Trojan sending spam emails from my computer- PLEASE help! |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
|
|
|
 Nov 1 2009, 07:25 PM
Post
#1
|
|
|
Member  Posts: 11 OS: windows vista  |
Hi, I posted here 2 weeks ago with this problem and nobody responded to my post
 Hoping that it just got overlooked, I'm trying again. I am at a loss for what to do- I have run multiple scans (AVG and McAfee), downloaded Malware Bytes anti-malware, and nothing seems to detect a problem. Actually- about 2 weeks ago, AVG did pop up with an "infection detected" alert, saying I had a Trojan, but it wouldn't let me remove it, only quarantine it. And of course it didn't stop the problem. Basically, McAfee email scan starts running in my toolbar whenever I sign on to the Internet, keeping tabs on how many emails are being sent- hundreds every hour. Occasionally, an alert pops up saying an email couldn't be sent because my IP has been "blacklisted" by somebody's spam-arresting program. At this point I can look at the email log & it is just hundreds of addresses in alphabetical order- obviously spam emails. I use webmail for my email so obviously I have no idea where these emails are originating. That- and my Myspace account has been repeatedly "phished" despite the fact that I sign on to it probably once a week and never click on links there. I have changed my password 10 times & it still happens. I have no idea if it is related but I also use my computer for online banking & am afraid whatever this is will somehow get ahold of that information! I downloaded Hijack This and here is my log- PLEASE can somebody offer some insight- it will be greatly appreciated! Thank you!!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:17:08 PM, on 11/1/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16916) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Lexmark Z2400 Series\lxdqMsdMon.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Walgreens\Walgreens PhotoShow 4\data\Xtras\mssysmgr.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe c:\PROGRA~1\COMMON~1\mcafee\emproxy\emtray.exe C:\Program Files\Microsoft Streets & Trips\Streets.exe C:\Windows\system32\Taskmgr.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\taskeng.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [lxdqmon.exe] "C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe" O4 - HKLM\..\Run: [lxdqamon] "C:\Program Files\Lexmark Z2400 Series\lxdqamon.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: FREE OFFER from Audible.com.lnk = C:\Users\Danielle\AppData\Local\Temp\HelpInstaller_StartUp.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{85DA0C2A-FC2F-44A9-9189-2A4C839EBA6F}: NameServer = 75.116.63.154 75.116.127.154 O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll O23 - Service: McAfee Application Installer Cleanup (0120441256395952) (0120441256395952mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\012044~1.EXE O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: lxdqCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdqserv.exe O23 - Service: lxdq_device - - C:\Windows\system32\lxdqcoms.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 13166 bytes |
 |
 
|
 |
Replies
(1 - 14)
|
Nov 2 2009, 05:39 AM
Post
#2
|
|
 Trusted Helper  Posts: 4,613 From: London, UK OS: XP |
Hello woofless
welcome to geekstogo  sorry to overlook your prior log. lets get some scans done for me to analyse, but firstly we need to sort out your security programs. you should only have one antivirus and one antispyware program running at anyone time. running more than one can cause conflict, slow down your machine and provide less, not more, protection. therefore, could you disable or uninstall two of them please. also, i would stop using this machine for online banking or accessing other password protected sites until we get it clean. from a clean machine, i would advise changing the passwords to those sites. and then: ====STEP 1==== go to http://www.geekstogo.com/forum/Malware-Spy...uide-t2852.html and run RootRepeal in Step Five: Rootkit Detection ====STEP 2==== from the same page, go to Step Six: Post an OTL Log and run the OTL log, include the custom scan as explained on that page. In your next reply could i see: 1. the RootRepeal log 2. the OTL log The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts. andrewuk |
|
|
|
|
Nov 6 2009, 10:59 AM
Post
#3
|
|
|
Member Posts: 11 OS: windows vista |
Hi, and THANK YOU for replying!!
Sorry it took a while to respond, been busy & my rural wireless internet speed has been slow as molasses. Unfortunately, it seems Root Repeal isn't working properly for me. When I open the program I get an error message that says FOPS DeviceIOControl Error! Error Code = 0xc0000024 (Extended Info 0x00000134). Then when I follow the instructions to scan, it gives me this error report: 10:34:20: DeviceIoControl Error! Error Code = 0x0 10:34:20: DeviceIoControl Error! Error Code = 0x0 10:34:20: DeviceIoControl Error! Error Code = 0x0 10:34:20: DeviceIoControl Error! Error Code = 0x0 10:34:20: DeviceIoControl Error! Error Code = 0x0 10:34:20: DeviceIoControl Error! Error Code = 0x0 10:34:20: Could not get the name for PID 4. 10:34:20: Could not get the name for PID 468. 10:34:20: Could not get the name for PID 532. 10:34:20: Could not get the name for PID 580. 10:34:20: Could not get the name for PID 592. 10:34:20: Could not get the name for PID 636. 10:34:20: Could not get the name for PID 648. 10:34:20: Could not get the name for PID 656. 10:34:20: Could not get the name for PID 696. 10:34:20: Could not get the name for PID 936. 10:34:20: Could not get the name for PID 980. 10:34:20: Could not get the name for PID 1028. 10:34:20: Could not get the name for PID 1060. 10:34:20: Could not get the name for PID 1148. 10:34:20: Could not get the name for PID 1164. 10:34:20: Could not get the name for PID 1204. 10:34:20: Could not get the name for PID 1220. 10:34:20: Could not get the name for PID 1352. 10:34:20: Could not get the name for PID 1428. 10:34:20: Could not get the name for PID 1472. 10:34:20: Could not get the name for PID 1556. 10:34:20: Could not get the name for PID 1688. 10:34:20: Could not get the name for PID 1872. 10:34:20: Could not get the name for PID 1904. 10:34:20: Could not get the name for PID 484. 10:34:20: Could not get the name for PID 12. 10:34:20: Could not get the name for PID 836. 10:34:20: Could not get the name for PID 1640. 10:34:20: Could not get the name for PID 1972. 10:34:20: Could not get the name for PID 932. 10:34:20: Could not get the name for PID 812. 10:34:20: Could not get the name for PID 2060. 10:34:20: Could not get the name for PID 2072. 10:34:20: Could not get the name for PID 2152. 10:34:20: Could not get the name for PID 2160. 10:34:20: Could not get the name for PID 2256. 10:34:20: Could not get the name for PID 2296. 10:34:20: Could not get the name for PID 2344. 10:34:20: Could not get the name for PID 2368. 10:34:20: Could not get the name for PID 2420. 10:34:20: Could not get the name for PID 2480. 10:34:20: Could not get the name for PID 2504. 10:34:20: Could not get the name for PID 2532. 10:34:20: Could not get the name for PID 2556. 10:34:20: Could not get the name for PID 2596. 10:34:20: Could not get the name for PID 3980. 10:34:20: Could not get the name for PID 4060. 10:34:20: Could not get the name for PID 3784. 10:34:20: Could not get the name for PID 3364. 10:34:20: Could not get the name for PID 1944. 10:34:20: Could not get the name for PID 3112. 10:34:20: Could not get the name for PID 2652. 10:34:20: Could not get the name for PID 1960. 10:34:20: Could not get the name for PID 2620. 10:34:20: Could not get the name for PID 1468. 10:34:20: Could not get the name for PID 3884. 10:34:20: Could not get the name for PID 3316. 10:34:20: Could not get the name for PID 3340. 10:34:20: Could not get the name for PID 3400. 10:34:20: Could not get the name for PID 3908. 10:34:20: Could not get the name for PID 832. 10:34:20: Could not get the name for PID 2204. 10:34:20: Could not get the name for PID 2512. 10:34:20: Could not get the name for PID 3136. 10:34:20: Could not get the name for PID 5356. 10:34:20: Could not get the name for PID 5896. 10:34:20: Could not get the name for PID 3768. 10:34:20: Could not get the name for PID 4892. 10:34:20: Could not get the name for PID 5984. 10:34:20: Could not get the name for PID 4912. 10:34:20: Could not get the name for PID 4968. 10:34:20: Could not get the name for PID 5488. 10:34:20: Could not get the name for PID 5052. 10:34:20: DeviceIoControl Error! Error Code = 0xc0000024 10:34:20: DeviceIoControl Error! Error Code = 0xc0000024 10:34:40: Warning - the number of SSDT entries from the kernel and the number on-disk are different (0 and 398). 10:34:40: DeviceIoControl Error! Error Code = 0x0 10:34:40: WARNING: The SSDT in our driver has been faked (0x00000250)! 10:34:40: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x00000134) 10:34:40: Could not read system registry! Please contact the author! And this is all I get for a scan: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/11/06 10:34 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP0 ================================================== SSDT ------------------- SYSENTER/INT2E Hooked [0x8208c9c0]! ==EOF====EOF== I closed all the programs I had running (Internet explorer, Verizon Wireless & MS Streets & Trips) before the scan. I also tried selecting Run as administrator...every time, the same thing. What do I do? And let me know if you still want me to go ahead and try the OTL Log....I haven't downloaded it yet. Thanks!! |
|
|
|
|
Nov 6 2009, 11:06 AM
Post
#4
|
|
|
Trusted Helper Posts: 4,613 From: London, UK OS: XP |
yes, carry on with the OTL scan.
