/13 07:56:18 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2010/10/11 18:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/10/11 18:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/10/11 18:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/10/11 18:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010/10/11 18:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\Safari [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\Sarah T\My Documents\*.tmp files -> C:\Documents and Settings\Sarah T\My Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/10/15 16:00:39 | 000,031,036 | ---- | M] () -- C:\Documents and Settings\Sarah T\Application Data\wklnhst.dat [2010/10/15 15:59:28 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Sarah T\My Documents\netsvcs.doc [2010/10/15 15:53:50 | 000,000,260 | ---- | M] () -- C:\Documents and Settings\Sarah T\Desktop\Shortcut to OTL.lnk [2010/10/15 15:45:53 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/10/15 15:39:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/10/15 15:39:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/10/15 15:39:23 | 1064,763,392 | -HS- | M] () -- C:\hiberfil.sys [2010/10/14 19:16:43 | 000,000,314 | ---- | M] () -- C:\Documents and Settings\Sarah T\Desktop\Shortcut to MicrosoftFixit50267.lnk [2010/10/14 17:33:55 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\Sarah T\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Engine.lnk [2010/10/14 17:33:36 | 000,002,735 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.old [2010/10/14 16:02:49 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/14 12:06:54 | 000,243,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/10/14 11:46:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010/10/14 03:10:05 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/10/14 03:09:22 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk [2010/10/11 18:54:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/10/11 18:25:54 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/10/11 18:20:20 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2010/10/11 18:04:13 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf [2010/10/11 18:03:30 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2010/10/11 18:03:30 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Sarah T\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2010/10/06 03:05:59 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/10/06 03:05:59 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll [2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll [2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll [2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll [2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll [2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll [2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\Sarah T\My Documents\*.tmp files -> C:\Documents and Settings\Sarah T\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/10/15 15:59:28 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Sarah T\My Documents\netsvcs.doc [2010/10/15 15:53:50 | 000,000,260 | ---- | C] () -- C:\Documents and Settings\Sarah T\Desktop\Shortcut to OTL.lnk [2010/10/14 19:16:42 | 000,000,314 | ---- | C] () -- C:\Documents and Settings\Sarah T\Desktop\Shortcut to MicrosoftFixit50267.lnk [2010/10/14 16:02:49 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/14 15:38:18 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\Sarah T\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Engine.lnk [2010/10/11 18:25:54 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/10/11 18:20:20 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2010/10/11 18:03:30 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2010/10/11 18:03:30 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Sarah T\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2010/05/22 15:35:34 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Sarah T\Local Settings\Application Data\fusioncache.dat [2010/03/16 11:55:07 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010/02/19 12:22:01 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2010/01/21 11:55:53 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2009/09/06 17:45:49 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini [2009/02/21 08:25:20 | 000,691,592 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2008/05/24 15:13:12 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Sarah T\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/01/11 22:41:46 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\E7867E0562.sys [2006/12/25 19:54:22 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/07/09 18:45:05 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2006/07/09 18:45:02 | 000,000,086 | ---- | C] () -- C:\WINDOWS\ka.ini [2005/12/26 14:25:24 | 000,031,036 | ---- | C] () -- C:\Documents and Settings\Sarah T\Application Data\wklnhst.dat [2005/12/26 14:10:28 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005/12/26 14:10:28 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\62057E86E7.sys [2005/12/11 19:56:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/12/11 19:51:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/12/11 19:43:58 | 000,000,460 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005/12/11 19:38:53 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare [2005/12/11 19:14:12 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/06/22 13:37:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/08/10 14:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI ========== LOP Check ========== [2010/10/14 15:38:22 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\044ba1 [2010/03/16 11:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2010/10/14 15:37:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SMPBZTRE [2008/01/26 20:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2005/12/11 19:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/08/18 11:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens [2010/06/22 10:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/10/23 23:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/07/09 18:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/12/07 10:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah T\Application Data\Amazon [2010/03/16 11:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah T\Application Data\Canneverbe Limited [2010/05/22 15:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah T\Application Data\FCSB000062035 [2009/03/21 16:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah T\Application Data\ICAClient [2007/12/29 10:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah T\Application Data\Leadertech [2009/02/14 10:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah T\Application Data\LimeWire [2009/11/16 16:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah T\Application Data\MSNInstaller [2009/03/21 16:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah T\Application Data\OfficeUpdate12 [2009/03/21 16:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah T\Application Data\Runaware [2010/10/14 15:38:18 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Sarah T\Application Data\Smart Engine [2005/12/28 08:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah T\Application Data\Template [2009/12/20 21:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah T\Application Data\Tific [2009/08/18 11:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah T\Application Data\W Photo Studio [2009/08/18 11:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah T\Application Data\W Photo Studio Viewer [2009/08/18 11:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah T\Application Data\Walgreens [2010/05/22 15:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah T\Application Data\WeatherBug [2010/10/15 15:45:53 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2009/02/20 15:08:06 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2005/12/11 19:19:34 | 000,005,094 | RH-- | M] () -- C:\dell.sdr [2010/10/15 15:39:23 | 1064,763,392 | -HS- | M] () -- C:\hiberfil.sys [2009/09/27 14:03:30 | 000,921,624 | ---- | M] () -- C:\img2-001.raw [2006/01/21 18:49:10 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1 [2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS [2005/12/11 19:43:43 | 000,000,831 | -H-- | M] () -- C:\IPH.PH [2007/09/03 13:10:06 | 000,000,062 | ---- | M] () -- C:\itunes library [2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS [2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/08/24 20:50:34 | 000,250,048 | RHS- | M] () -- C:\ntldr [2010/10/15 15:39:21 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys [2005/12/11 19:43:54 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini [2007/06/06 10:00:50 | 000,947,736 | ---- | M] () -- C:\TB.log < %systemroot%\system32\*.dll /lockedfiles > [8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /90 > [2010/08/26 09:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll [2009/04/16 15:08:20 | 000,312,832 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp70v.dll < End of report > OTL Extras logfile created on: 10/15/2010 4:02:11 PM - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = E:\ Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,015.00 Mb Total Physical Memory | 557.00 Mb Available Physical Memory | 55.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 52.35 Gb Total Space | 22.04 Gb Free Space | 42.09% Space Free | Partition Type: NTFS Drive E: | 3.74 Gb Total Space | 2.30 Gb Free Space | 61.55% Space Free | Partition Type: FAT32 Computer Name: SARAH | User Name: Sarah T | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.) "C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found "C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation) "C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation) "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found "D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.) "C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Documents and Settings\All Users\Application Data\044ba1\SM044_302.exe" = C:\Documents and Settings\All Users\Application Data\044ba1\SM044_302.exe:*:Enabled:Smart Engine -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{06040048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta Encyclopedia Standard 2006 "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word "{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management "{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 18 "{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs "{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon "{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5 "{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update "{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet! "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006 "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002 "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700 "{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures "{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0 "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy "{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CBF3C503-946E-45EA-B347-EACC41781989}" = W Photo Studio "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade "{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant "{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour "Accent_on_Interactivity_1.0" = Accent on Interactivity 1.5 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9 "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem "D1A6F3FD-7B40-443F-8767-BADB25A0D222" = Blasterball 2 "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver "Dell Game Console" = Dell Game Console "getPlus®_ocx" = getPlus®_ocx "Google Updater" = Google Updater "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Print Projects" = HP Print Projects 1.