Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Yesterday, Yahoo acct hacked, today computer freezes at desktop

Started by Pat Williams , Dec 14 2011 10:49 AM

Please log in to reply

#1
Pat Williams

Posted 14 December 2011 - 10:49 AM

Member

Member
47 posts

I have a Dell XPS 600, Windows XP Media Center Edition 2002 with SP3. Yesterday, one of my Yahoo email accounts was hacked and a bunch of my contacts got messages that a friend said "looked like they were from Russia". I changed my password and checked my other accounts and everything seemed fine.

Today I found that my computer would boot, but then stalled when loading the desktop. All the icons look fine but the cursor would not move and it had an hourglass next to it. According to my quick load icons, WinPatrol loaded, but nothing else. Ctrl-alt-del and Esc had no effect.

I can boot and load fine in safe mode with networking (this is how I'm writing this). Avast and Malware Bytes showed nothing wrong. I disabled all my startup programs, which had no effect. Firefox works in safe mode, but I can't get Avast to update and Google Chrome won't open. I don't know if this is normal or not, as this is the first time I've tried to go on the internet in safe mode.

ETA 12/17: I went and did the "last known good configuration" and now I can use my computer, but now I'm getting an error bubble that says "Windows System Error: There is an IP address conflict with another system on the network." I have never seen THAT before ever. 0.o

Here is my OTL log:

OTL logfile created on: 12/14/2011 10:35:08 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\patty\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.44% Memory free
5.85 Gb Paging File | 5.53 Gb Available in Paging File | 94.56% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 81.82 Gb Free Space | 54.93% Space Free | Partition Type: NTFS
Drive D: | 232.82 Gb Total Space | 232.74 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive E: | 620.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: XENAA | User Name: patty | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/14 10:34:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\patty\Desktop\OTL.exe
PRC - [2011/11/10 19:35:54 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/05 13:53:06 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\7lhtdebw.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko8.dll
MOD - [2011/11/14 13:05:06 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\7lhtdebw.default\extensions\[email protected]\platform\echofonsign.dll
MOD - [2011/11/13 08:10:37 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/10 19:35:53 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009/05/30 13:29:31 | 000,043,520 | ---- | M] () -- C:\WINDOWS\system32\CmdLineExt03.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/03 01:52:43 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/09/06 15:29:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

========== Driver Services (SafeList) ==========

DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 11:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/23 10:37:17 | 001,211,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2011/05/23 10:37:17 | 000,159,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2011/05/23 10:37:17 | 000,095,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2011/05/23 10:37:16 | 001,399,384 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2011/05/23 10:37:16 | 001,399,384 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2011/05/23 10:37:16 | 000,537,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2011/05/23 10:37:16 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2011/05/23 10:37:16 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2011/05/23 10:37:16 | 000,198,232 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2011/05/23 10:37:16 | 000,198,232 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2011/05/23 10:37:16 | 000,130,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2011/05/23 10:37:16 | 000,073,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2011/05/23 10:37:16 | 000,073,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2011/05/23 10:37:16 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2008/08/01 17:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 17:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 12:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/01/22 07:37:02 | 000,070,144 | R--- | M] (Netgear Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G311N6.sys -- (NetgearGA311)
DRV - [2006/10/30 20:06:52 | 000,067,456 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GA311ND5.SYS -- (RTL8023)
DRV - [2006/10/18 21:47:10 | 000,542,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\blackbox.dll -- (BlackBox)
DRV - [2006/04/03 08:46:43 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/02 19:52:00 | 003,647,104 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/07/20 00:59:26 | 000,093,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2002/11/18 14:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...-inc&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.thehungersite.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=374563"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.thehunger...faces?siteId=1"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.7.3
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: [email protected]:2.11
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.42
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {69D30031-F4A8-452a-A5B3-5D6787C3C5CF}:3.6
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..keyword.url: "http://www.startsearcher.com/?q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\patty\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.709: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 2.4\program [2008/12/24 21:55:07 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.0: C:\Documents and Settings\patty\Application Data\Facebook\npfbplugin_1_0_0.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\patty\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\patty\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\patty\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\patty\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\patty\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/23 08:39:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/02 09:09:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 19:35:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/15 11:02:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/23 08:39:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\patty\Application Data\Move Networks [2011/11/05 20:36:51 | 000,000,000 | ---D | M]