andrewuk |
|
|
|
|
Nov 6 2009, 03:55 PM
Post
#5
|
|
|
Member Posts: 11 OS: windows vista |
Okay, here is my OTL scan log & OTL "extras" log. I will also mention I did uninstall Avast & disabled as much of McAfee as I could figure out, but it still shows up in this OTL scan. As far as I can tell, AVG is the only antivirus program actively running scans & updates on my computer- let me know if I need to go back & try again:
OTL logfile created on: 11/6/2009 11:42:00 AM - Run 1 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Danielle\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16916) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 893.44 Mb Total Physical Memory | 445.43 Mb Available Physical Memory | 49.86% Memory free 1.99 Gb Paging File | 1.11 Gb Available in Paging File | 55.46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 184.84 Gb Total Space | 112.59 Gb Free Space | 60.91% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DANIELLE-PC Current User Name: Danielle Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/11/06 11:39:46 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Danielle\Desktop\OTL.exe PRC - [2009/11/03 09:22:43 | 02,028,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe PRC - [2009/10/01 20:02:03 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2009/10/01 20:02:03 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2009/10/01 20:02:01 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe PRC - [2009/10/01 20:01:37 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe PRC - [2009/10/01 20:01:34 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2009/09/16 13:48:40 | 00,092,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2009/08/27 05:24:26 | 00,301,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe PRC - [2009/01/11 16:39:40 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008/10/29 00:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/06/19 19:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe PRC - [2008/06/13 17:27:34 | 02,752,512 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe PRC - [2008/03/27 09:04:22 | 00,025,256 | ---- | M] () -- C:\Program Files\Lexmark Z2400 Series\lxdqmsdmon.exe PRC - [2008/02/27 17:09:44 | 00,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdqcoms.exe PRC - [2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe PRC - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe PRC - [2007/08/30 16:43:18 | 00,103,664 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe PRC - [2007/08/03 22:33:14 | 00,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2007/07/13 07:14:56 | 00,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe PRC - [2007/06/19 07:55:24 | 00,841,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe PRC - [2007/04/27 21:15:46 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2007/04/24 22:55:58 | 00,593,920 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe PRC - [2007/04/24 22:55:58 | 00,593,920 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe PRC - [2007/04/02 17:21:54 | 00,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe PRC - [2007/03/29 11:39:20 | 00,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe PRC - [2007/02/25 22:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2007/02/13 11:09:12 | 00,540,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe PRC - [2007/01/25 18:50:26 | 00,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe PRC - [2007/01/25 18:47:50 | 00,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe PRC - [2007/01/22 09:59:08 | 00,417,792 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe PRC - [2006/11/14 21:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe PRC - [2006/11/02 03:46:02 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe PRC - [2006/10/26 21:24:54 | 00,098,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2006/10/05 13:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006/09/28 19:09:14 | 00,700,416 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe PRC - [2006/09/11 16:21:16 | 00,180,224 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe PRC - [2006/09/08 16:06:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe PRC - [2006/09/08 15:54:30 | 00,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe PRC - [2006/08/23 17:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006/05/25 19:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2006/04/20 00:35:00 | 00,237,568 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\Walgreens\Walgreens PhotoShow 4\data\Xtras\mssysmgr.exe PRC - [1999/12/12 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTSVCCDA.EXE ========== Modules (SafeList) ========== MOD - [2009/11/06 11:39:46 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Danielle\Desktop\OTL.exe MOD - [2009/10/06 10:42:48 | 00,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll MOD - [2009/10/01 20:04:59 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll MOD - [2007/05/16 17:29:03 | 01,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20533_none_4634c4a0218d65c1\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2009/10/01 20:01:37 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc) SRV - [2009/10/01 20:01:34 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2009/09/16 13:48:40 | 00,092,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2009/05/03 00:50:09 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2008/07/27 12:00:25 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/06/19 19:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008/06/19 19:17:50 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008/06/19 19:17:49 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008/02/27 17:09:44 | 00,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdqcoms.exe -- (lxdq_device) SRV - [2008/02/27 17:09:33 | 00,098,984 | ---- | M] () -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe -- (lxdqCATSCustConnectService) SRV - [2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc) SRV - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2007/09/02 07:32:43 | 00,265,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/06/19 07:55:24 | 00,841,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2007/05/21 12:31:44 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager) SRV - [2007/04/27 21:15:46 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2007/04/24 22:55:58 | 00,593,920 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility) SRV - [2007/04/02 17:21:54 | 00,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService) SRV - [2007/03/29 11:39:20 | 00,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007/02/25 22:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2007/02/13 11:09:12 | 00,540,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe -- (McAfee HackerWatch Service) SRV - [2007/01/25 18:50:26 | 00,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr) SRV - [2007/01/25 18:47:50 | 00,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger) SRV - [2006/11/14 21:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2006/11/02 06:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006/11/02 06:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched) SRV - [2006/11/02 06:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart) SRV - [2006/11/02 06:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr) SRV - [2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/05 13:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006/08/23 17:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006/05/25 19:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [1999/12/12 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTSVCCDA.EXE -- (Creative Service for CDROM Access) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/05 14:58:21 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/08 02:02:16 | 00,000,000 | ---D | M] O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [lxdqamon] C:\Program Files\Lexmark Z2400 Series\lxdqamon.exe () O4 - HKLM..\Run: [lxdqmon.exe] C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe () O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe () O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe File not found O4 - HKCU..\Run: [Walgreens PhotoShow Media Manager] C:\Program Files\Walgreens\Walgreens PhotoShow 4\data\Xtras\mssysmgr.exe (Simple Star, Inc.) O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - Startup: C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FREE OFFER from Audible.com.lnk = C:\Users\Danielle\AppData\Local\Temp\HelpInstaller_StartUp.exe (Audible Inc.) O4 - Startup: C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (Smith Micro Software, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2006/11/02 05:18:47 | 00,000,000 | ---D | M] NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found ========== Files/Folders - Created Within 14 Days ========== [2009/11/06 11:39:39 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Users\Danielle\Desktop\OTL.exe [2009/11/06 10:27:40 | 00,472,064 | ---- | C] ( ) -- C:\Users\Danielle\Desktop\RootRepeal.exe [2009/03/17 19:18:39 | 00,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDQhcp.dll [2009/03/17 19:18:38 | 00,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdqinpa.dll [2009/03/17 19:18:38 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdqiesc.dll [2009/03/17 19:18:36 | 01,101,824 | ---- | C] ( ) -- C:\Windows\System32\lxdqserv.dll [2009/03/17 19:18:36 | 00,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdqusb1.dll [2009/03/17 19:18:35 | 00,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdqpmui.dll [2009/03/17 19:18:35 | 00,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdqlmpm.dll [2009/03/17 19:18:35 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdqprox.dll [2009/03/17 19:18:33 | 00,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdqhbn3.dll [2009/03/17 19:18:30 | 00,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdqcomc.dll [2009/03/17 19:18:30 | 00,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdqcomm.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Danielle\Desktop\*.tmp files -> C:\Users\Danielle\Desktop\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2009/11/06 11:42:04 | 02,883,584 | -HS- | M] () -- C:\Users\Danielle\NTUSER.DAT [2009/11/06 11:39:46 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Danielle\Desktop\OTL.exe [2009/11/06 11:28:04 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/11/06 11:28:04 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/11/06 10:35:54 | 00,002,068 | ---- | M] () -- C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VZAccess Manager.lnk [2009/11/06 10:29:57 | 00,000,000 | ---- | M] () -- C:\Users\Danielle\Desktop\settings.dat [2009/11/06 10:28:01 | 00,472,064 | ---- | M] ( ) -- C:\Users\Danielle\Desktop\RootRepeal.exe [2009/11/06 09:53:40 | 44,744,893 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2009/11/06 08:50:43 | 00,002,525 | ---- | M] () -- C:\Users\Danielle\Desktop\Microsoft Streets & Trips 2007.lnk [2009/11/05 17:46:54 | 00,086,225 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg [2009/11/05 15:34:27 | 00,729,436 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/11/05 15:34:27 | 00,626,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2009/11/05 15:34:27 | 00,107,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2009/11/05 15:28:01 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009/11/05 15:27:51 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009/11/05 15:27:10 | 93,747,6096 | -HS- | M] () -- C:\hiberfil.sys [2009/11/05 15:25:31 | 00,019,596 | ---- | M] () -- C:\Windows\System32\Config.MPF [2009/11/05 15:23:40 | 06,291,456 | -H-- | M] () -- C:\Users\Danielle\AppData\Local\IconCache.db [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Danielle\Desktop\*.tmp files -> C:\Users\Danielle\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/11/06 10:29:57 | 00,000,000 | ---- | C] () -- C:\Users\Danielle\Desktop\settings.dat [2009/05/26 06:50:23 | 00,026,340 | ---- | C] () -- C:\Users\Danielle\AppData\Roaming\UserTile.png [2009/03/17 19:25:39 | 00,348,160 | ---- | C] () -- C:\Windows\System32\lxdqcoin.dll [2009/03/17 19:19:22 | 00,000,044 | ---- | C] () -- C:\Windows\System32\lxdqrwrd.ini [2009/03/17 19:18:39 | 00,348,160 | ---- | C] () -- C:\Windows\System32\LXDQinst.dll [2009/03/17 19:18:32 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdqgrd.dll [2009/02/11 22:11:29 | 06,291,456 | -H-- | C] () -- C:\Users\Danielle\AppData\Local\IconCache.db [2009/01/28 17:44:23 | 00,000,250 | ---- | C] () -- C:\Windows\gmer.ini [2009/01/28 17:44:12 | 00,884,736 | ---- | C] () -- C:\Windows\gmer.dll [2008/04/08 22:27:52 | 00,000,117 | ---- | C] () -- C:\Windows\civ.ini [2008/02/04 07:48:09 | 00,000,067 | ---- | C] () -- C:\Users\Danielle\AppData\Roaming\photoshow_express_setup.txt [2007/11/28 11:51:49 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdqvs.dll [2007/10/12 20:38:34 | 00,000,067 | ---- | C] () -- C:\Windows\swupdate.INI [2007/08/30 14:27:49 | 00,000,432 | ---- | C] () -- C:\Users\Danielle\AppData\Roaming\wklnhst.dat [2007/08/30 01:26:04 | 00,011,264 | ---- | C] () -- C:\Users\Danielle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/08/29 23:33:12 | 00,000,680 | ---- | C] () -- C:\Users\Danielle\AppData\Local\d3d9caps.dat [2007/08/29 21:32:04 | 00,082,720 | ---- | C] () -- C:\Users\Danielle\AppData\Local\GDIPFONTCACHEV1.DAT [2007/05/16 19:46:23 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{0a1e0bf4-0416-11dc-9bb7-0016d4f84854}.TMContainer00000000000000000002.regtrans-ms [2007/05/16 19:46:23 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{0a1e0bf4-0416-11dc-9bb7-0016d4f84854}.TMContainer00000000000000000001.regtrans-ms [2007/05/16 19:46:23 