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MarbleBlastGoldDemo" = Marble Blast Gold Demo (remove only) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Essentials" = Microsoft Security Essentials "Money2006b" = Microsoft Money 2006 "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PictureItPrem_v11" = Microsoft Digital Image Standard 2006 "RealArcade" = RealArcade "RealPlayer 6.0" = RealPlayer Basic "Shop for HP Supplies" = Shop for HP Supplies "Shop to Win 2" = Shop to Win 2 "StreetPlugin" = Learn2 Player (Uninstall Only) "SynTPDeinstKey" = Synaptics Pointing Device Driver "ViewpointMediaPlayer" = Viewpoint Media Player "WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell "WildTangent CDA" = WildTangent Web Driver "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Software Update" = Yahoo! Software Update ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 10/14/2010 3:25:51 AM | Computer Name = SARAH | Source = Userenv | ID = 1512 Description = Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator. DETAIL - Insufficient system resources exist to complete the requested service. Error - 10/14/2010 5:30:17 PM | Computer Name = SARAH | Source = Userenv | ID = 1512 Description = Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator. DETAIL - Insufficient system resources exist to complete the requested service. Error - 10/14/2010 6:48:48 PM | Computer Name = SARAH | Source = Userenv | ID = 1512 Description = Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator. DETAIL - Insufficient system resources exist to complete the requested service. Error - 10/14/2010 7:04:48 PM | Computer Name = SARAH | Source = Userenv | ID = 1512 Description = Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator. DETAIL - Insufficient system resources exist to complete the requested service. Error - 10/14/2010 7:18:59 PM | Computer Name = SARAH | Source = Userenv | ID = 1512 Description = Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator. DETAIL - Insufficient system resources exist to complete the requested service. Error - 10/14/2010 8:23:49 PM | Computer Name = SARAH | Source = Userenv | ID = 1512 Description = Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator. DETAIL - Insufficient system resources exist to complete the requested service. Error - 10/14/2010 10:24:13 PM | Computer Name = SARAH | Source = Userenv | ID = 1512 Description = Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator. DETAIL - Insufficient system resources exist to complete the requested service. Error - 10/15/2010 10:30:42 AM | Computer Name = SARAH | Source = Userenv | ID = 1512 Description = Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator. DETAIL - Insufficient system resources exist to complete the requested service. Error - 10/15/2010 12:53:24 PM | Computer Name = SARAH | Source = Userenv | ID = 1512 Description = Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator. DETAIL - Insufficient system resources exist to complete the requested service. Error - 10/15/2010 1:23:00 PM | Computer Name = SARAH | Source = Userenv | ID = 1512 Description = Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator. DETAIL - Insufficient system resources exist to complete the requested service. [ System Events ] Error - 10/11/2010 12:41:50 PM | Computer Name = SARAH | Source = DCOM | ID = 10000 Description = Unable to start a DCOM Server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}. The error: "%3" Happened while starting this command: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" -Embedding Error - 10/12/2010 12:59:39 PM | Computer Name = SARAH | Source = DCOM | ID = 10000 Description = Unable to start a DCOM Server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}. The error: "%3" Happened while starting this command: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" -Embedding Error - 10/13/2010 12:59:11 PM | Computer Name = SARAH | Source = DCOM | ID = 10000 Description = Unable to start a DCOM Server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}. The error: "%3" Happened while starting this command: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" -Embedding Error - 10/14/2010 1:35:30 PM | Computer Name = SARAH | Source = DCOM | ID = 10000 Description = Unable to start a DCOM Server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}. The error: "%3" Happened while starting this command: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" -Embedding Error - 10/14/2010 3:38:30 PM | Computer Name = SARAH | Source = Microsoft Antimalware | ID = 1008 Description = %%861 has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...atid=2147624181 User: SARAH\Sarah T Name: Rogue:Win32/FakeVimes ID: 2147624181 Severity: Severe Category: Trojan Path: Action: %%808 Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.91.1759.0, AS: 1.91.1759.0 Engine Version: 1.1.6201.0 Error - 10/14/2010 5:32:49 PM | Computer Name = SARAH | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Microsoft Antimalware Service service to connect. Error - 10/14/2010 5:32:49 PM | Computer Name = SARAH | Source = Service Control Manager | ID = 7000 Description = The Microsoft Antimalware Service service failed to start due to the following error: %%1053 Error - 10/14/2010 5:33:21 PM | Computer Name = SARAH | Source = DCOM | ID = 10010 Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register with DCOM within the required timeout. Error - 10/14/2010 6:50:19 PM | Computer Name = SARAH | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: IntelIde Error - 10/15/2010 3:39:46 PM | Computer Name = SARAH | Source = DCOM | ID = 10000 Description = Unable to start a DCOM Server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}. The error: "%3" Happened while starting this command: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" -Embedding < End of report >
  12. I can't do the OTL thing (I'm on a macbook trying to download it to a flash drive). When I click on OTL in your message, it just takes me to a blank screen. Thanks for trying to help me though. Is there another way to download OTL? Should I skip this and download rookit unhooker?
  13. Hi. I used a recent post to remove smart engine from my laptop (Microsoftwindows XP). Smart engine appears to be gone, but I can no longer connect to the internet on the laptop. The post that I used (by Metallica) says "The rogue replaces your hosts file, so you may have to restore the old one. You can find third-party hosts file alternatives at hpHosts or at mvps.org or you can simply reset the default hosts file as outlined here by Microsoft." I tried running the microsoft fix using a flashdrive, but I still can't connect even though the green bars on the bottom of the screen say that the connection is very strong. Please help me! How can I fix my hosts file?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.