[2008/07/16 19:05:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\patty\Application Data\Mozilla\Extensions
[2011/12/10 13:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\7lhtdebw.default\extensions
[2011/12/10 13:55:46 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\7lhtdebw.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/10/07 16:47:51 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\7lhtdebw.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011/11/16 21:24:46 | 000,000,000 | ---D | M] (Echofon) -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\7lhtdebw.default\extensions\[email protected]
[2010/05/18 13:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\kst7dvut.default\extensions
[2010/04/28 06:08:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\kst7dvut.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/18 13:47:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\kst7dvut.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/18 21:33:07 | 000,000,000 | ---D | M] (OldFactory Black) -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\kst7dvut.default\extensions\{69D30031-F4A8-452a-A5B3-5D6787C3C5CF}
[2010/04/08 20:26:33 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\kst7dvut.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/01/22 12:06:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\kst7dvut.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010/03/20 17:16:22 | 000,000,000 | ---D | M] (Diccionario espaÃ±ol Mexico) -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\kst7dvut.default\extensions\[email protected]
[2008/08/25 18:57:42 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\kst7dvut.default\extensions\[email protected]
[2010/05/11 11:01:34 | 000,000,000 | ---D | M] (Echofon) -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\kst7dvut.default\extensions\[email protected]
[2010/05/13 10:14:13 | 000,001,754 | ---- | M] () -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\7lhtdebw.default\searchplugins\etsy.xml
[2007/02/07 14:52:35 | 000,005,357 | ---- | M] () -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\7lhtdebw.default\searchplugins\everystockphotocom.xml
[2011/11/18 11:25:18 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\7lhtdebw.default\searchplugins\flickr-search-suggestions.xml
[2009/07/05 08:51:44 | 000,001,157 | ---- | M] () -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\7lhtdebw.default\searchplugins\freedict.xml
[2008/06/24 14:13:03 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\7lhtdebw.default\searchplugins\IMDB.xml
[2010/07/18 14:18:07 | 000,000,990 | ---- | M] () -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\7lhtdebw.default\searchplugins\netflixcom.xml
[2010/05/22 20:41:10 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\7lhtdebw.default\searchplugins\paperbackswap.xml
[2010/02/22 11:14:38 | 000,001,180 | ---- | M] () -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\7lhtdebw.default\searchplugins\urban-dictionary.xml
[2008/06/18 11:01:47 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\7lhtdebw.default\searchplugins\wikipedia.xml
[2009/10/05 12:44:59 | 000,004,153 | ---- | M] () -- C:\Documents and Settings\patty\Application Data\Mozilla\Firefox\Profiles\7lhtdebw.default\searchplugins\youtube.xml
[2011/11/10 19:36:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/30 12:15:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\PATTY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7LHTDEBW.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\PATTY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7LHTDEBW.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\PATTY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7LHTDEBW.DEFAULT\EXTENSIONS\[email protected]
[2011/12/02 09:09:19 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/11/10 19:35:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 01:53:41 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 19:35:54 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\patty\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\patty\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\patty\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\patty\Application Data\Facebook\npfbplugin_1_0_0.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\patty\Application Data\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\patty\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\patty\Application Data\Move Networks\plugins\npqmp071701000002.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\patty\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Alexa Traffic Rank = C:\Documents and Settings\patty\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1.1.0_0\
CHR - Extension: Celestial Night Theme = C:\Documents and Settings\patty\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mdodgcbfdjeeoknaiglbpihbfgmmlnog\1.0_0\

O1 HOSTS File: ([2011/08/22 10:07:22 | 000,000,021 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C53A2113-29B6-41C9-8AF7-64EF1E4974D5}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\patty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\patty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1998/12/13 01:43:32 | 000,000,040 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/14 10:34:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\patty\Desktop\OTL.exe
[2011/12/14 09:20:18 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/12/02 09:09:31 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/12/02 09:09:31 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/12/02 09:09:31 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/12/02 09:09:31 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/12/02 09:09:31 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/12/02 09:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/12/02 09:09:30 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/12/02 09:09:30 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/12/02 09:09:30 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/12/02 09:09:17 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/12/02 09:09:17 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/12/02 09:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/02 09:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/02 08:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/12/01 11:50:10 | 000,000,000 | ---D | C] -- C:\My Web Sites
[2006/04/03 08:22:22 | 000,012,800 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe

========== Files - Modified Within 30 Days ==========

[2011/12/14 10:34:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\patty\Desktop\OTL.exe
[2011/12/14 10:29:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/14 10:28:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/14 10:25:27 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3599948769-1508766627-293611528-1005.job
[2011/12/14 10:16:38 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/14 09:28:23 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/12/14 08:05:10 | 000,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/12/13 21:27:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3599948769-1508766627-293611528-1005UA.job
[2011/12/13 12:27:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3599948769-1508766627-293611528-1005Core.job
[2011/12/13 09:21:04 | 000,016,406 | ---- | M] () -- C:\Documents and Settings\patty\Desktop\site audit spreadsheet.ods
[2011/12/12 09:46:10 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\patty\Desktop\Jasc Paint Shop Pro 8.lnk
[2011/12/08 13:14:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3599948769-1508766627-293611528-1005.job
[2011/12/06 12:24:32 | 001,634,572 | ---- | M] () -- C:\Documents and Settings\patty\My Documents\December2011Newsletter.pdf
[2011/12/06 11:55:58 | 016,215,880 | ---- | M] () -- C:\Documents and Settings\patty\Desktop\EngagementFromScratchFull.pdf
[2011/12/06 08:18:22 | 000,013,843 | ---- | M] () -- C:\Documents and Settings\patty\Desktop\balance sheet.ods
[2011/12/04 13:11:33 | 000,017,436 | ---- | M] () -- C:\Documents and Settings\patty\Desktop\2011 goals.odt
[2011/12/04 12:09:30 | 000,364,160 | ---- | M] () -- C:\Documents and Settings\patty\Desktop\10-really-big-and-really-simple-success-on-switches.pdf
[2011/12/04 10:55:52 | 000,010,643 | ---- | M] () -- C:\Documents and Settings\patty\Desktop\480x380-rock_life_value.png
[2011/12/03 21:06:55 | 000,188,881 | ---- | M] () -- C:\Documents and Settings\patty\Desktop\NetWorthTrackingBookBonus.pdf
[2011/12/03 21:06:37 | 000,071,222 | ---- | M] () -- C:\Documents and Settings\patty\Desktop\SOMMDeclarations.pdf
[2011/12/02 11:39:03 | 000,549,276 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/02 11:39:03 | 000,100,554 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/02 09:09:31 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/02 08:28:42 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\patty\ntuser.bak
[2011/12/02 07:29:21 | 000,341,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/01 13:14:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/12/01 12:48:43 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\patty\lpg1
[2011/12/01 12:11:19 | 000,000,403 | ---- | M] () -- C:\Documents and Settings\patty\Desktop\Shortcut to My Web Sites (ELD backup).lnk
[2011/11/29 08:26:39 | 000,086,979 | ---- | M] () -- C:\Documents and Settings\patty\Desktop\Enjoy it.jpg
[2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/11/28 12:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/11/28 11:52:02 | 000,111,320 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/11/28 11:51:59 | 000,105,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/11/28 11:48:49 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/11/28 11:16:14 | 000,136,526 | ---- | M] () -- C:\Documents and Settings\patty\Desktop\one man show.png
[2011/11/27 08:14:58 | 000,066,312 | ---- | M] () -- C:\Documents and Settings\patty\Desktop\success.jpg
[2011/11/26 10:53:54 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Second Life Viewer 2.lnk
[2011/11/25 12:42:32 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\patty\Desktop\Microsoft Calculator Plus.lnk
[2011/11/19 16:56:50 | 000,660,760 | ---- | M] () -- C:\Documents and Settings\patty\Desktop\10.LongTail.pdf
[2011/11/17 16:28:17 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\patty\Desktop\Google Chrome.lnk
[2011/11/17 16:28:17 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\patty\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2011/12/06 12:24:31 | 001,634,572 | ---- | C] () -- C:\Documents and Settings\patty\My Documents\December2011Newsletter.pdf
[2011/12/06 11:55:49 | 016,215,880 | ---- | C] () -- C:\Documents and Settings\patty\Desktop\EngagementFromScratchFull.pdf
[2011/12/04 12:09:29 | 000,364,160 | ---- | C] () -- C:\Documents and Settings\patty\Desktop\10-really-big-and-really-simple-success-on-switches.pdf
[2011/12/04 10:55:51 | 000,010,643 | ---- | C] () -- C:\Documents and Settings\patty\Desktop\480x380-rock_life_value.png
[2011/12/03 21:06:55 | 000,188,881 | ---- | C] () -- C:\Documents and Settings\patty\Desktop\NetWorthTrackingBookBonus.pdf
[2011/12/03 21:06:36 | 000,071,222 | ---- | C] () -- C:\Documents and Settings\patty\Desktop\SOMMDeclarations.pdf
[2011/12/02 09:09:31 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/01 12:48:42 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\patty\lpg1
[2011/12/01 12:11:19 | 000,000,403 | ---- | C] () -- C:\Documents and Settings\patty\Desktop\Shortcut to My Web Sites (ELD backup).lnk
[2011/11/29 08:26:39 | 000,086,979 | ---- | C] () -- C:\Documents and Settings\patty\Desktop\Enjoy it.jpg
[2011/11/28 11:16:12 | 000,136,526 | ---- | C] () -- C:\Documents and Settings\patty\Desktop\one man show.png
[2011/11/27 08:14:57 | 000,066,312 | ---- | C] () -- C:\Documents and Settings\patty\Desktop\success.jpg
[2011/11/19 16:56:50 | 000,660,760 | ---- | C] () -- C:\Documents and Settings\patty\Desktop\10.LongTail.pdf
[2011/09/19 18:16:22 | 000,000,459 | ---- | C] () -- C:\WINDOWS\Tcd_BF94FC15.ini
[2011/09/19 17:12:08 | 000,000,122 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2011/08/19 06:16:40 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2011/08/18 06:54:34 | 000,001,480 | R--- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfg
[2011/08/18 06:54:16 | 000,002,423 | R--- | C] () -- C:\WINDOWS\cmudax3.ini
[2011/06/26 11:53:45 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/05/23 10:04:51 | 000,313,207 | R--- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2011/05/23 10:04:51 | 000,053,932 | R--- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2011/02/09 22:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2011/01/14 10:11:49 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\BFADFBFFA6.dll
[2011/01/01 18:20:14 | 000,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2010/11/19 21:34:54 | 000,072,192 | ---- | C] () -- C:\WINDOWS\unlite3.exe
[2010/09/06 14:30:51 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/09/06 14:30:49 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/09/06 14:30:49 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/09/06 14:30:07 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/05/22 11:59:05 | 000,000,481 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/03/16 07:34:09 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/02/23 08:38:36 | 000,023,110 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/02/23 08:34:18 | 000,077,349 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/01/26 07:26:10 | 000,341,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/10 14:22:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\patty\Local Settings\Application Data\prvlcl.dat
[2009/09/07 21:22:29 | 000,116,840 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/08/28 11:09:03 | 000,010,563 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
[2009/08/28 11:07:22 | 000,176,414 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2009/08/28 11:07:21 | 000,000,997 | R--- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2009/07/23 04:26:18 | 000,023,384 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/07/23 03:12:12 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2009/06/03 23:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2009/06/03 23:55:20 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009/01/15 20:08:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\wnUninstall.exe
[2008/07/05 08:32:39 | 000,035,190 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2008/02/18 05:40:13 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/09/07 09:43:33 | 000,000,124 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/05/12 20:26:33 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/12 10:39:02 | 000,056,509 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2006/09/23 17:55:29 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/09/23 17:24:57 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/09/23 17:24:57 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/09/23 17:24:57 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/09/23 17:23:55 | 000,038,688 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2006/08/27 14:20:14 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\patty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/08 12:51:13 | 000,038,114 | ---- | C] () -- C:\Documents and Settings\patty\Application Data\wklnhst.dat
[2006/04/08 12:22:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/08 12:22:01 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/04/08 12:21:54 | 000,006,540 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/04/08 09:21:53 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\patty\Local Settings\Application Data\fusioncache.dat
[2006/04/03 08:51:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/03 08:44:53 | 000,000,172 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/03 08:43:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/03 08:22:22 | 000,366,255 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2006/04/03 08:22:22 | 000,265,066 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2006/04/03 08:22:22 | 000,231,821 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/04/03 08:22:22 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2006/04/03 08:22:22 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/04/03 08:22:22 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
[2006/04/03 08:22:22 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/04/03 08:22:22 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/04/03 08:22:22 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2006/04/03 08:22:22 | 000,000,321 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/04/03 08:22:22 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/04/03 08:21:54 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/04/03 08:21:38 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/04/03 08:21:18 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 03:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 03:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 03:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 03:18:33 | 000,549,276 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 03:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 03:18:33 | 000,100,554 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 03:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 03:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 03:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 03:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 03:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 03:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 03:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 03:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2002/11/19 14:46:20 | 000,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2002/11/19 14:43:38 | 000,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat

========== LOP Check ==========

[2009/01/15 20:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4 Warn Alert
[2011/12/02 09:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/12 19:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2009/11/11 18:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/08/09 11:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2009/11/30 12:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RootsMagic
[2011/12/13 18:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/08 12:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Generations Network
[2011/05/28 18:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2009/02/27 07:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2010/06/03 20:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B7A015B7-4802-4678-8CEC-700380BA9AFD}
[2010/09/16 13:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\.anki
[2008/04/01 07:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\aignes
[2010/06/21 17:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/20 06:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\DeviceDoctorSoftware
[2010/02/08 12:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\EAST Technologies
[2010/03/30 10:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\Facebook
[2008/03/28 19:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\ICQ
[2008/04/15 12:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\ICQ Toolbar
[2009/01/19 10:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\Jasc
[2008/09/23 08:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\KeyingTool
[2009/02/23 10:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\Leadertech
[2006/12/20 10:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\MSNInstaller
[2010/09/06 16:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\My Games
[2008/12/24 21:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\OpenOffice.org
[2011/09/14 11:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\PrimoPDF
[2009/11/30 13:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\RootsMagic
[2010/05/27 10:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\Sammsoft
[2010/08/04 21:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\SecondLife
[2006/10/13 09:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\SmartDraw
[2008/09/21 18:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\SPORE
[2008/09/14 09:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\SPORE Creature Creator
[2006/06/27 11:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\Template
[2010/06/21 07:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\Uniblue
[2010/03/04 11:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\WeatherBug
[2011/08/09 11:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\patty\Application Data\WinPatrol

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\patty\My Documents\rabbitry.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\patty\My Documents\jdk-6u19-windows-i586.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\patty\Desktop\7z912 (unzipper).exe:SummaryInformation
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09

< End of report >

Thanks in advance, you guys have always been awesome

Edited by Pat Williams, 17 December 2011 - 03:25 PM.

#2
Jintan

Posted 17 December 2011 - 04:10 PM

Trusted Helper

Malware Removal
904 posts

Hello Pat Williams,

The log shows some adware loaded into Firefox mostly. That "There is an IP address conflict with another system on the network" alert I have seen a few times, when a DNS Changer malware was present, and trying to access a router, but in those situations, it was a different computer that was infected (with the alert showing on an uninfected system also attached to the router). Are you using a router - connecting wireless to the Internet?

Let's get some other checks, then start some repairs.

To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

---------

OTL should have created a second log, info.txt, in the same location OTL.exe was run. Please locate and post that log.

--------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.

Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Note - If Gmer shows it has located infection once it's opening scan completes, do not click the Scan button. We don't want hidden malware settings to cause any problems. Instead, just click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
Decline a download of avast itself if offered
If avast! antivirus is already installed, go to the dropdown next to AV engine: and select (none)
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

#3
Pat Williams

Posted 18 December 2011 - 09:43 AM

Member

Topic Starter
Member
47 posts

Are you using a router - connecting wireless to the Internet?

I connect via a cable, but the router does have wireless also.

Let's get some other checks, then start some repairs.

OTL should have created a second log, info.txt, in the same location OTL.exe was run. Please locate and post that log.

The only one was called "extras.txt":

OTL Extras logfile created on: 12/14/2011 10:35:08 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\patty\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.44% Memory free
5.85 Gb Paging File | 5.53 Gb Available in Paging File | 94.56% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 81.82 Gb Free Space | 54.93% Space Free | Partition Type: NTFS
Drive D: | 232.82 Gb Total Space | 232.74 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive E: | 620.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: XENAA | User Name: patty | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{049D96D7-E082-4FB5-BF64-CD3460E6877C}_is1" = RootsMagic 4.1.0.0
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FE964A-853B-4176-86D7-9E18B5CA1FC0}" = Media Center Extender
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java™ 7
"{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE06D54-72B1-44B2-AB60-E4277EC80EF4}" = Microsoft XML Parser
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}" = SanDisk TransferMate
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A9FE59F0-5BFA-4FDF-84C6-F45457715379}" = InstallIQ Updater
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"7-Zip" = 7-Zip 9.12 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"aignesamdeadlink_is1" = AM-DeadLink 4.4
"Anki" = Anki
"AnswerAnalyst" = AnswerAnalyst
"AudioCS" = Creative Audio Control Panel
"avast" = avast! Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BFG-Plants vs Zombies" = Plants vs. Zombies
"C-Media PCI Sound" = C-Media PCI Audio Device
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Diablo II" = Diablo II
"EHome Devices" = Media Center Extender
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"Free Solitaire 3D_is1" = Free Solitaire 3D 2.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"hpHosts_is1" = hpHosts
"ie8" = Windows Internet Explorer 8
"InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"Jagged Alliance 2" = Jagged Alliance 2
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 6.0.1 (x86 en-US)" = Mozilla Firefox 6.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"PCI Audio Driver" = PCI Audio Driver
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"RealPlayer 12.0" = RealPlayer
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Site Structure It!" = Site Structure It!
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 8930" = Sid Meier's Civilization V
"TopStyle Lite (Version 3.0)" = TopStyle Lite (Version 3.0)
"Trusted Software Assistant_is1" = File Type Assistant
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Flux" = F.lux
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/6/2011 1:29:10 AM | Computer Name = XENAA | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 12/7/2011 12:02:18 AM | Computer Name = XENAA | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 12/7/2011 5:19:23 PM | Computer Name = XENAA | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 12/9/2011 12:18:14 AM | Computer Name = XENAA | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 12/9/2011 10:57:19 PM | Computer Name = XENAA | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 12/10/2011 9:58:10 AM | Computer Name = XENAA | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 12/10/2011 10:51:12 AM | Computer Name = XENAA | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 12/13/2011 12:15:55 PM | Computer Name = XENAA | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 12/13/2011 1:16:24 PM | Computer Name = XENAA | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 12/13/2011 5:20:11 PM | Computer Name = XENAA | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