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{0a1e0bf4-0416-11dc-9bb7-0016d4f84854}.TM.blf [2007/05/16 19:46:22 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{0a1e0be4-0416-11dc-9bb7-0016d4f84854}.TMContainer00000000000000000002.regtrans-ms [2007/05/16 19:46:22 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{0a1e0be4-0416-11dc-9bb7-0016d4f84854}.TMContainer00000000000000000001.regtrans-ms [2007/05/16 19:46:22 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{0a1e0be4-0416-11dc-9bb7-0016d4f84854}.TM.blf [2007/05/16 19:46:21 | 00,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat [2007/05/16 19:46:21 | 00,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1 [2007/05/16 19:46:21 | 00,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2 [2007/05/16 19:40:56 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2007/05/16 19:40:55 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2007/05/16 19:40:55 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2007/05/16 19:40:55 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2007/05/16 19:40:55 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2007/05/16 19:40:55 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007/05/16 18:46:42 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2007/05/16 18:30:13 | 00,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2007/05/16 18:15:16 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2007/05/16 18:15:16 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2007/05/16 18:15:16 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2007/05/16 18:15:16 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2007/05/16 18:13:14 | 00,000,291 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007/04/24 22:57:36 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006/12/05 14:05:06 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006/11/02 06:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini [2006/11/02 06:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont [2006/11/02 06:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2006/11/02 06:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006/11/02 06:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006/11/02 06:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 04:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini [2006/11/02 04:23:31 | 00,000,192 | ---- | C] () -- C:\Windows\win.ini [2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/05/10 09:58:56 | 00,147,456 | ---- | C] () -- C:\Windows\pcmgrfx.dll [2006/05/09 10:36:24 | 00,151,552 | ---- | C] () -- C:\Windows\pmwssrv.dll [2006/05/09 10:36:24 | 00,151,552 | ---- | C] () -- C:\Windows\pcmsrv32.dll [2005/11/23 15:55:42 | 00,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll [2005/07/22 22:30:20 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll ========== LOP Check ========== [2007/08/29 21:33:17 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\ATI [2008/03/24 17:39:01 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\MusicNet [2009/05/26 06:50:21 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\PeerNetworking [2007/08/29 22:13:03 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\PlayFirst [2007/08/29 23:08:48 | 00,000,000 | RH-D | M] -- C:\Users\Danielle\AppData\Roaming\SecuROM [2008/02/04 07:48:04 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Simple Star [2009/04/11 20:23:16 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Smith Micro [2009/05/25 23:43:22 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\SPORE Creature Creator [2007/11/01 20:39:19 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Template [2008/04/21 17:21:57 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\TOSHIBA [2008/08/26 10:52:19 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Ulead Systems [2009/08/16 07:09:49 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Uniblue [2009/01/02 21:29:08 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\W Photo Studio [2009/01/02 21:25:58 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\W Photo Studio Viewer [2007/12/27 13:30:52 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Wal-Mart [2009/08/24 21:11:21 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Walgreens [2007/08/29 21:37:33 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\WildTangent [2007/08/29 22:16:12 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\WinBatch [2009/10/15 03:00:11 | 00,000,342 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job [2009/09/01 00:00:25 | 00,000,334 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job [2009/11/05 15:28:01 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT [2009/11/05 15:25:26 | 00,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\eventlog.dll /s /md5 > < %SYSTEMDRIVE%\scecli.dll /s /md5 > [2008/01/19 01:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006/11/02 03:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll [2006/11/02 03:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll < %SYSTEMDRIVE%\netlogon.dll /s /md5 > [2008/01/19 01:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll [2006/11/02 03:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll [2006/11/02 03:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll < %SYSTEMDRIVE%\cngaudit.dll /s /md5 > [2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > < %SYSTEMDRIVE%\nvstor.sys /s /md5 > [2008/01/19 01:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys [2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys < %SYSTEMDRIVE%\atapi.sys /s /md5 > [2008/01/19 01:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2008/02/15 03:06:52 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys [2008/02/15 03:06:52 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2006/11/02 03:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008/02/15 03:06:52 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008/02/15 03:06:50 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 > [2008/01/19 01:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2006/11/02 03:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006/11/02 03:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Danielle\Documents\04 Falling Down.mp3:TOC.WMV < End of report > OTL Extras logfile created on: 11/6/2009 11:42:00 AM - Run 1 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Danielle\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16916) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 893.44 Mb Total Physical Memory | 445.43 Mb Available Physical Memory | 49.86% Memory free 1.99 Gb Paging File | 1.11 Gb Available in Paging File | 55.46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 184.84 Gb Total Space | 112.59 Gb Free Space | 60.91% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DANIELLE-PC Current User Name: Danielle Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation) "C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{344BAD28-1C4F-4B01-BC4F-CA390E0B7E4E}" = lport=137 | protocol=17 | dir=in | app=system | "{39B3F4C2-47F1-491E-83D2-BC26D9175EB7}" = rport=137 | protocol=17 | dir=out | app=system | "{3FC8481A-6516-4976-A427-169A2D492580}" = lport=139 | protocol=6 | dir=in | app=system | "{522B5B55-9500-484C-9122-633AB6F3E7AC}" = lport=445 | protocol=6 | dir=in | app=system | "{596D1A8B-6169-4CDE-9398-37BE8AC91D6D}" = rport=138 | protocol=17 | dir=out | app=system | "{6FDA37FC-6FD1-4320-BD74-35CCE5190EDD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{78CD4DD8-7A35-4185-972C-434365E7DDAF}" = rport=139 | protocol=6 | dir=out | app=system | "{82E1704D-8AAD-49D4-877D-4ACFF0F83E59}" = rport=445 | protocol=6 | dir=out | app=system | "{9BF2ACF3-C81A-407C-99D2-930D5B49CA44}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{AD3E7439-2B05-4D12-A8E9-F57B258936B0}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1066A7B9-6D54-48D1-BEEF-E139617C4DC3}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqpswx.exe | "{15966BD8-FF57-49AF-90E2-EC2C9A12EC50}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqtime.exe | "{1C133516-410E-468F-BAA8-CD569FBBCBD6}" = protocol=6 | dir=in | app=c:\windows\system32\lxdqcoms.exe | "{226B1395-A288-411B-A8EA-05CB4E594CD7}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqtime.exe | "{27EBFD60-DE35-4D1B-80D9-3F549FFB1480}" = protocol=6 | dir=in | app=c:\program files\lexmark z2400 series\lxdqmon.exe | "{2FD54F10-3F17-4F1E-866A-FA8B2FD5EE86}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | "{3CC09983-42A9-4194-B988-F5D597A0318D}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | "{3ED9FA52-12FA-4464-98DE-A27D9E9FFB5D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{49FD6C53-797E-407A-8E1C-7817364D4B50}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe | "{4DBC1FD5-25C9-4063-81F3-A12EC9649439}" = protocol=6 | dir=in | app=c:\program files\lexmark z2400 series\frun.exe | "{55AECB87-9FEB-43AB-8D54-43A902D6C8CA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{70A67F47-5843-4F29-8747-C9302DAB8485}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{7492F758-3F9B-47EC-9846-5B1919ECFF8E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{76EEEF4A-8A91-4BCE-85FF-99E78981CB56}" = protocol=17 | dir=in | app=c:\program files\lexmark z2400 series\frun.exe | "{7F3441C5-2BD3-4689-AC0C-F6C1961D4F39}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe | "{848A0CBC-5EC2-45F3-9356-3D2A01E4800E}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | "{90771C38-A6C8-4D7A-B101-A51911E2CE9A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqpswx.exe | "{92149CFF-6E87-45D1-9ED3-A70C8D812CE7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | "{9B1420B6-BE91-448D-BC98-4C1B8B2F9009}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{9B554924-1BC8-4A66-8F06-4FBC073DD36C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{A191199E-FAA8-43C9-8791-3F3A1061B3F7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | "{AC4A6B2D-DA31-400B-81E4-491C2EEDD7B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{AE672547-E9BF-4499-B281-BAAE44BAE048}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B49D1C39-BA5D-46A3-ABCA-591A818072AB}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | "{BAE5E0A4-3EA0-46C5-8D07-39C008A96D75}" = protocol=17 | dir=in | app=c:\windows\system32\lxdqcoms.exe | "{BDBBBF19-CEB9-432B-9D46-A42B1A759FEF}" = protocol=17 | dir=in | app=c:\program files\lexmark z2400 series\lxdqamon.exe | "{BF916ABA-9BBB-42D0-9B3F-CFABBD347985}" = protocol=6 | dir=in | app=c:\program files\lexmark z2400 series\lxdqamon.exe | "{CE513C88-9A21-418B-AB73-04BFB2459BC3}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe | "{D83F4198-E0D5-4869-AFA4-74E1192D39DA}" = protocol=17 | dir=in | app=c:\program files\lexmark z2400 series\lxdqmon.exe | "TCP Query User{2117F753-2772-4C2C-82BF-A53B78900104}C:\windows\system32\spool\drivers\w32x86\3\lxdqpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqpswx.exe | "TCP Query User{419EE5B9-C29C-4C3E-83A0-C08FEB537CFD}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{6DBE67B8-744C-4E36-A25B-CA133DCAACF4}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{CAA8B639-4BA9-4DE1-B2E5-964DAA7853FC}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe | "TCP Query User{CB4594DF-D840-4430-9F27-7F9069ECD607}C:\program files\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files\napster\napster.exe | "TCP Query User{E170D299-BE2E-418D-8BD4-E75189592BDC}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{F087DE2F-EE44-45B3-8D22-BA4EAE881A8D}C:\program files\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files\napster\napster.exe | "UDP Query User{0653258A-7434-4480-873D-0DAE27151715}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{3F38127E-8F99-40A2-9A11-C15BA06D32AD}C:\program files\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files\napster\napster.exe | "UDP Query User{6C673429-80D4-44D0-94A0-A36821749426}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe | "UDP Query User{7BB5B11D-F86B-4C77-91CD-D6CA241E6983}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{84B8DDF8-4AD4-4B24-85F4-2DD07BDBCB7C}C:\windows\system32\spool\drivers\w32x86\3\lxdqpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqpswx.exe | "UDP Query User{AA775513-EA53-4632-8E95-03E585142719}C:\program files\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files\napster\napster.exe | "UDP Query User{DC3B1481-CED2-482A-BA57-6EF82C521C14}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003B5184-F3DF-AF76-CB17-D35B7BB46B81}" = CCC Help Japanese "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0 "{0E9C4531-58C4-4349-AD2F-A4D999E451EC}" = TOSHIBA Music "{0F6932CF-E642-5A7A-8194-3F7443188287}" = CCC Help Turkish "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar "{103A43D9-9ED8-E78D-7BF1-E536DFE6FC9F}" = Catalyst Control Center Localization Greek "{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{12887AF2-AE16-34CC-E85C-637DF6911C8C}" = Catalyst Control Center Localization Turkish "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{13614186-B0A0-AA21-F75A-2097F9167DB8}" = CCC Help Portuguese "{177B615E-47B1-C1C4-6F3B-7D6FEB8D4564}" = CCC Help Thai "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24E7B19B-EA09-483F-8735-97DD371E861B}" = SA32xx Media Converter "{26210745-925C-8AE4-F3B9-5FA737A1F6F2}" = CCC Help Russian "{2768CDA5-57DA-59D4-884F-A0F8A5B36D3E}" = CCC Help Finnish "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{29DC966A-DA3E-3ED4-68E7-6D3D9A055B42}" = Catalyst Control Center Localization Korean "{2E7A9DDC-E062-0074-08AB-DE7D1B431F75}" = Catalyst Control Center Localization Chinese Traditional "{2FAE3800-CC47-C556-C57F-A91851BF7854}" = CCC Help French "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6 "{33824DAC-3F98-0BB6-56D5-7DE1A3CCC068}" = Catalyst Control Center Localization German "{3621A2DF-0870-FE7E-674F-1DBCB18C5D22}" = ccc-utility "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba "{3F11CE8A-388B-0D3A-DF6F-061F23A13D26}" = CCC Help Korean "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0 "{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager "{41DD15BE-811D-7DEF-19A9-30AF18F75EFF}" = Catalyst Control Center Localization Thai "{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades "{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{52F368DE-06BD-E116-9233-D1DE207BDFE6}" = CCC Help Dutch "{53BABC75-1DC1-479B-224B-1EB9E18A799B}" = CCC Help German "{56797214-1A4C-052E-1ECE-B00308BF3362}" = CCC Help Chinese Standard "{572D71E9-5102-74B3-5D22-DEDF911F7FE5}" = CCC Help Italian "{5BA0C9F0-3B01-91A3-6922-4DCF943D9CBE}" = CCC Help English "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{6080CE3C-2CB3-2FA3-1CE2-3350B06664BC}" = CCC Help Swedish "{611E35B8-7F46-DDBB-CC4F-FAAED6C054FF}" = Catalyst Control Center Localization Spanish "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{678F1F2D-F214-08D4-67FB-AC04316C4940}" = ccc-core-static "{6A0B868C-89BE-ACF1-8C0A-CC88878A9E46}" = Catalyst Control Center Localization Russian "{6C4734CF-A10C-DFF4-5565-457F33849862}" = Catalyst Control Center Localization Swedish "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{6DCBB845-0FA4-4723-A40A-1F320C221C30}" = Sprint Mobile Broadband (Sierra) "{6DECCD60-782D-7B14-22DE-FB8D6EA46433}" = CCC Help Polish "{715044AC-B95E-4CD0-9B0C-CEDDB422F93B}" = CCC Help Czech "{724A8BEC-B350-1C76-C580-959AEA487108}" = Catalyst Control Center Localization Japanese "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree "{7994AA46-4BA6-4349-1606-1DF4148CE05B}" = CCC Help Hungarian "{7AFBAC39-F6A8-9F8D-6A6D-F134F7E34B6E}" = Catalyst Control Center Localization Danish "{7B57819C-B479-463D-97CE-F46F12386765}" = PC*MILER 20 "{7CDC26F7-D6BF-442A-B599-0075A48310F7}" = SA32xx Device Manager "{845D19A7-0BBF-12DF-87CF-F5D468930EA6}" = Catalyst Control Center Localization Czech "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{8CC42289-E228-4A35-B8A9-015242283BB2}" = SPORE™ Creature Creator "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90BF970B-3335-CFD5-711C-9FE0310A97C0}" = CCC Help Greek "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{926593ED-3962-4630-7CE3-34FF1B4ACCF3}" = Catalyst Control Center Localization Finnish "{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2) "{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe "{9EB0D4D4-87A5-52F5-C59C-159F81BED0E6}" = Catalyst Control Center Graphics Previews Vista "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A91383E9-0311-DB40-6AF6-3F9E80F83E84}" = Catalyst Control Center Localization Portuguese "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{B1211E68-4DA2-7942-BE75-14272A8C1EA9}" = Catalyst Control Center Localization Dutch "{B1F8FA80-EFA5-EC12-AD36-F5266EF90B61}" = CCC Help Danish "{B4369E44-8703-E769-A711-40EE5000AC2C}" = Catalyst Control Center Core Implementation "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B7DE7B5E-4A2B-B709-E133-EC74C81E654A}" = Catalyst Control Center Graphics Full New "{B87A3B9F-7632-E053-2148-8EDD1A787B78}" = Catalyst Control Center Localization Chinese Standard "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{C1771DDC-BEA1-4375-B2A2-B46F43ACB476}" = Wal-Mart Digital Photo Manager "{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration "{C7EA6173-A2B8-D45E-A0EE-74F8D2C58D30}" = Catalyst Control Center Localization Hungarian "{C82185E8-C27B-4EF4-2007-4444BC2C2B6D}" = Microsoft Streets & Trips 2007 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CBF3C503-946E-45EA-B347-EACC41781989}" = W Photo Studio "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D1C3920F-1DC3-A2FA-BF5E-7497B5EF072E}" = Catalyst Control Center Localization Norwegian "{D57ACD92-6A27-43BB-B3AE-894930940D41}" = SA32xx Media Converter "{D95AAA04-9BEF-54B3-CD70-348AC1155DAB}" = Catalyst Control Center Graphics Full Existing "{D9C7C58C-AC51-EDBF-CF22-E4E1B93ED50D}" = Skins "{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI "{DDC4619D-1DC8-C2A7-4968-45586F237131}" = CCC Help Norwegian "{E015B7D9-01AD-FE29-052A-489F4F29ED7F}" = Catalyst Control Center Graphics Light "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E7511B20-2857-3F50-1B84-F0F32C519FE1}" = CCC Help Chinese Traditional "{EB5BE9DE-6025-6227-0C25-AE5C852EC479}" = Catalyst Control Center Localization Polish "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{EC28331A-FF2B-6D66-D8A0-32C706AEA120}" = CCC Help Spanish "{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F2B27034-6059-0549-F01A-4BD9865521B1}" = Catalyst Control Center Localization French "{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6.20080304 "{FBE6B550-A93E-AA46-1DBB-421EC319E2DA}" = Catalyst Control Center Localization Italian "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "<PRODUCT_GUID>" = PC*MILER Streets 20.0 "2002 Games" = 2002 Games "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "Adobe Shockwave Player" = Adobe Shockwave Player "ATI Uninstaller" = ATI Uninstaller "AudibleManager" = AudibleManager "AVG8Uninstall" = AVG Free 8.5 "Bejeweled Deluxe 1.862" = Bejeweled Deluxe 1.862 "CivCity Rome" = CivCity Rome 1.1 "Coupon Printer for Windows4.0" = Coupon Printer for Windows "Creative Removable Disk Manager" = Creative Removable Disk Manager "Desktop Dialer" = Desktop Dialer "Digital Camera Device Driver" = Digital Camera Device Driver "Google Desktop" = Google Desktop "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers. "InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Lexmark Z2400 Series" = Lexmark Z2400 Series "Mah Jong Quest" = Mah Jong Quest (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSC" = McAfee SecurityCenter "oggcodecs" = oggcodecs 0.71.0946 "Picasa2" = Picasa 2 "Puzzle and Board XP Championship" = Puzzle and Board XP Championship "Sid Meier's Civilization III Gold" = Sid Meier's Civilization III Gold 1.0 "Super Winspy_is1" = Super Winspy v3.3 "SysInfo" = Creative System Information "TOSHIBA Game Console" = TOSHIBA Game Console "TOSHIBA Media Center Game Console" = TOSHIBA Media Center Game Console "TOSHIBA Software Modem" = TOSHIBA Software Modem "VZAccess Manager" = VZAccess Manager "Walgreens PhotoShow Express 4" = Walgreens PhotoShow Express 4 "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WT022084" = Bejeweled 2 Deluxe "WT022085" = Blackhawk Striker 2 "WT022086" = Blasterball 3 "WT022087" = Diner Dash - Flo on the Go "WT022089" = FATE "WT022090" = Mah Jong Quest "WT022091" = Penguins! "WT022092" = Polar Bowler "WT022093" = Polar Golfer "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 10/30/2009 1:35:02 PM | Computer Name = Danielle-PC | Source = McLogEvent | ID = 5051 Description = Error - 10/30/2009 1:54:34 PM | Computer Name = Danielle-PC | Source = McLogEvent | ID = 5051 Description = Error - 11/1/2009 12:05:39 PM | Computer Name = Danielle-PC | Source = Application Error | ID = 1000 Description = Faulting application emproxy.exe, version 11.2.206.0, time stamp 0x45a822c7, faulting module emproxy.exe, version 11.2.206.0, time stamp 0x45a822c7, exception code 0xc0000005, fault offset 0x000050dc, process id 0xf64, application start time 0x01ca596c77923110. Error - 11/1/2009 2:31:54 PM | Computer Name = Danielle-PC | Source = McLogEvent | ID = 5051 Description = Error - 11/1/2009 2:52:14 PM | Computer Name = Danielle-PC | Source = McLogEvent | ID = 5051 Description = Error - 11/1/2009 8:50:07 PM | Computer Name = Danielle-PC | Source = Application Error | ID = 1000 Description = Faulting application emproxy.exe, version 11.2.206.0, time stamp 0x45a822c7, faulting module emproxy.exe, version 11.2.206.0, time stamp 0x45a822c7, exception code 0xc0000005, fault offset 0x000344b7, process id 0x7d8, application start time 0x01ca5b0d44ff87a0. Error - 11/2/2009 8:46:29 PM | Computer Name = Danielle-PC | Source = Application Error | ID = 1000 Description = Faulting application emproxy.exe, version 11.2.206.0, time stamp 0x45a822c7, faulting module emproxy.exe, version 11.2.206.0, time stamp 0x45a822c7, exception code 0xc0000005, fault offset 0x000050dc, process id 0x1564, application start time 0x01ca5b5685307160. Error - 11/3/2009 11:29:08 AM | Computer Name = Danielle-PC | Source = VSS | ID = 8194 Description = Error - 11/4/2009 11:17:02 AM | Computer Name = Danielle-PC | Source = VSS | ID = 8194 Description = Error - 11/6/2009 11:54:01 AM | Computer Name = Danielle-PC | Source = VSS | ID = 8194 Description = [ System Events ] Error - 11/5/2009 4:57:52 PM | Computer Name = Danielle-PC | Source = ACPI | ID = 327686 Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 5, function 0. Please contact your system vendor for technical assistance. Error - 11/5/2009 4:58:20 PM | Computer Name = Danielle-PC | Source = Microsoft-Windows-Kernel-WHEA | ID = 6 Description = Error - 11/5/2009 5:00:31 PM | Computer Name = Danielle-PC | Source = DCOM | ID = 10010 Description = Error - 11/5/2009 5:26:40 PM | Computer Name = Danielle-PC | Source = ACPI | ID = 327686 Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 6, function 0. Please contact your system vendor for technical assistance. Error - 11/5/2009 5:26:40 PM | Computer Name = Danielle-PC | Source = ACPI | ID = 327686 Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 7, function 0. Please contact your system vendor for technical assistance. Error - 11/5/2009 5:26:40 PM | Computer Name = Danielle-PC | Source = ACPI | ID = 327686 Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 5, function 0. Please contact your system vendor for technical assistance. Error - 11/5/2009 5:28:44 PM | Computer Name = Danielle-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11/5/2009 5:28:44 PM | Computer Name = Danielle-PC | Source = Service Control Manager | ID = 7009 Description = Error - 11/5/2009 5:28:44 PM | Computer Name = Danielle-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11/6/2009 11:57:26 AM | Computer Name = Danielle-PC | Source = Service Control Manager | ID = 7011 Description = < End of report > |
|
|
|
|
Nov 6 2009, 04:03 PM
Post
#6
|
|
|
Member Posts: 11 OS: windows vista |
Ok, here is my OTL scan & I will post the OTL Extras file in the next post. Also I will mention I did uninstall Avast & disabled as much of McAfee as I could figure out how to...it is still showing up on this scan but as far as I can tell AVG is the only program running scans currently.
OTL logfile created on: 11/6/2009 11:42:00 AM - Run 1 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Danielle\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16916) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 893.44 Mb Total Physical Memory | 445.43 Mb Available Physical Memory | 49.86% Memory free 1.99 Gb Paging File | 1.11 Gb Available in Paging File | 55.46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 184.84 Gb Total Space | 112.59 Gb Free Space | 60.91% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DANIELLE-PC Current User Name: Danielle Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/11/06 11:39:46 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Danielle\Desktop\OTL.exe PRC - [2009/11/03 09:22:43 | 02,028,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe PRC - [2009/10/01 20:02:03 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2009/10/01 20:02:03 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2009/10/01 20:02:01 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe PRC - [2009/10/01 20:01:37 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe PRC - [2009/10/01 20:01:34 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2009/09/16 13:48:40 | 00,092,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2009/08/27 05:24:26 | 00,301,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe PRC - [2009/01/11 16:39:40 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008/10/29 00:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/06/19 19:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe PRC - [2008/06/13 17:27:34 | 02,752,512 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe PRC - [2008/03/27 09:04:22 | 00,025,256 | ---- | M] () -- C:\Program Files\Lexmark Z2400 Series\lxdqmsdmon.exe PRC - [2008/02/27 17:09:44 | 00,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdqcoms.exe PRC - [2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe PRC - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe PRC - [2007/08/30 16:43:18 | 00,103,664 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe PRC - [2007/08/03 22:33:14 | 00,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2007/07/13 07:14:56 | 00,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe PRC - [2007/06/19 07:55:24 | 00,841,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe PRC - [2007/04/27 21:15:46 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2007/04/24 22:55:58 | 00,593,920 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe PRC - [2007/04/24 22:55:58 | 00,593,920 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe PRC - [2007/04/02 17:21:54 | 00,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe PRC - [2007/03/29 11:39:20 | 00,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe PRC - [2007/02/25 22:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2007/02/13 11:09:12 | 00,540,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe PRC - [2007/01/25 18:50:26 | 00,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe PRC - [2007/01/25 18:47:50 | 00,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe PRC - [2007/01/22 09:59:08 | 00,417,792 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe PRC - [2006/11/14 21:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe PRC - [2006/11/02 03:46:02 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe PRC - [2006/10/26 