[ System Events ]
Error - 12/14/2011 9:28:00 AM | Computer Name = XENAA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT nvraid RasAcd
Rdbss
Tcpip
WS2IFSL

Error - 12/14/2011 10:05:18 AM | Computer Name = XENAA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/14/2011 10:05:20 AM | Computer Name = XENAA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/14/2011 10:10:00 AM | Computer Name = XENAA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/14/2011 11:16:32 AM | Computer Name = XENAA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/14/2011 11:20:56 AM | Computer Name = XENAA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/14/2011 11:21:56 AM | Computer Name = XENAA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSnx aswSP aswTdi Fips intelppm nvraid

Error - 12/14/2011 12:24:15 PM | Computer Name = XENAA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/14/2011 12:29:29 PM | Computer Name = XENAA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/14/2011 12:30:37 PM | Computer Name = XENAA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSnx aswSP aswTdi Fips intelppm nvraid

< End of report >

Is that what you need?

Note - If Gmer shows it has located infection once it's opening scan completes, do not click the Scan button. We don't want hidden malware settings to cause any problems. Instead, just click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

This showed up at the opening screen:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-18 08:31:34
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000067 ST3160828AS rev.8.04
Running: tx801kju.exe; Driver: C:\DOCUME~1\patty\LOCALS~1\Temp\uxtdipow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software) ZwEnumerateKey [0xB2AE3BDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software) ZwEnumerateValueKey [0xB2AE3A45]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST

Software) ZwCreateProcessEx [0xB2B607A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST

Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST

Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self

protection module/AVAST Software)
Device Ntfs.sys (NT File System

Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File

System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft

Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS

(avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS

(avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS

(avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS

(avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

Download aswMBR ( 511KB )

to your desktop.
Double click the aswMBR.exe icon to run it
Decline a download of avast itself if offered
If avast! antivirus is already installed, go to the dropdown next to AV engine: and select (none)
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-18 09:37:36
-----------------------------
09:37:36.812 OS Version: Windows 5.1.2600 Service Pack 3
09:37:36.812 Number of processors: 2 586 0x404
09:37:36.812 ComputerName: XENAA UserName: patty
09:37:37.578 Initialize success
09:37:37.671 AVAST engine defs: 11121800
09:38:19.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
09:38:19.781 Disk 0 Vendor: ST3160828AS 8.04 Size: 152587MB BusType: 3
09:38:19.781 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000068
09:38:19.781 Disk 1 Vendor: Maxtor_7L250S0 BACE1G10 Size: 238418MB BusType: 3
09:38:19.859 Disk 0 MBR read successfully
09:38:19.859 Disk 0 MBR scan
09:38:19.859 Disk 0 Windows XP default MBR code
09:38:19.890 Disk 0 scanning sectors +312496380
09:38:20.187 Disk 0 scanning C:\WINDOWS\system32\drivers
09:39:20.562 Service scanning
09:39:21.593 Modules scanning
09:40:23.625 Disk 0 trace - called modules:
09:40:23.671 ntkrnlpa.exe CLASSPNP.SYS disk.sys nvatabus.sys hal.dll
09:40:24.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a736ab8]
09:40:24.171 3 CLASSPNP.SYS[b80c8fd7] -> nt!IofCallDriver -> \Device\00000067[0x8a736030]
09:40:24.171 Scan finished successfully
09:41:03.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\patty\Desktop\MBR.dat"
09:41:03.515 The log file has been saved successfully to "C:\Documents and Settings\patty\Desktop\aswMBR.txt"

Edited by Pat Williams, 18 December 2011 - 09:45 AM.

#4
Jintan

Posted 18 December 2011 - 10:53 AM

Trusted Helper

Malware Removal
904 posts

Good you figured out the correct OTL second log - the one I asked for is from a different scan tool.

Some of the errors showing in the log seem to be Media Center specific, perhaps tying in with that "IP address conflict" notice. Any third party apps connected recently - iPod or Xbox etc.?

No outright tougher malware showing, though some adware and search hijacker activity shows. Let's assume tougher malware involvement, based on you needing to boot from "Last Known Good" (a saved registry copy from the last successful startup) to correct things, make some changes then check further.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel.

WeatherBug - Fairly aggressive adware program, though your choice should you prefer it.
InstallIQ Updater - W3i adware installer.

-----------

Open Firefox - Tools - Add-ons, and Remove the following:

Swag Bucks Community Toolbar - Conduit adware, search hijacker.

Still in Firefox, go to Help - Restart with Add-ons Disabled. In that "Firefox Safe Mode" display that opens, place checks next to the following, then click "Make changes and restart".

Reset all user preferences to Firefox defaults

Restore default search engines

You can change those later to whatever you prefer, but for now, too many search hijackers have altered things there.

------------

Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

#5
Pat Williams

Posted 19 December 2011 - 03:07 PM

Member

Topic Starter
Member
47 posts

Some of the errors showing in the log seem to be Media Center specific, perhaps tying in with that "IP address conflict" notice. Any third party apps connected recently - iPod or Xbox etc.?

Not that I know of ... :upset:

Here's the ComboFix file:

ComboFix 11-12-19.01 - patty 12/19/2011 14:39:37.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1490 [GMT -6:00]
Running from: c:\documents and settings\patty\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\C97C8631.TMP
c:\documents and settings\patty\WINDOWS
c:\windows\kb913800.exe
c:\windows\system32\BFADFBFFA6.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usbccgp
.
.
((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2005-08-16 09:18 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-13 14:10 . 2011-08-16 13:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2005-08-16 09:18 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2005-08-16 09:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2005-08-16 09:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2005-08-16 09:18 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2005-08-16 09:18 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2005-08-16 09:18 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2005-08-16 09:18 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 03:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-14 23:38 . 2005-08-16 09:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-11 20:00 . 2011-10-20 13:34 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-11 20:00 . 2011-10-20 13:34 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-11 20:00 . 2011-10-20 13:34 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-10 14:22 . 2005-08-16 09:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 07:50 . 2010-04-15 14:26 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 07:45 . 2011-08-07 15:03 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2005-08-16 09:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2005-08-16 09:18 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2005-08-16 09:18 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-21 04:04 . 2011-05-10 01:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\documents and settings\patty\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"C-Media Mixer"="Mixer.exe" [2002-10-16 1818624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-15 202256]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2005-11-08 25600]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2004-08-10 10:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 03:32 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ------w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50 81920 ------w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-04 03:31 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 21:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 21:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 03:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 03:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/2/2011 9:09 AM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/2/2011 9:09 AM 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/2/2011 9:09 AM 20568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 BlackBox;BlackBox SR2; [x]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [9/6/2010 3:29 PM 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 1:46 AM 198232]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 1:46 AM 198232]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 1:46 AM 1399384]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 1:46 AM 1399384]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 1:46 AM 73816]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 1:46 AM 73816]
S3 Diag69xp;Diag69xp;c:\windows\system32\Drivers\Diag69xp.sys --> c:\windows\system32\Drivers\Diag69xp.sys [?]
S3 NetgearGA311;NETGEAR GA311 Gigabit Adapter Driver;c:\windows\system32\drivers\G311N6.sys [8/9/2007 10:25 AM 70144]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3599948769-1508766627-293611528-1005Core.job
- c:\documents and settings\patty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-24 21:07]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3599948769-1508766627-293611528-1005UA.job
- c:\documents and settings\patty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-24 21:07]
.
2011-12-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3599948769-1508766627-293611528-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-12-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3599948769-1508766627-293611528-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.thehungersite.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\patty\Application Data\Mozilla\Firefox\Profiles\7lhtdebw.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil10v_Plugin.exe
AddRemove-Google Chrome - c:\documents and settings\patty\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\Installer\setup.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3599948769-1508766627-293611528-1005\Software\SecuROM\License information*]
"datasecu"=hex:40,9f,9e,34,fe,7d,d8,5a,39,cf,c3,f5,80,06,b4,ea,ad,01,d4,2c,b2,
51,94,9d,67,04,a8,8a,91,06,97,59,d9,5e,be,0a,fd,7e,51,b7,ed,bf,9d,34,97,e0,\
"rkeysecu"=hex:e2,26,6d,94,9c,ba,ad,1d,64,79,70,1b,d8,19,de,23
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3396)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\ehome\RMSvc.exe
c:\windows\ehome\McrdSvc.exe
c:\windows\Mixer.exe
c:\program files\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-12-19 15:03:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-19 21:03
.
Pre-Run: 85,350,195,200 bytes free
Post-Run: 86,397,698,048 bytes free
.
- - End Of File - - 6BC8DCAF249E7B5E3D11A7EF740F6928

#6
Jintan

Posted 19 December 2011 - 05:40 PM

Trusted Helper

Malware Removal
904 posts

Not much as far as ID'ing obvious malware, or it's settings. What make/model of router do you use, even is you are hard-wired right now? Have you ever changed the password, or are you using the default password for the router?

#7
Pat Williams

Posted 20 December 2011 - 07:35 AM

Member

Topic Starter
Member
47 posts

Not much as far as ID'ing obvious malware, or it's settings. What make/model of router do you use, even is you are hard-wired right now? Have you ever changed the password, or are you using the default password for the router?

Linksys 2.4 GHz model WRT54G

#8
Jintan

Posted 20 December 2011 - 07:29 PM

Trusted Helper

Malware Removal
904 posts

Okay, have you changed the password yet (default is admin)? I ask, as the malware clowns do know the default passwords, and on the off chance someone else with a "DNS Changer" infection has piggy-backed on your router access, the malware on their system would then access it using the default password. A stretch, but gotta check.

#9
Pat Williams

Posted 20 December 2011 - 09:39 PM

Member

Topic Starter
Member
47 posts

Okay, have you changed the password yet (default is admin)? I ask, as the malware clowns do know the default passwords, and on the off chance someone else with a "DNS Changer" infection has piggy-backed on your router access, the malware on their system would then access it using the default password. A stretch, but gotta check.

Changed the password on what?

#10
Jintan

Posted 20 December 2011 - 09:55 PM

Trusted Helper

Malware Removal
904 posts

Basically the steps here, to change the router from the default password. As I mentioned earlier, I had only seen that particular alert you received when an infected system was connecting to a wireless router. More importantly, you will need to reset the router (see here - scroll down to the bottom Resetting the Router - best I could find on short notice). Then reset the password.

#11
Pat Williams

Posted 21 December 2011 - 09:23 AM

Member

Topic Starter
Member
47 posts

Ok I changed the password. Now what?

Edited by Pat Williams, 21 December 2011 - 09:28 AM.

#12
Jintan

Posted 21 December 2011 - 05:28 PM

Trusted Helper

Malware Removal
904 posts

Reset the router and changed the password, yes? The purpose of that maneuver was to ensure no DNS Changer infected systems can make changes on your router. As for our work here, what problems are still occurring there we need to resolve please?

#13
Pat Williams

Posted 22 December 2011 - 09:11 AM

Member

Topic Starter
Member
47 posts

My computer runs pretty slow still -- much better than before, though. One question: I have Windows updates and hotfixes going back to 2005 on here. Can I delete any of these? If so, which ones? It's like half my computer is taken up with these things.

Thanks

#14
Jintan

Posted 23 December 2011 - 04:09 PM

Trusted Helper

Malware Removal
904 posts

Tough question. terribly difficult to tell the needed from the unneeded very often with those. Even if they are using drive space, you do seem to have a sufficient amount for now, and the future:

Drive C: | 148.96 Gb Total Space | 81.82 Gb Free Space | 54.93% Space Free | Partition Type: NTFS
Drive D: | 232.82 Gb Total Space | 232.74 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Malware has made changes on your system, like this setting so you don't get Security Center notifications (unless you chose that).

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

One of the files ComboFix removed web searches as Trojan.Banker. I would like to check that, and also ask you to do some standard scans to check for other malicious items.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

-----------

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000

Open Notepad (Start - Run, type Notepad then press OK), and copy the text inside the box above and paste it into the open Notepad textbox.

Save this to your desktop as "fixer.reg"

Be sure to include the "" quotes in the name.

Then right click fixer.reg, select Merge, and allow it to merge the new information with the Registry.

------------

Please locate the following hilighted folder, zip a copy of it, and send it to jintan AT malwarecrypt.com as an attachment. Please place "Submitted Files -Pat Williams/g2g/cf" as the email Subject.

C:\qoobox\Quarantine\C\windows

-----------

Download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup-1.51.0.1200.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

----------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications

Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log and the Malwarebytes log please.

#15
Pat Williams

Posted 27 December 2011 - 01:43 PM

Member

Topic Starter
Member
47 posts

Post that log and the Malwarebytes log please.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP91\A0017652.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

--

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122703

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/27/2011 11:54:48 AM
mbam-log-2011-12-27 (11-54-48).txt

Scan type: Quick scan
Objects scanned: 183647
Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)