21:24:54 | 00,098,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2006/10/05 13:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006/09/28 19:09:14 | 00,700,416 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe PRC - [2006/09/11 16:21:16 | 00,180,224 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe PRC - [2006/09/08 16:06:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe PRC - [2006/09/08 15:54:30 | 00,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe PRC - [2006/08/23 17:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006/05/25 19:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2006/04/20 00:35:00 | 00,237,568 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\Walgreens\Walgreens PhotoShow 4\data\Xtras\mssysmgr.exe PRC - [1999/12/12 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTSVCCDA.EXE ========== Modules (SafeList) ========== MOD - [2009/11/06 11:39:46 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Danielle\Desktop\OTL.exe MOD - [2009/10/06 10:42:48 | 00,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll MOD - [2009/10/01 20:04:59 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll MOD - [2007/05/16 17:29:03 | 01,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20533_none_4634c4a0218d65c1\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2009/10/01 20:01:37 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc) SRV - [2009/10/01 20:01:34 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2009/09/16 13:48:40 | 00,092,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2009/05/03 00:50:09 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2008/07/27 12:00:25 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/06/19 19:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008/06/19 19:17:50 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008/06/19 19:17:49 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008/02/27 17:09:44 | 00,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdqcoms.exe -- (lxdq_device) SRV - [2008/02/27 17:09:33 | 00,098,984 | ---- | M] () -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe -- (lxdqCATSCustConnectService) SRV - [2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc) SRV - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2007/09/02 07:32:43 | 00,265,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/06/19 07:55:24 | 00,841,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2007/05/21 12:31:44 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager) SRV - [2007/04/27 21:15:46 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2007/04/24 22:55:58 | 00,593,920 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility) SRV - [2007/04/02 17:21:54 | 00,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService) SRV - [2007/03/29 11:39:20 | 00,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007/02/25 22:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2007/02/13 11:09:12 | 00,540,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe -- (McAfee HackerWatch Service) SRV - [2007/01/25 18:50:26 | 00,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr) SRV - [2007/01/25 18:47:50 | 00,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger) SRV - [2006/11/14 21:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2006/11/02 06:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006/11/02 06:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched) SRV - [2006/11/02 06:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart) SRV - [2006/11/02 06:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr) SRV - [2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/05 13:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006/08/23 17:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006/05/25 19:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [1999/12/12 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTSVCCDA.EXE -- (Creative Service for CDROM Access) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/05 14:58:21 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/08 02:02:16 | 00,000,000 | ---D | M] O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [lxdqamon] C:\Program Files\Lexmark Z2400 Series\lxdqamon.exe () O4 - HKLM..\Run: [lxdqmon.exe] C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe () O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe () O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe File not found O4 - HKCU..\Run: [Walgreens PhotoShow Media Manager] C:\Program Files\Walgreens\Walgreens PhotoShow 4\data\Xtras\mssysmgr.exe (Simple Star, Inc.) O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - Startup: C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FREE OFFER from Audible.com.lnk = C:\Users\Danielle\AppData\Local\Temp\HelpInstaller_StartUp.exe (Audible Inc.) O4 - Startup: C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (Smith Micro Software, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2006/11/02 05:18:47 | 00,000,000 | ---D | M] NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found ========== Files/Folders - Created Within 14 Days ========== [2009/11/06 11:39:39 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Users\Danielle\Desktop\OTL.exe [2009/11/06 10:27:40 | 00,472,064 | ---- | C] ( ) -- C:\Users\Danielle\Desktop\RootRepeal.exe [2009/03/17 19:18:39 | 00,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDQhcp.dll [2009/03/17 19:18:38 | 00,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdqinpa.dll [2009/03/17 19:18:38 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdqiesc.dll [2009/03/17 19:18:36 | 01,101,824 | ---- | C] ( ) -- C:\Windows\System32\lxdqserv.dll [2009/03/17 19:18:36 | 00,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdqusb1.dll [2009/03/17 19:18:35 | 00,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdqpmui.dll [2009/03/17 19:18:35 | 00,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdqlmpm.dll [2009/03/17 19:18:35 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdqprox.dll [2009/03/17 19:18:33 | 00,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdqhbn3.dll [2009/03/17 19:18:30 | 00,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdqcomc.dll [2009/03/17 19:18:30 | 00,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdqcomm.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Danielle\Desktop\*.tmp files -> C:\Users\Danielle\Desktop\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2009/11/06 11:42:04 | 02,883,584 | -HS- | M] () -- C:\Users\Danielle\NTUSER.DAT [2009/11/06 11:39:46 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Danielle\Desktop\OTL.exe [2009/11/06 11:28:04 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/11/06 11:28:04 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/11/06 10:35:54 | 00,002,068 | ---- | M] () -- C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VZAccess Manager.lnk [2009/11/06 10:29:57 | 00,000,000 | ---- | M] () -- C:\Users\Danielle\Desktop\settings.dat [2009/11/06 10:28:01 | 00,472,064 | ---- | M] ( ) -- C:\Users\Danielle\Desktop\RootRepeal.exe [2009/11/06 09:53:40 | 44,744,893 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2009/11/06 08:50:43 | 00,002,525 | ---- | M] () -- C:\Users\Danielle\Desktop\Microsoft Streets & Trips 2007.lnk [2009/11/05 17:46:54 | 00,086,225 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg [2009/11/05 15:34:27 | 00,729,436 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/11/05 15:34:27 | 00,626,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2009/11/05 15:34:27 | 00,107,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2009/11/05 15:28:01 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009/11/05 15:27:51 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009/11/05 15:27:10 | 93,747,6096 | -HS- | M] () -- C:\hiberfil.sys [2009/11/05 15:25:31 | 00,019,596 | ---- | M] () -- C:\Windows\System32\Config.MPF [2009/11/05 15:23:40 | 06,291,456 | -H-- | M] () -- C:\Users\Danielle\AppData\Local\IconCache.db [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Danielle\Desktop\*.tmp files -> C:\Users\Danielle\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/11/06 10:29:57 | 00,000,000 | ---- | C] () -- C:\Users\Danielle\Desktop\settings.dat [2009/05/26 06:50:23 | 00,026,340 | ---- | C] () -- C:\Users\Danielle\AppData\Roaming\UserTile.png [2009/03/17 19:25:39 | 00,348,160 | ---- | C] () -- C:\Windows\System32\lxdqcoin.dll [2009/03/17 19:19:22 | 00,000,044 | ---- | C] () -- C:\Windows\System32\lxdqrwrd.ini [2009/03/17 19:18:39 | 00,348,160 | ---- | C] () -- C:\Windows\System32\LXDQinst.dll [2009/03/17 19:18:32 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdqgrd.dll [2009/02/11 22:11:29 | 06,291,456 | -H-- | C] () -- C:\Users\Danielle\AppData\Local\IconCache.db [2009/01/28 17:44:23 | 00,000,250 | ---- | C] () -- C:\Windows\gmer.ini [2009/01/28 17:44:12 | 00,884,736 | ---- | C] () -- C:\Windows\gmer.dll [2008/04/08 22:27:52 | 00,000,117 | ---- | C] () -- C:\Windows\civ.ini [2008/02/04 07:48:09 | 00,000,067 | ---- | C] () -- C:\Users\Danielle\AppData\Roaming\photoshow_express_setup.txt [2007/11/28 11:51:49 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdqvs.dll [2007/10/12 20:38:34 | 00,000,067 | ---- | C] () -- C:\Windows\swupdate.INI [2007/08/30 14:27:49 | 00,000,432 | ---- | C] () -- C:\Users\Danielle\AppData\Roaming\wklnhst.dat [2007/08/30 01:26:04 | 00,011,264 | ---- | C] () -- C:\Users\Danielle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/08/29 23:33:12 | 00,000,680 | ---- | C] () -- C:\Users\Danielle\AppData\Local\d3d9caps.dat [2007/08/29 21:32:04 | 00,082,720 | ---- | C] () -- C:\Users\Danielle\AppData\Local\GDIPFONTCACHEV1.DAT [2007/05/16 19:46:23 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{0a1e0bf4-0416-11dc-9bb7-0016d4f84854}.TMContainer00000000000000000002.regtrans-ms [2007/05/16 19:46:23 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{0a1e0bf4-0416-11dc-9bb7-0016d4f84854}.TMContainer00000000000000000001.regtrans-ms [2007/05/16 19:46:23 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{0a1e0bf4-0416-11dc-9bb7-0016d4f84854}.TM.blf [2007/05/16 19:46:22 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{0a1e0be4-0416-11dc-9bb7-0016d4f84854}.TMContainer00000000000000000002.regtrans-ms [2007/05/16 19:46:22 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{0a1e0be4-0416-11dc-9bb7-0016d4f84854}.TMContainer00000000000000000001.regtrans-ms [2007/05/16 19:46:22 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{0a1e0be4-0416-11dc-9bb7-0016d4f84854}.TM.blf [2007/05/16 19:46:21 | 00,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat [2007/05/16 19:46:21 | 00,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1 [2007/05/16 19:46:21 | 00,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2 [2007/05/16 19:40:56 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2007/05/16 19:40:55 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2007/05/16 19:40:55 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2007/05/16 19:40:55 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2007/05/16 19:40:55 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2007/05/16 19:40:55 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007/05/16 18:46:42 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2007/05/16 18:30:13 | 00,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2007/05/16 18:15:16 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2007/05/16 18:15:16 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2007/05/16 18:15:16 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2007/05/16 18:15:16 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2007/05/16 18:13:14 | 00,000,291 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007/04/24 22:57:36 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006/12/05 14:05:06 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006/11/02 06:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini [2006/11/02 06:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont [2006/11/02 06:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2006/11/02 06:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006/11/02 06:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006/11/02 06:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 04:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini [2006/11/02 04:23:31 | 00,000,192 | ---- | C] () -- C:\Windows\win.ini [2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/05/10 09:58:56 | 00,147,456 | ---- | C] () -- C:\Windows\pcmgrfx.dll [2006/05/09 10:36:24 | 00,151,552 | ---- | C] () -- C:\Windows\pmwssrv.dll [2006/05/09 10:36:24 | 00,151,552 | ---- | C] () -- C:\Windows\pcmsrv32.dll [2005/11/23 15:55:42 | 00,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll [2005/07/22 22:30:20 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll ========== LOP Check ========== [2007/08/29 21:33:17 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\ATI [2008/03/24 17:39:01 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\MusicNet [2009/05/26 06:50:21 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\PeerNetworking [2007/08/29 22:13:03 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\PlayFirst [2007/08/29 23:08:48 | 00,000,000 | RH-D | M] -- C:\Users\Danielle\AppData\Roaming\SecuROM [2008/02/04 07:48:04 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Simple Star [2009/04/11 20:23:16 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Smith Micro [2009/05/25 23:43:22 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\SPORE Creature Creator [2007/11/01 20:39:19 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Template [2008/04/21 17:21:57 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\TOSHIBA [2008/08/26 10:52:19 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Ulead Systems [2009/08/16 07:09:49 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Uniblue [2009/01/02 21:29:08 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\W Photo Studio [2009/01/02 21:25:58 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\W Photo Studio Viewer [2007/12/27 13:30:52 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Wal-Mart [2009/08/24 21:11:21 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Walgreens [2007/08/29 21:37:33 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\WildTangent [2007/08/29 22:16:12 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\WinBatch [2009/10/15 03:00:11 | 00,000,342 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job [2009/09/01 00:00:25 | 00,000,334 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job [2009/11/05 15:28:01 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT [2009/11/05 15:25:26 | 00,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\eventlog.dll /s /md5 > < %SYSTEMDRIVE%\scecli.dll /s /md5 > [2008/01/19 01:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006/11/02 03:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll [2006/11/02 03:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll < %SYSTEMDRIVE%\netlogon.dll /s /md5 > [2008/01/19 01:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll [2006/11/02 03:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll [2006/11/02 03:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll < %SYSTEMDRIVE%\cngaudit.dll /s /md5 > [2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > < %SYSTEMDRIVE%\nvstor.sys /s /md5 > [2008/01/19 01:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys [2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys < %SYSTEMDRIVE%\atapi.sys /s /md5 > [2008/01/19 01:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2008/02/15 03:06:52 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys [2008/02/15 03:06:52 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2006/11/02 03:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008/02/15 03:06:52 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008/02/15 03:06:50 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 > [2008/01/19 01:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2006/11/02 03:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006/11/02 03:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Danielle\Documents\04 Falling Down.mp3:TOC.WMV < End of report > |
|
|
|
|
Nov 6 2009, 04:05 PM
Post
#7
|
|
|
Member Posts: 11 OS: windows vista |
OTL extras logfile:
OTL Extras logfile created on: 11/6/2009 11:42:00 AM - Run 1 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Danielle\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16916) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 893.44 Mb Total Physical Memory | 445.43 Mb Available Physical Memory | 49.86% Memory free 1.99 Gb Paging File | 1.11 Gb Available in Paging File | 55.46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 184.84 Gb Total Space | 112.59 Gb Free Space | 60.91% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DANIELLE-PC Current User Name: Danielle Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation) "C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{344BAD28-1C4F-4B01-BC4F-CA390E0B7E4E}" = lport=137 | protocol=17 | dir=in | app=system | "{39B3F4C2-47F1-491E-83D2-BC26D9175EB7}" = rport=137 | protocol=17 | dir=out | app=system | "{3FC8481A-6516-4976-A427-169A2D492580}" = lport=139 | protocol=6 | dir=in | app=system | "{522B5B55-9500-484C-9122-633AB6F3E7AC}" = lport=445 | protocol=6 | dir=in | app=system | "{596D1A8B-6169-4CDE-9398-37BE8AC91D6D}" = rport=138 | protocol=17 | dir=out | app=system | "{6FDA37FC-6FD1-4320-BD74-35CCE5190EDD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{78CD4DD8-7A35-4185-972C-434365E7DDAF}" = rport=139 | protocol=6 | dir=out | app=system | "{82E1704D-8AAD-49D4-877D-4ACFF0F83E59}" = rport=445 | protocol=6 | dir=out | app=system | "{9BF2ACF3-C81A-407C-99D2-930D5B49CA44}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{AD3E7439-2B05-4D12-A8E9-F57B258936B0}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1066A7B9-6D54-48D1-BEEF-E139617C4DC3}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqpswx.exe | "{15966BD8-FF57-49AF-90E2-EC2C9A12EC50}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqtime.exe | "{1C133516-410E-468F-BAA8-CD569FBBCBD6}" = protocol=6 | dir=in | app=c:\windows\system32\lxdqcoms.exe | "{226B1395-A288-411B-A8EA-05CB4E594CD7}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqtime.exe | "{27EBFD60-DE35-4D1B-80D9-3F549FFB1480}" = protocol=6 | dir=in | app=c:\program files\lexmark z2400 series\lxdqmon.exe | "{2FD54F10-3F17-4F1E-866A-FA8B2FD5EE86}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | "{3CC09983-42A9-4194-B988-F5D597A0318D}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | "{3ED9FA52-12FA-4464-98DE-A27D9E9FFB5D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{49FD6C53-797E-407A-8E1C-7817364D4B50}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe | "{4DBC1FD5-25C9-4063-81F3-A12EC9649439}" = protocol=6 | dir=in | app=c:\program files\lexmark z2400 series\frun.exe | "{55AECB87-9FEB-43AB-8D54-43A902D6C8CA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{70A67F47-5843-4F29-8747-C9302DAB8485}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{7492F758-3F9B-47EC-9846-5B1919ECFF8E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{76EEEF4A-8A91-4BCE-85FF-99E78981CB56}" = protocol=17 | dir=in | app=c:\program files\lexmark z2400 series\frun.exe | "{7F3441C5-2BD3-4689-AC0C-F6C1961D4F39}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe | "{848A0CBC-5EC2-45F3-9356-3D2A01E4800E}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | "{90771C38-A6C8-4D7A-B101-A51911E2CE9A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqpswx.exe | "{92149CFF-6E87-45D1-9ED3-A70C8D812CE7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | "{9B1420B6-BE91-448D-BC98-4C1B8B2F9009}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{9B554924-1BC8-4A66-8F06-4FBC073DD36C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{A191199E-FAA8-43C9-8791-3F3A1061B3F7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | "{AC4A6B2D-DA31-400B-81E4-491C2EEDD7B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{AE672547-E9BF-4499-B281-BAAE44BAE048}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B49D1C39-BA5D-46A3-ABCA-591A818072AB}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | "{BAE5E0A4-3EA0-46C5-8D07-39C008A96D75}" = protocol=17 | dir=in | app=c:\windows\system32\lxdqcoms.exe | "{BDBBBF19-CEB9-432B-9D46-A42B1A759FEF}" = protocol=17 | dir=in | app=c:\program files\lexmark z2400 series\lxdqamon.exe | "{BF916ABA-9BBB-42D0-9B3F-CFABBD347985}" = protocol=6 | dir=in | app=c:\program files\lexmark z2400 series\lxdqamon.exe | "{CE513C88-9A21-418B-AB73-04BFB2459BC3}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe | "{D83F4198-E0D5-4869-AFA4-74E1192D39DA}" = protocol=17 | dir=in | app=c:\program files\lexmark z2400 series\lxdqmon.exe | "TCP Query User{2117F753-2772-4C2C-82BF-A53B78900104}C:\windows\system32\spool\drivers\w32x86\3\lxdqpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqpswx.exe | "TCP Query User{419EE5B9-C29C-4C3E-83A0-C08FEB537CFD}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{6DBE67B8-744C-4E36-A25B-CA133DCAACF4}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{CAA8B639-4BA9-4DE1-B2E5-964DAA7853FC}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe | "TCP Query User{CB4594DF-D840-4430-9F27-7F9069ECD607}C:\program files\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files\napster\napster.exe | "TCP Query User{E170D299-BE2E-418D-8BD4-E75189592BDC}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{F087DE2F-EE44-45B3-8D22-BA4EAE881A8D}C:\program files\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files\napster\napster.exe | "UDP Query User{0653258A-7434-4480-873D-0DAE27151715}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{3F38127E-8F99-40A2-9A11-C15BA06D32AD}C:\program files\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files\napster\napster.exe | "UDP Query User{6C673429-80D4-44D0-94A0-A36821749426}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe | "UDP Query User{7BB5B11D-F86B-4C77-91CD-D6CA241E6983}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{84B8DDF8-4AD4-4B24-85F4-2DD07BDBCB7C}C:\windows\system32\spool\drivers\w32x86\3\lxdqpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdqpswx.exe | "UDP Query User{AA775513-EA53-4632-8E95-03E585142719}C:\program files\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files\napster\napster.exe | "UDP Query User{DC3B1481-CED2-482A-BA57-6EF82C521C14}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003B5184-F3DF-AF76-CB17-D35B7BB46B81}" = CCC Help Japanese "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0 "{0E9C4531-58C4-4349-AD2F-A4D999E451EC}" = TOSHIBA Music "{0F6932CF-E642-5A7A-8194-3F7443188287}" = CCC Help Turkish "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar "{103A43D9-9ED8-E78D-7BF1-E536DFE6FC9F}" = Catalyst Control Center Localization Greek "{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{12887AF2-AE16-34CC-E85C-637DF6911C8C}" = Catalyst Control Center Localization Turkish "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{13614186-B0A0-AA21-F75A-2097F9167DB8}" = CCC Help Portuguese "{177B615E-47B1-C1C4-6F3B-7D6FEB8D4564}" = CCC Help Thai "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24E7B19B-EA09-483F-8735-97DD371E861B}" = SA32xx Media Converter "{26210745-925C-8AE4-F3B9-5FA737A1F6F2}" = CCC Help Russian "{2768CDA5-57DA-59D4-884F-A0F8A5B36D3E}" = CCC Help Finnish "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{29DC966A-DA3E-3ED4-68E7-6D3D9A055B42}" = Catalyst Control Center Localization Korean "{2E7A9DDC-E062-0074-08AB-DE7D1B431F75}" = Catalyst Control Center Localization Chinese Traditional "{2FAE3800-CC47-C556-C57F-A91851BF7854}" = CCC Help French "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6 "{33824DAC-3F98-0BB6-56D5-7DE1A3CCC068}" = Catalyst Control Center Localization German "{3621A2DF-0870-FE7E-674F-1DBCB18C5D22}" = ccc-utility "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba "{3F11CE8A-388B-0D3A-DF6F-061F23A13D26}" = CCC Help Korean "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0 "{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager "{41DD15BE-811D-7DEF-19A9-30AF18F75EFF}" = Catalyst Control Center Localization Thai "{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades "{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{52F368DE-06BD-E116-9233-D1DE207BDFE6}" = CCC Help Dutch "{53BABC75-1DC1-479B-224B-1EB9E18A799B}" = CCC Help German "{56797214-1A4C-052E-1ECE-B00308BF3362}" = CCC Help Chinese Standard "{572D71E9-5102-74B3-5D22-DEDF911F7FE5}" = CCC Help Italian "{5BA0C9F0-3B01-91A3-6922-4DCF943D9CBE}" = CCC Help English "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{6080CE3C-2CB3-2FA3-1CE2-3350B06664BC}" = CCC Help Swedish "{611E35B8-7F46-DDBB-CC4F-FAAED6C054FF}" = Catalyst Control Center Localization Spanish "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{678F1F2D-F214-08D4-67FB-AC04316C4940}" = ccc-core-static "{6A0B868C-89BE-ACF1-8C0A-CC88878A9E46}" = Catalyst Control Center Localization Russian "{6C4734CF-A10C-DFF4-5565-457F33849862}" = Catalyst Control Center Localization Swedish "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{6DCBB845-0FA4-4723-A40A-1F320C221C30}" = Sprint Mobile Broadband (Sierra) "{6DECCD60-782D-7B14-22DE-FB8D6EA46433}" = CCC Help Polish "{715044AC-B95E-4CD0-9B0C-CEDDB422F93B}" = CCC Help Czech "{724A8BEC-B350-1C76-C580-959AEA487108}" = Catalyst Control Center Localization Japanese "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree "{7994AA46-4BA6-4349-1606-1DF4148CE05B}" = CCC Help Hungarian "{7AFBAC39-F6A8-9F8D-6A6D-F134F7E34B6E}" = Catalyst Control Center Localization Danish "{7B57819C-B479-463D-97CE-F46F12386765}" = PC*MILER 20 "{7CDC26F7-D6BF-442A-B599-0075A48310F7}" = SA32xx Device Manager "{845D19A7-0BBF-12DF-87CF-F5D468930EA6}" = Catalyst Control Center Localization Czech "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{8CC42289-E228-4A35-B8A9-015242283BB2}" = SPORE™ Creature Creator "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90BF970B-3335-CFD5-711C-9FE0310A97C0}" = CCC Help Greek "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{926593ED-3962-4630-7CE3-34FF1B4ACCF3}" = Catalyst Control Center Localization Finnish "{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2) "{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe "{9EB0D4D4-87A5-52F5-C59C-159F81BED0E6}" = Catalyst Control Center Graphics Previews Vista "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A91383E9-0311-DB40-6AF6-3F9E80F83E84}" = Catalyst Control Center Localization Portuguese "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{B1211E68-4DA2-7942-BE75-14272A8C1EA9}" = Catalyst Control Center Localization Dutch "{B1F8FA80-EFA5-EC12-AD36-F5266EF90B61}" = CCC Help Danish "{B4369E44-8703-E769-A711-40EE5000AC2C}" = Catalyst Control Center Core Implementation "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B7DE7B5E-4A2B-B709-E133-EC74C81E654A}" = Catalyst Control Center Graphics Full New "{B87A3B9F-7632-E053-2148-8EDD1A787B78}" = Catalyst Control Center Localization Chinese Standard "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{C1771DDC-BEA1-4375-B2A2-B46F43ACB476}" = Wal-Mart Digital Photo Manager "{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration "{C7EA6173-A2B8-D45E-A0EE-74F8D2C58D30}" = Catalyst Control Center Localization Hungarian "{C82185E8-C27B-4EF4-2007-4444BC2C2B6D}" = Microsoft Streets & Trips 2007 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CBF3C503-946E-45EA-B347-EACC41781989}" = W Photo Studio "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D1C3920F-1DC3-A2FA-BF5E-7497B5EF072E}" = Catalyst Control Center Localization Norwegian "{D57ACD92-6A27-43BB-B3AE-894930940D41}" = SA32xx Media Converter "{D95AAA04-9BEF-54B3-CD70-348AC1155DAB}" = Catalyst Control Center Graphics Full Existing "{D9C7C58C-AC51-EDBF-CF22-E4E1B93ED50D}" = Skins "{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI "{DDC4619D-1DC8-C2A7-4968-45586F237131}" = CCC Help Norwegian "{E015B7D9-01AD-FE29-052A-489F4F29ED7F}" = Catalyst Control Center Graphics Light "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E7511B20-2857-3F50-1B84-F0F32C519FE1}" = CCC Help Chinese Traditional "{EB5BE9DE-6025-6227-0C25-AE5C852EC479}" = Catalyst Control Center Localization Polish "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{EC28331A-FF2B-6D66-D8A0-32C706AEA120}" = CCC Help Spanish "{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F2B27034-6059-0549-F01A-4BD9865521B1}" = Catalyst Control Center Localization French "{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6.20080304 "{FBE6B550-A93E-AA46-1DBB-421EC319E2DA}" = Catalyst Control Center Localization Italian "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "<PRODUCT_GUID>" = PC*MILER Streets 20.0 "2002 Games" = 2002 Games "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "Adobe Shockwave Player" = Adobe Shockwave Player "ATI Uninstaller" = ATI Uninstaller "AudibleManager" = AudibleManager "AVG8Uninstall" = AVG Free 8.5 "Bejeweled Deluxe 1.862" = Bejeweled Deluxe 1.862 "CivCity Rome" = CivCity Rome 1.1 "Coupon Printer for Windows4.0" = Coupon Printer for Windows "Creative Removable Disk Manager" = Creative Removable Disk Manager "Desktop Dialer" = Desktop Dialer "Digital Camera Device Driver" = Digital Camera Device Driver "Google Desktop" = Google Desktop "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers. "InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Lexmark Z2400 Series" = Lexmark Z2400 Series "Mah Jong Quest" = Mah Jong Quest (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSC" = McAfee SecurityCenter "oggcodecs" = oggcodecs 0.71.0946 "Picasa2" = Picasa 2 "Puzzle and Board XP Championship" = Puzzle and Board XP Championship "Sid Meier's Civilization III Gold" = Sid Meier's Civilization III Gold 1.0 "Super Winspy_is1" = Super Winspy v3.3 "SysInfo" = Creative System Information "TOSHIBA Game Console" = TOSHIBA Game Console "TOSHIBA Media Center Game Console" = TOSHIBA Media Center Game Console "TOSHIBA Software Modem" = TOSHIBA Software Modem "VZAccess Manager" = VZAccess Manager "Walgreens PhotoShow Express 4" = Walgreens PhotoShow Express 4 "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WT022084" = Bejeweled 2 Deluxe "WT022085" = Blackhawk Striker 2 "WT022086" = Blasterball 3 "WT022087" = Diner Dash - Flo on the Go "WT022089" = FATE "WT022090" = Mah Jong Quest "WT022091" = Penguins! "WT022092" = Polar Bowler "WT022093" = Polar Golfer "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 10/30/2009 1:35:02 PM | Computer Name = Danielle-PC | Source = McLogEvent | ID = 5051 Description = Error - 10/30/2009 1:54:34 PM | Computer Name = Danielle-PC | Source = McLogEvent | ID = 5051 Description = Error - 11/1/2009 12:05:39 PM | Computer Name = Danielle-PC | Source = Application Error | ID = 1000 Description = Faulting application emproxy.exe, version 11.2.206.0, time stamp 0x45a822c7, faulting module emproxy.exe, version 11.2.206.0, time stamp 0x45a822c7, exception code 0xc0000005, fault offset 0x000050dc, process id 0xf64, application start time 0x01ca596c77923110. Error - 11/1/2009 2:31:54 PM | Computer Name = Danielle-PC | Source = McLogEvent | ID = 5051 Description = Error - 11/1/2009 2:52:14 PM | Computer Name = Danielle-PC | Source = McLogEvent | ID = 5051 Description = Error - 11/1/2009 8:50:07 PM | Computer Name = Danielle-PC | Source = Application Error | ID = 1000 Description = Faulting application emproxy.exe, version 11.2.206.0, time stamp 0x45a822c7, faulting module emproxy.exe, version 11.2.206.0, time stamp 0x45a822c7, exception code 0xc0000005, fault offset 0x000344b7, process id 0x7d8, application start time 0x01ca5b0d44ff87a0. Error - 11/2/2009 8:46:29 PM | Computer Name = Danielle-PC | Source = Application Error | ID = 1000 Description = Faulting application emproxy.exe, version 11.2.206.0, time stamp 0x45a822c7, faulting module emproxy.exe, version 11.2.206.0, time stamp 0x45a822c7, exception code 0xc0000005, fault offset 0x000050dc, process id 0x1564, application start time 0x01ca5b5685307160. Error - 11/3/2009 11:29:08 AM | Computer Name = Danielle-PC | Source = VSS | ID = 8194 Description = Error - 11/4/2009 11:17:02 AM | Computer Name = Danielle-PC | Source = VSS | ID = 8194 Description = Error - 11/6/2009 11:54:01 AM | Computer Name = Danielle-PC | Source = VSS | ID = 8194 Description = [ System Events ] Error - 11/5/2009 4:57:52 PM | Computer Name = Danielle-PC | Source = ACPI | ID = 327686 Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 5, function 0. Please contact your system vendor for technical assistance. Error - 11/5/2009 4:58:20 PM | Computer Name = Danielle-PC | Source = Microsoft-Windows-Kernel-WHEA | ID = 6 Description = Error - 11/5/2009 5:00:31 PM | Computer Name = Danielle-PC | Source = DCOM | ID = 10010 Description = Error - 11/5/2009 5:26:40 PM | Computer Name = Danielle-PC | Source = ACPI | ID = 327686 Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 6, function 0. Please contact your system vendor for technical assistance. Error - 11/5/2009 5:26:40 PM | Computer Name = Danielle-PC | Source = ACPI | ID = 327686 Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 7, function 0. Please contact your system vendor for technical assistance. Error - 11/5/2009 5:26:40 PM | Computer Name = Danielle-PC | Source = ACPI | ID = 327686 Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 5, function 0. Please contact your system vendor for technical assistance. Error - 11/5/2009 5:28:44 PM | Computer Name = Danielle-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11/5/2009 5:28:44 PM | Computer Name = Danielle-PC | Source = Service Control Manager | ID = 7009 Description = Error - 11/5/2009 5:28:44 PM | Computer Name = Danielle-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11/6/2009 11:57:26 AM | Computer Name = Danielle-PC | Source = Service Control Manager | ID = 7011 Description = < End of report > |
|
|
|
|
Nov 6 2009, 04:10 PM
Post
#8
|
|
|
Trusted Helper Posts: 4,613 From: London, UK OS: XP |
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review. also: We will run OTL , but go for a shortened log.
andrewuk |
|
|
|
|
Nov 7 2009, 02:50 PM
Post
#9
|
|
|
Member Posts: 11 OS: windows vista |
Okay, here is my ComboFix log first. I did everything I could think of to try & disable AVG fully, but it wouldn't let me...the only info I found online told me to "exit" AVG from the toolbar & that would disable it. I did that, and even though Windows told me it was disabled, ComboFix still said it was active. Beyond uninstalling it, I wasn't sure what to do, hopefully it didn't cause a problem:
ComboFix 09-11-06.03 - Danielle 11/07/2009 12:50.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.893.151 [GMT -6:00] Running from: c:\users\Danielle\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-1893239248-1700074592-3436296051-500 c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-526720123-3731369257-2385391353-500 c:\$recycle.bin\S-1-5-21-943590177-4096490480-332556678-500 c:\programdata\ntuser.dat{0a1e0be4-0416-11dc-9bb7-0016d4f84854}.TMContainer00000000000000000001.regtrans-ms c:\programdata\ntuser.dat{0a1e0bf4-0416-11dc-9bb7-0016d4f84854}.TMContainer00000000000000000001.regtrans-ms c:\windows\COUPON~1.OCX c:\windows\CouponPrinter.ocx . ((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 ))))))))))))))))))))))))))))))) . 2009-11-07 19:06 . 2009-11-07 19:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-11-07 16:30 . 2009-11-07 16:30 -------- d-----w- c:\programdata\Lexmark Z2400 Series 2009-11-07 16:28 . 2009-11-07 16:28 -------- d-----w- c:\users\Danielle\AppData\Roaming\Lexmark Productivity Studio 2009-11-05 23:11 . 2009-11-03 02:42 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-11-03 15:38 . 2009-10-12 13:09 3510552 ----a-w- c:\programdata\avg8\update\backup\avgui.exe 2009-10-30 02:16 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe 2009-10-30 02:16 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-10-30 02:16 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-10-30 02:15 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL 2009-10-15 23:20 . 2009-10-15 23:20 -------- d-----w- c:\users\Danielle\AppData\Roaming\Malwarebytes 2009-10-15 23:19 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-15 23:19 . 2009-10-15 23:19 -------- d-----w- c:\programdata\Malwarebytes 2009-10-15 23:19 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-15 23:19 . 2009-10-15 23:20 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-14 19:14 . 2009-10-14 19:14 -------- d-----w- c:\program files\Trend Micro 2009-10-14 04:11 . 2009-06-15 15:23 494592 ----a-w- c:\windows\system32\kerberos.dll 2009-10-14 04:10 . 2009-06-15 15:28 272384 ----a-w- c:\windows\system32\schannel.dll 2009-10-13 21:34 . 2009-08-31 15:16 428032 ----a-w- c:\windows\system32\EncDec.dll 2009-10-13 21:34 . 2009-08-31 15:21 292352 ----a-w- c:\windows\system32\psisdecd.dll 2009-10-13 21:34 . 2009-08-31 15:17 1244672 ----a-w- c:\windows\system32\mcmde.dll 2009-10-13 21:33 . 2009-09-10 17:38 216576 ----a-w- c:\windows\system32\msv1_0.dll 2009-10-13 21:33 . 2009-06-15 15:29 175104 ----a-w- c:\windows\system32\wdigest.dll 2009-10-13 21:33 . 2009-06-15 15:23 1233920 ----a-w- c:\windows\system32\lsasrv.dll 2009-10-13 21:33 . 2009-06-15 18:12 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-10-13 21:33 . 2009-06-15 15:28 72704 ----a-w- c:\windows\system32\secur32.dll 2009-10-13 21:33 . 2009-06-15 13:10 7680 ----a-w- c:\windows\system32\lsass.exe 2009-10-13 21:28 . 2009-08-05 14:28 3467864 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-10-13 21:28 . 2009-08-05 14:28 3502152 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-10-13 21:12 . 2009-09-04 12:38 60928 ----a-w- c:\windows\system32\msasn1.dll 2009-10-13 21:12 . 2009-09-14 09:50 130048 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-10-13 21:06 . 2009-04-02 11:50 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2009-10-12 13:12 . 2009-10-21 14:12 2064152 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll 2009-10-12 13:12 . 2009-10-21 14:12 2025752 ----a-w- c:\programdata\avg8\update\backup\avgtray.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-07 16:47 . 2009-03-18 01:41 4096 d-----w- c:\programdata\Lx_cats 2009-11-05 21:01 . 2007-05-17 01:51 4096 d-----w- c:\program files\Common Files\McAfee 2009-11-05 21:01 . 2007-05-17 01:51 4096 d-----w- c:\program files\McAfee 2009-11-05 21:01 . 2007-05-17 01:51 4096 d-----w- c:\programdata\McAfee 2009-11-05 20:58 . 2008-03-24 07:52 4096 d-----w- c:\program files\Creative 2009-10-14 03:52 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail 2009-10-02 02:08 . 2008-12-19 00:04 4096 d-----w- c:\programdata\Yahoo! Companion 2009-10-02 02:08 . 2009-10-02 02:02 -------- d-----w- c:\programdata\AVG Security Toolbar 2009-10-02 02:04 . 2009-10-02 02:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-10-02 02:04 . 2009-10-02 02:04 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-10-02 02:04 . 2009-10-02 02:04 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-10-02 02:04 . 2009-10-02 02:04 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-10-02 02:01 . 2009-10-02 02:01 -------- d-----w- c:\program files\AVG 2009-10-02 02:01 . 2009-10-02 02:01 4096 d-----w- c:\programdata\avg8 2009-10-02 01:43 . 2009-10-02 01:43 -------- d-----w- c:\users\Danielle\AppData\Roaming\AVG8 2009-09-10 11:44 . 2009-09-10 11:44 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbBDA9.tmp.exe 2009-08-29 03:41 . 2009-09-02 19:20 1686528 ----a-w- c:\windows\system32\gameux.dll 2009-08-29 03:40 . 2009-09-02 19:20 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-28 23:31 . 2009-09-02 19:20 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-27 14:02 . 2009-10-13 21:35 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-27 13:57 . 2009-10-13 21:35 56320 ----a-w- c:\windows\system32\iesetup.dll 2009-08-27 13:57 . 2009-10-13 21:35 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-27 13:56 . 2009-10-13 21:35 72704 ----a-w- c:\windows\system32\admparse.dll 2009-08-27 11:24 . 2009-10-13 21:35 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-08-27 09:51 . 2009-10-13 21:35 48128 ----a-w- c:\windows\system32\mshtmler.dll 2009-08-14 17:16 . 2009-09-09 15:27 213592 ----a-w- c:\windows\system32\drivers\netio.sys 2009-08-14 16:42 . 2009-09-09 15:27 167424 ----a-w- c:\windows\system32\tcpipcfg.dll 2009-08-14 16:40 . 2009-09-09 15:27 103936 ----a-w- c:\windows\system32\netiohlp.dll 2009-08-14 16:40 . 2009-09-09 15:27 15360 ----a-w- c:\windows\system32\netevent.dll 2009-08-14 14:25 . 2009-09-09 15:27 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-08-14 14:25 . 2009-09-09 15:27 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-08-14 14:25 . 2009-09-09 15:27 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-08-14 14:25 . 2009-09-09 15:27 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-08-14 14:25 . 2009-09-09 15:27 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-08-14 14:25 . 2009-09-09 15:27 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-08-14 14:25 . 2009-09-09 15:27 10240 ----a-w- c:\windows\system32\finger.exe 2009-08-14 14:24 . 2009-09-09 15:27 813568 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-08-14 14:23 . 2009-09-09 15:27 22016 ----a-w- c:\windows\system32\netiougc.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-09-02 16:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-01-22 417792] "Walgreens PhotoShow Media Manager"="c:\progra~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe" [2006-04-20 237568] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-29 700416] "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-06-13 2752512] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-11 39408] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-24 2356088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "lxdqmon.exe"="c:\program files\Lexmark Z2400 Series\lxdqmon.exe" [2008-03-27 656040] "lxdqamon"="c:\program files\Lexmark Z2400 Series\lxdqamon.exe" [2008-03-27 16040] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-19 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] SetupExecute REG_MULTI_SZ \0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10/1/2009 8:04 PM 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [10/1/2009 8:04 PM 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/1/2009 8:01 PM 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/1/2009 8:01 PM 297752] R2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe -service --> c:\windows\system32\lxdqcoms.exe -service [?] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/24/2009 8:51 AM 92296] R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\System32\drivers\nwusbser2.sys [4/19/2007 10:09 AM 99200] S2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdqserv.exe [2/27/2008 5:09 PM 98984] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [10/15/2009 5:19 PM 38224] --- Other Services/Drivers In Memory --- *NewlyCreated* - MBR *NewlyCreated* - PROCEXP113 *Deregistered* - mbr *Deregistered* - PROCEXP113 . Contents of the 'Scheduled Tasks' folder 2009-10-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-08 18:32] 2009-09-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-08 18:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.toshibadirect.com/dpdstart uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: {85DA0C2A-FC2F-44A9-9189-2A4C839EBA6F} = 75.116.63.154 75.116.127.154 . . ------- File Associations ------- . regedit=regedit.exe "%1" . - - - - ORPHANS REMOVED - - - - HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe AddRemove-Mah Jong Quest - c:\program files\iWin.com ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-07 13:06 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????g??????~?@?~?x?~???~??? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver] "ImagePath"="%systemroot%\system32\msiexec /V" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (LocalSystem) "Progid"="YMP.Media" [HKEY_USERS\S-1-5-21-943590177-4096490480-332556678-1000\Software\SecuROM\License information*] "datasecu"=hex:08,a8,94,60,d2,a1,cd,74,7a,6b,6f,21,39,f3,18,9f,2a,ec,ad,b0,f0, 3c,21,6a,72,56,6d,f2,52,50,7b,01,4a,84,a9,dd,68,3c,ca,b5,cd,80,b0,9c,e8,90,\ "rkeysecu"=hex:3b,cc,a7,9b,a0,a0,66,f4,20,c8,3a,d6,9b,34,a2,dc [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2009-11-07 13:17 ComboFix-quarantined-files.txt 2009-11-07 19:17 Pre-Run: 121,633,722,368 bytes free Post-Run: 122,513,653,760 bytes free - - End Of File - - 51AED71F7346702D53F0BB88A99FB6BB |
|
|
|
|
Nov 7 2009, 02:51 PM
Post
#10
|
|
|
Member Posts: 11 OS: windows vista |
And here is my new OTL log:
OTL logfile created on: 11/7/2009 2:42:52 PM - Run 2 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Danielle\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16916) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 893.44 Mb Total Physical Memory | 330.96 Mb Available Physical Memory | 37.04% Memory free 1.99 Gb Paging File | 1.13 Gb Available in Paging File | 56.66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 184.84 Gb Total Space | 113.17 Gb Free Space | 61.22% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DANIELLE-PC Current User Name: Danielle Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Modules (SafeList) ========== MOD - [2009/11/06 11:39:46 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Danielle\Desktop\OTL.exe MOD - [2007/05/16 17:29:03 | 01,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20533_none_4634c4a0218d65c1\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2009/10/01 20:01:37 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc) SRV - [2009/10/01 20:01:34 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2009/09/16 13:48:40 | 00,092,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2009/05/03 00:50:09 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2008/07/27 12:00:25 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/06/19 19:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008/06/19 19:17:50 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008/06/19 19:17:49 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008/02/27 17:09:44 | 00,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdqcoms.exe -- (lxdq_device) SRV - [2008/02/27 17:09:33 | 00,098,984 | ---- | M] () -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe -- (lxdqCATSCustConnectService) SRV - [2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc) SRV - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2007/09/02 07:32:43 | 00,265,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/06/19 07:55:24 | 00,841,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2007/05/21 12:31:44 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager) SRV - [2007/04/27 21:15:46 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2007/04/24 22:55:58 | 00,593,920 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility) SRV - [2007/04/02 17:21:54 | 00,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService) SRV - [2007/03/29 11:39:20 | 00,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007/02/25 22:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2007/02/13 11:09:12 | 00,540,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe -- (McAfee HackerWatch Service) SRV - [2007/01/25 18:50:26 | 00,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr) SRV - [2007/01/25 18:47:50 | 00,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger) SRV - [2006/11/14 21:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2006/11/02 06:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006/11/02 06:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched) SRV - [2006/11/02 06:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart) SRV - [2006/11/02 06:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr) SRV - [2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/05 13:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006/08/23 17:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006/05/25 19:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [1999/12/12 11:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTSVCCDA.EXE -- (Creative Service for CDROM Access) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/05 14:58:21 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/08 02:02:16 | 00,000,000 | ---D | M] O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [lxdqamon] C:\Program Files\Lexmark Z2400 Series\lxdqamon.exe () O4 - HKLM..\Run: [lxdqmon.exe] C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe () O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe () O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKCU..\Run: [Walgreens PhotoShow Media Manager] C:\Program Files\Walgreens\Walgreens PhotoShow 4\data\Xtras\mssysmgr.exe (Simple Star, Inc.) O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - Startup: C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FREE OFFER from Audible.com.lnk = C:\Users\Danielle\AppData\Local\Temp\HelpInstaller_StartUp.exe File not found O4 - Startup: C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (Smith Micro Software, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== LOP Check ========== [2007/08/29 21:33:17 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\ATI [2009/11/07 10:28:10 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Lexmark Productivity Studio [2008/03/24 17:39:01 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\MusicNet [2009/05/26 06:50:21 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\PeerNetworking [2007/08/29 22:13:03 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\PlayFirst [2007/08/29 23:08:48 | 00,000,000 | RH-D | M] -- C:\Users\Danielle\AppData\Roaming\SecuROM [2008/02/04 07:48:04 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Simple Star [2009/04/11 20:23:16 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Smith Micro [2009/05/25 23:43:22 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\SPORE Creature Creator [2007/11/01 20:39:19 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Template [2008/04/21 17:21:57 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\TOSHIBA [2008/08/26 10:52:19 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Ulead Systems [2009/08/16 07:09:49 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Uniblue [2009/01/02 21:29:08 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\W Photo Studio [2009/01/02 21:25:58 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\W Photo Studio Viewer [2007/12/27 13:30:52 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Wal-Mart [2009/08/24 21:11:21 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Walgreens [2007/08/29 21:37:33 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\WildTangent [2007/08/29 22:16:12 | 00,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\WinBatch [2009/10/15 03:00:11 | 00,000,342 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job [2009/09/01 00:00:25 | 00,000,334 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job [2009/11/07 11:51:23 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT [2009/11/07 11:48:01 | 00,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
|
|
|
Nov 7 2009, 06:18 PM
Post
#11
|
|
|
Trusted Helper Posts: 4,613 From: London, UK OS: XP |
looks like it ran ok. though looks like it ran twice.
could you post the log of of the first run, if it exists. you will find it in the folder c:\qoobox\ the file will be called ComboFix2 where the 2 may be another number, but it will be the earliest file in this folder. let me know if it is not there andrewuk |
|
|
|
|
Nov 9 2009, 04:56 AM
Post
#12
|
|
|
Member Posts: 11 OS: windows vista |
Actually, no....I found Qoobox but there isn't a file named Combofix with a number. Just two folders called BackEnv, Quarantine, two text files called Combofix-Quarantined-files and Add-Remove Programs, and a DAT file called Snapshot@2009-11-07. My computer says it can't open the DAT file.
|
|
|
|
|
Nov 9 2009, 12:47 PM
Post
#13
|
|
|
Trusted Helper Posts: 4,613 From: London, UK OS: XP |
ok, lets see if we can get RootRepeal to run again.
go again to this page here and follow the instructions at Step Four: Rootkit Detection. however, this time given you are a vista user . . . . . I will require that all the programmes I ask you to run, be run by right clicking the icon and selecting Run as Administrator. Otherwise some programmes may fail to do their job properly andrewuk |
|
|
|
|
Nov 11 2009, 07:41 PM
Post
#14
|
|
|
Member Posts: 11 OS: windows vista |
Nope- RootRepeal didn't work again. I selected Run as Administrator & got the same error code as before. "Error dumping SSDT" when I click Scan, and after that "Cannot read system registry. Please contact the author".
I did try running the scan again just without clicking "SSDT" and it was no different. The "error dumping SSDT" didn't come up but the "cannot read registry" did. Yeah. Vista sucks. I'd love to slap the guy who told me how great it was when selling me this laptop. That'll teach me to buy without doing my research. |
|
|
|
|
Nov 12 2009, 05:29 AM
Post
#15
|
|
|
Trusted Helper Posts: 4,613 From: London, UK OS: XP |
ok, lets move on and see where we stand after this. i dont see anything else in your logs at present, so in this post we will do some general scans to clear out the remnants and ensure nothing else sneaked onto your machine.
the scans will likely take 4 hours, quite possibly much longer. so just let them run. we will also update your java ====STEP 1==== Please download ATF Cleaner by Atribune. Caution: This program is for Windows 2000, XP and Vista only
Under Main choose: Select All Click the Empty Selected button.
Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. For Technical Support, double-click the e-mail address located at the bottom of each menu. ====STEP 2==== we will update and re-run your malwarebytes: double click the malwarebytes icon on your desktop to open the program
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. ====STEP 3==== Download and scan with SUPERAntiSpyware Free for Home Users
====STEP 4====  Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or MEUpgrading Java:
====STEP 5==== Please do an online scan with Kaspersky WebScanner (this will identify any issues, we will clear them in the following post) Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.
Upgrading Java, if required:
In your next reply could i see: 1. the malwarebytes log 2. the superantispyware log 3. the kaspersky log 4. some idea of how your machine is running now The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts. andrewuk |
|
|
|
 |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
3 / 1,153 | 31st October 2007 - 05:48 PM mo.otss started - last by kahdah |
|||||
|
6 / 515 | 16th July 2008 - 09:08 AM PILL5B3RRY started - last by The Admiral |
|||||
|
13 / 1,460 | 26th February 2009 - 11:55 PM Sending started - last by Jimmy2012 |
|||||
 |
31 / 756 | 23rd August 2009 - 07:16 AM Kritayot started - last by Essexboy |
|||||
|
Time is now: 24th November 2009 - 03:22 PM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising