WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Browsers crash, Pogo games won't run

Started by KellyB , Aug 14 2011 07:28 PM

This topic is locked

17 replies to this topic

#1 KellyB

New Member

Authentic Member
13 posts

Posted 14 August 2011 - 07:28 PM

Pogo was working last week (with older Java) but this week, get a "Can't connect to server" error in every game. Also IE was crashing. Installed Firefox, Pogo games won't load. Upgraded Java, same problem. Installed Chrome, same problem. Also sometimes Firefox will close unexpectedly. Have run Malwarebytes and nothing found. Any help appreciated.
Was told to post here.

OTL logfile created on: 8/14/2011 6:13:23 PM - Run 1
OTL by OldTimer - Version 3.2.26.3 Folder = C:\Documents and Settings\Kelly\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.23 Mb Total Physical Memory | 325.80 Mb Available Physical Memory | 36.39% Memory free
3.43 Gb Paging File | 2.98 Gb Available in Paging File | 86.78% Paging File free
Paging file location(s): C:\pagefile.sys 2688 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 76.02 Gb Total Space | 35.43 Gb Free Space | 46.61% Space Free | Partition Type: NTFS
Drive E: | 30.01 Gb Total Space | 7.20 Gb Free Space | 23.99% Space Free | Partition Type: NTFS
Drive F: | 5.76 Gb Total Space | 0.88 Gb Free Space | 15.20% Space Free | Partition Type: NTFS

Computer Name: KRBSPC | User Name: Kelly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kelly\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Kelly\Local Settings\Application Data\Google\Update\1.3.21.65\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\WINXP\system32\r_server.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Marxio Timer\Marxio Timer.exe (Marek Mantaj)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\WINXP\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Mouse Driver\MouseDrv.exe ()
PRC - C:\noisykey\Nkboard.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Kelly\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\defs\11081400\algo.dll ()
MOD - C:\Documents and Settings\Kelly\Local Settings\Application Data\Google\Update\1.3.21.65\goopdate.dll (Google Inc.)
MOD - C:\Documents and Settings\Kelly\Local Settings\Application Data\Google\Update\1.3.21.65\GoogleCrashHandler.exe (Google Inc.)
MOD - C:\Program Files\Alwil Software\Avast5\defs\11081400\aswScan.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\defs\11081400\aswEngin.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\defs\11081400\aswCmnBS.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\defs\11081400\aswRep.dll ()
MOD - C:\Program Files\Alwil Software\Avast5\defs\11081400\aswCmnIS.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\defs\11081400\aswCmnOS.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\defs\11081400\ArPot.dll (AVAST Software)
MOD - C:\Documents and Settings\All Users.WINXP\Application Data\Skype\Plugins\ezPMUtils.dll (EasyBits Media)
MOD - C:\Documents and Settings\All Users.WINXP\Application Data\Easybits GO\ezGameXN.dll (EasyBits Media)
MOD - C:\Documents and Settings\All Users.WINXP\Application Data\Easybits GO\Games\53F537B72987463CB06D78F5541A3239\skGamesUpdate.dll (EasyBits Software AS)
MOD - C:\WINXP\system32\jsproxy.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll (Adobe Systems, Inc.)
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
MOD - C:\WINXP\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll (Microsoft Corporation)
MOD - c:\winxp\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll ()
MOD - c:\winxp\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll ()
MOD - c:\winxp\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll ()
MOD - c:\winxp\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll ()
MOD - c:\winxp\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll ()
MOD - c:\winxp\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll ()
MOD - c:\winxp\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll ()
MOD - c:\winxp\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll ()
MOD - c:\winxp\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll ()
MOD - c:\winxp\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll ()
MOD - c:\winxp\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll ()
MOD - c:\winxp\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll ()
MOD - c:\winxp\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll ()
MOD - c:\winxp\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll ()
MOD - c:\winxp\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll ()
MOD - c:\winxp\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll ()
MOD - c:\winxp\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll ()
MOD - c:\winxp\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll ()
MOD - c:\winxp\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll ()
MOD - c:\winxp\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll ()
MOD - c:\winxp\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll ()
MOD - c:\winxp\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll ()
MOD - c:\winxp\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll ()
MOD - c:\winxp\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll ()
MOD - C:\WINXP\system32\r_server.exe ()
MOD - C:\WINXP\system32\AdmDll.dll ()
MOD - C:\WINXP\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll (Microsoft Corporation)
MOD - C:\WINXP\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINXP\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINXP\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll (Microsoft Corporation)
MOD - C:\WINXP\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\mfc42.dll (Microsoft Corporation)
MOD - C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation)
MOD - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALUSB.dll (Logitech, Inc.)
MOD - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMOU.dll (Logitech, Inc.)
MOD - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMW.dll (Logitech, Inc.)
MOD - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
MOD - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALHPP.dll (Logitech, Inc.)
MOD - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALITCH.dll (Logitech, Inc.)
MOD - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALAPI.dll (Logitech, Inc.)
MOD - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALHID.dll (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroMedia.dll (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroEmail.dll (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroAppSwitch.dll (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPointP\WebBrowserSupport.dll (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPointP\SetPointCOM.dll (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPointP\LCabHandler.dll (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPointP\KGame.dll (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPointP\khalwrapper.dll (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPointP\KemXML.dll (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPointP\KemUtil.dll (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPointP\KemWnd.dll (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPointP\kemutb.dll (Logitech, Inc.)
MOD - C:\Program Files\Logitech\SetPointP\KemMon.dll (Logitech, Inc.)
MOD - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
MOD - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.dll (Logitech, Inc.)
MOD - C:\WINXP\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll (Microsoft Corporation)
MOD - c:\winxp\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_45ef1598\mscorlib.dll ()
MOD - c:\winxp\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_37859ac2\system.drawing.dll ()
MOD - c:\winxp\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_27628ae3\system.xml.dll ()
MOD - c:\winxp\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_276c58a2\system.windows.forms.dll ()
MOD - c:\winxp\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_068d1fc9\system.dll ()
MOD - c:\winxp\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - C:\Program Files\Alwil Software\Avast5\1033\uiLangRes.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\1033\Base.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\CommonRes.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\aswUtil.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\aswSqLt.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\aswProperty.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\aswLog.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\aswIdle.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\aswDld.dll ()
MOD - C:\Program Files\Alwil Software\Avast5\aswData.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\aswAux.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\ashWsFtr.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\ashWebSv.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\ashTask.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\ashServ.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\ashMaiSv.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\ashBase.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\AhResWS.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\AhResStd.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\ahResP2P.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\AhResNS.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\ahResMes.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\AhResMai.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\AhResBhv.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\AavmRpch.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\Aavm4h.dll (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
MOD - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
MOD - C:\WINXP\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\WMVCore.dll (Microsoft Corporation)
MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\msvcp71.dll (Microsoft Corporation)
MOD - C:\Program Files\CyberLink\Power2Go\msvcr71.dll (Microsoft Corporation)
MOD - C:\Program Files\Spybot - Search & Destroy\advcheck.dll (Safer-Networking Ltd.)
MOD - C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax (CyberLink)
MOD - C:\Program Files\Marxio Timer\Marxio Timer.exe (Marek Mantaj)
MOD - C:\Program Files\CyberLink\YouCam\YCRgl.ax (Cyberlink)
MOD - C:\Program Files\CyberLink\YouCam\msvcr71.dll (Microsoft Corporation)
MOD - C:\Program Files\CyberLink\YouCam\msvcp71.dll (Microsoft Corporation)
MOD - C:\Program Files\CyberLink\YouCam\MFC71u.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\wucltui.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\wups2.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\mucltui.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\msls31.dll (Microsoft Corporation)
MOD - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MOD - C:\WINXP\system32\atipdlxx.dll (ATI Technologies, Inc.)
MOD - C:\WINXP\system32\ati2edxx.dll (ATI Technologies, Inc.)
MOD - C:\WINXP\system32\ati2evxx.dll (ATI Technologies Inc.)
MOD - C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, S.L.)
MOD - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
MOD - C:\Program Files\Zoom Player\zpshlext.dll ()
MOD - C:\WINXP\system32\mscms.dll (Microsoft Corporation)
MOD - c:\winxp\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\winxp\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\winxp\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\winxp\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll ()
MOD - c:\winxp\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll ()
MOD - c:\winxp\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll ()
MOD - c:\winxp\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll ()
MOD - c:\winxp\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll ()
MOD - c:\winxp\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll ()
MOD - c:\winxp\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll ()
MOD - c:\winxp\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()
MOD - C:\WINXP\system32\rdpwsx.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\drmclien.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\bthprops.cpl (Microsoft Corporation)
MOD - C:\WINXP\system32\wsnmp32.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\wship6.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\wmasf.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\wmidx.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\wlanapi.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\System\wab32.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\vdmdbg.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\unimdmat.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\sti.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\snmpapi.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\shfolder.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\security.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\msoert2.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\msimtf.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\msdmo.dll ()
MOD - C:\WINXP\system32\modemui.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\mgmtapi.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\ksuser.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\faultrep.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\dxdiagn.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\dsound.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\devmgr.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\devenum.dll ()
MOD - C:\WINXP\system32\wmploc.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\browselc.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\System\wab32res.dll (Microsoft Corporation)
MOD - C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll ()
MOD - C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
MOD - C:\Program Files\Lavasoft\Ad-Aware 2007\CEAPI.dll (Lavasoft)
MOD - C:\Program Files\Lavasoft\Ad-Aware 2007\Update.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware 2007\pkarchive85u.dll (PKWARE, Inc.)
MOD - C:\WINXP\system32\relog_ap.dll (Acronis)
MOD - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
MOD - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc (Hewlett-Packard Development Company, L.P.)
MOD - C:\WINXP\system32\hpowiax2.dll (Hewlett-Packard)
MOD - C:\WINXP\system32\hpz3l054.dll (Hewlett-Packard Company)
MOD - C:\WINXP\system32\spool\prtprocs\w32x86\hpzpp054.dll (Hewlett-Packard Corporation)
MOD - C:\WINXP\system32\spool\drivers\w32x86\3\hpcdmc32.dll (HP)
MOD - C:\WINXP\system32\HPZipm12.exe (HP)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpodvd09.dll (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpoddcomm09.dll (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpqste08.rsc (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpqmfc09.dll (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll (Hewlett-Packard Development Company, L.P.)
MOD - c:\Program Files\HP\Digital Imaging\bin\hpqmirsc.dll (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpqvdcom.dll (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\bin\hpqimgr.dll (Hewlett-Packard Development Company, L.P.)
MOD - C:\Program Files\HP\Digital Imaging\Unload\hpnkhTA.dll (Hewlett-Packard)
MOD - C:\WINXP\system32\hpzjrd01.dll (Hewlett Packard)
MOD - C:\WINXP\system32\HPTcpMUI.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\HPTcpMon.dll (Hewlett Packard)
MOD - C:\WINXP\system32\HPTcpMib.dll (Hewlett Packard)
MOD - C:\WINXP\system32\hpzsnt12.dll (HP)
MOD - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
MOD - C:\Program Files\HP\Digital Imaging\bin\dbghelp.dll (Microsoft Corporation)
MOD - C:\Program Files\HP\Digital Imaging\bin\crm\hpqcrmcm.dll (Hewlett-Packard Company)
MOD - C:\Program Files\HP\Digital Imaging\bin\ltkrn13n.dll (LEAD Technologies, Inc.)
MOD - C:\Program Files\HP\Digital Imaging\bin\ltfil13n.DLL (LEAD Technologies, Inc.)
MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll ()
MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\WINXP\system32\HPZipr12.dll (HP)
MOD - C:\WINXP\system32\HPZidr12.dll (HP)
MOD - C:\WINXP\system32\mapi32.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\utildll.dll (Microsoft Corporation)
MOD - C:\Program Files\Mouse Driver\MouseDrv.exe ()
MOD - C:\Program Files\Mouse Driver\MouseHook.dll ()
MOD - C:\Program Files\Common Files\Ahead\Lib\MFC71.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Ahead\Lib\msvcp71.dll (Microsoft Corporation)
MOD - C:\Program Files\Nero\Nero 7\Nero BackItUp\mfc71u.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\mfc71.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\MFC71ENU.DLL (Microsoft Corporation)
MOD - C:\WINXP\system32\atl71.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Ahead\Lib\msvcr71.dll (Microsoft Corporation)
MOD - C:\WINXP\system32\spool\prtprocs\w32x86\ppbiPr.dll (Black Ice Software)
MOD - C:\noisykey\Nkboard.dll ()
MOD - C:\noisykey\Nkboard.exe ()

========== Win32 Services (SafeList) ==========

SRV - (SeaPort) -- File not found
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (Pml Driver HPZ12) -- C:\WINXP\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINXP\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\WINXP\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINXP\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINXP\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINXP\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINXP\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (LMouFilt) -- C:\WINXP\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINXP\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINXP\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (RTL8023xp) -- C:\WINXP\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ati2mtag) -- C:\WINXP\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINXP\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (KMWDFILTER) -- C:\WINXP\system32\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV - (USB_RNDIS_XP) -- C:\WINXP\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (BANTExt) -- C:\WINXP\System32\Drivers\BANTExt.sys ()
DRV - (timounter) -- C:\WINXP\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINXP\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINXP\system32\DRIVERS\snapman.sys (Acronis)
DRV - (n558) -- C:\WINXP\system32\drivers\n558.sys ()
DRV - (oxpar) -- C:\WINXP\system32\drivers\oxpar.sys (OEM)
DRV - (oxmep) -- C:\WINXP\system32\drivers\oxmep.sys (OEM)
DRV - (HSFHWBS2) -- C:\WINXP\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINXP\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINXP\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINXP\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (SMPLSCSI) -- C:\WINXP\System32\drivers\SMPLSCSI.SYS (OnSpec Electronic, Inc.)
DRV - (ONSIO) -- C:\WINXP\system32\drivers\ONSIO.SYS ()
DRV - (ASPI32) -- C:\WINXP\System32\drivers\ASPI32.SYS (Adaptec)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...r...d&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Kelly\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Kelly\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/03 17:15:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/04/02 19:56:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Extensions
[2011/08/01 17:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\oczf82m1.default\extensions
[2011/08/01 17:23:31 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\oczf82m1.default\extensions\gamesbar@oberon-media.com
[2011/08/14 17:48:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/14 17:48:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/08/14 17:48:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/03 17:15:20 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/03 17:15:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/04/15 16:54:31 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober21260203.xml

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINXP\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe ()
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Kelly\Start Menu\Programs\Startup\Shortcut to Nkboard.exe.lnk = C:\noisykey\Nkboard.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINXP\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINXP\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINXP\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINXP\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINXP\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINXP\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINXP\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINXP\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINXP\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINXP\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINXP\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINXP\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINXP\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINXP\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/14 18:08:49 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.exe
[2011/08/14 17:48:48 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINXP\System32\javacpl.cpl
[2011/08/14 17:48:47 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINXP\System32\javaws.exe
[2011/08/14 17:48:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINXP\System32\javaw.exe
[2011/08/14 17:48:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINXP\System32\java.exe
[2011/08/14 17:48:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/08/13 15:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Start Menu\Programs\Google Chrome
[2011/08/13 13:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Sun
[2011/08/13 13:51:52 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINXP\System32\deployJava1.dll
[2011/08/09 20:16:08 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\rdpwd.sys
[2011/08/09 20:13:23 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\ndistapi.sys
[2011/08/05 10:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Local Settings\Application Data\Power2Go
[2011/08/04 16:40:31 | 000,115,016 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\MSINET.OCX
[2011/08/04 16:40:31 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\Vb6stkit.dll
[2011/08/04 16:40:31 | 000,102,160 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\VB6KO.DLL
[2011/08/04 16:40:31 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\wbemdisp.tlb
[2011/08/04 16:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\CyberLink
[2011/08/04 16:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\LG Power Tools
[2011/08/04 16:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Start Menu\Programs\LG Power Tools
[2011/08/04 16:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2011/08/04 16:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\CyberLink
[2011/08/01 15:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Spybot - Search & Destroy
[2011/08/01 14:35:08 | 000,000,000 | -H-D | C] -- C:\WINXP\ie8
[2011/07/31 17:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Malwarebytes' Anti-Malware
[1 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2181/08/07 18:45:23 | 000,003,120 | ---- | M] () -- C:\WINXP\MF_C421.lfa
[2181/08/07 18:45:23 | 000,003,120 | ---- | M] () -- C:\WINXP\MF_C420.lfa
[2011/08/14 18:14:00 | 000,000,978 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-2139871995-725345543-1003UA.job
[2011/08/14 18:08:54 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.exe
[2011/08/14 17:52:01 | 000,000,886 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/14 17:48:29 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINXP\System32\javaws.exe
[2011/08/14 17:48:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINXP\System32\javaw.exe
[2011/08/14 17:48:29 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINXP\System32\javacpl.cpl
[2011/08/14 17:48:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINXP\System32\deployJava1.dll
[2011/08/14 17:48:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINXP\System32\java.exe
[2011/08/14 15:14:00 | 000,000,926 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-2139871995-725345543-1003Core.job
[2011/08/14 13:49:32 | 000,000,116 | ---- | M] () -- C:\WINXP\NeroDigital.ini
[2011/08/14 10:52:00 | 000,000,882 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/14 09:52:48 | 000,406,594 | ---- | M] () -- C:\WINXP\System32\perfh009.dat
[2011/08/14 09:52:48 | 000,063,920 | ---- | M] () -- C:\WINXP\System32\perfc009.dat
[2011/08/14 09:48:42 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2011/08/14 09:48:00 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2011/08/14 09:47:56 | 938,790,912 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/13 18:03:10 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\UserIDs & Passwords.wdb
[2011/08/13 15:15:13 | 000,002,310 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\Google Chrome.lnk
[2011/08/13 15:15:13 | 000,002,288 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/12 16:06:14 | 000,002,507 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/08/10 20:13:22 | 000,000,205 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Online Games Free Games Online Games Pogo Games.url
[2011/08/09 20:56:56 | 000,001,355 | ---- | M] () -- C:\WINXP\imsins.BAK
[2011/08/07 11:30:32 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\Consumer Cellular.url
[2011/08/07 11:29:52 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\Dictionary.com.url
[2011/08/07 09:56:14 | 000,000,310 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\wccls.org.url
[2011/08/05 22:56:37 | 000,000,286 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\craigslist.url
[2011/08/05 22:42:27 | 000,000,444 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\ncnetwork.net.url
[2011/08/05 22:34:38 | 000,000,227 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\Westell.url
[2011/08/05 22:33:03 | 000,004,888 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\AccuWeather.url
[2011/08/05 21:53:59 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\a2z WordFinder.url
[2011/08/05 21:48:33 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINXP\System32\FlashPlayerCPLApp.cpl
[2011/08/04 21:48:26 | 000,000,496 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\City of Forest Grove.url
[2011/08/04 16:44:29 | 000,000,000 | ---- | M] () -- C:\WINXP\lgfwup.ini
[2011/08/04 16:32:40 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINXP\System32\drivers\LNonPnP.sys
[2011/08/01 14:42:21 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/01 13:57:36 | 000,002,060 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.url
[2011/07/30 22:06:48 | 000,000,396 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Google.url
[2011/07/30 09:47:30 | 000,211,000 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\TotalRecipeSearch.exe
[2011/07/29 08:51:31 | 000,000,239 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Oregon First Community Credit Union.url
[2011/07/25 08:17:44 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\mshtml.dll
[1 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]

========== Files Created - No Company Name ==========

[2181/08/07 18:45:23 | 000,003,120 | ---- | C] () -- C:\WINXP\MF_C421.lfa
[2181/08/07 18:45:23 | 000,003,120 | ---- | C] () -- C:\WINXP\MF_C420.lfa
[2011/08/13 15:15:13 | 000,002,310 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\Google Chrome.lnk
[2011/08/13 15:15:13 | 000,002,288 | ---- | C] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/13 15:09:39 | 000,000,978 | ---- | C] () -- C:\WINXP\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-2139871995-725345543-1003UA.job
[2011/08/13 15:09:38 | 000,000,926 | ---- | C] () -- C:\WINXP\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-2139871995-725345543-1003Core.job
[2011/08/10 20:13:22 | 000,000,205 | ---- | C] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Online Games Free Games Online Games Pogo Games.url
[2011/08/04 16:40:34 | 000,000,000 | ---- | C] () -- C:\WINXP\lgfwup.ini
[2011/07/30 09:47:30 | 000,211,000 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\TotalRecipeSearch.exe
[2011/05/17 16:23:01 | 000,077,824 | R--- | C] () -- C:\WINXP\System32\HPZIDS01.dll
[2011/05/10 19:09:23 | 000,117,153 | ---- | C] () -- C:\WINXP\hpoins11.dat
[2011/04/26 21:06:46 | 000,184,320 | ---- | C] () -- C:\WINXP\System32\r_server.exe
[2011/04/26 20:54:27 | 000,090,112 | ---- | C] () -- C:\WINXP\System32\AdmDll.dll
[2011/04/02 19:55:06 | 000,000,000 | ---- | C] () -- C:\WINXP\nsreg.dat
[2011/01/22 22:21:15 | 000,071,127 | ---- | C] () -- C:\WINXP\hpqins01.dat
[2011/01/13 00:21:01 | 000,000,172 | ---- | C] () -- C:\WINXP\System32\MRT.INI
[2009/07/28 10:58:26 | 000,000,000 | ---- | C] () -- C:\WINXP\ativpsrm.bin
[2009/07/28 10:56:30 | 000,593,920 | ---- | C] () -- C:\WINXP\System32\ati2sgag.exe
[2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINXP\System32\RtNicProp32.dll
[2009/02/25 13:58:44 | 003,107,788 | ---- | C] () -- C:\WINXP\System32\ativva5x.dat
[2009/02/25 13:58:44 | 000,887,724 | ---- | C] () -- C:\WINXP\System32\ativva6x.dat
[2009/02/07 13:07:00 | 000,000,000 | ---- | C] () -- C:\WINXP\FullDisk.INI
[2009/01/26 10:55:37 | 000,182,995 | ---- | C] () -- C:\WINXP\System32\atiicdxx.dat
[2009/01/19 17:05:00 | 002,527,105 | ---- | C] () -- C:\Program Files\vcdgear355.zip
[2009/01/10 15:03:56 | 000,057,344 | ---- | C] () -- C:\WINXP\System32\ff_vfw.dll
[2009/01/10 14:29:15 | 000,000,116 | ---- | C] () -- C:\WINXP\NeroDigital.ini
[2008/10/21 08:13:42 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2008/07/16 15:07:51 | 000,000,036 | -H-- | C] () -- C:\WINXP\System32\f9t.dat
[2008/06/13 16:00:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kelly\Application Data\wklnhst.dat
[2008/06/07 10:16:16 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\fusioncache.dat
[2008/06/06 12:17:15 | 000,112,397 | ---- | C] () -- C:\WINXP\hpoins07.dat
[2008/06/06 12:17:15 | 000,021,124 | ---- | C] () -- C:\WINXP\hpomdl07.dat
[2008/05/26 12:57:14 | 000,000,056 | ---- | C] () -- C:\WINXP\WININIT.INI
[2008/05/25 20:02:26 | 000,027,019 | ---- | C] () -- C:\WINXP\maxlink.ini
[2008/05/17 10:56:16 | 000,000,056 | -H-- | C] () -- C:\WINXP\System32\ezsidmv.dat
[2008/03/29 13:16:45 | 000,000,664 | ---- | C] () -- C:\WINXP\System32\d3d9caps.dat
[2008/03/02 16:58:45 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/17 12:03:35 | 000,045,056 | ---- | C] () -- C:\WINXP\System32\vusetup.dll
[2008/02/06 11:10:38 | 000,000,136 | ---- | C] () -- C:\WINXP\SWISNIFE.INI
[2008/02/06 11:10:32 | 000,196,576 | ---- | C] () -- C:\WINXP\System32\drivers\ONSIO.SYS
[2008/02/06 11:10:00 | 000,000,248 | ---- | C] () -- C:\WINXP\OPLIMIT.DAT
[2008/02/05 17:51:28 | 000,001,012 | ---- | C] () -- C:\WINXP\Ulead32.ini
[2008/02/03 18:57:30 | 000,000,552 | ---- | C] () -- C:\WINXP\System32\d3d8caps.dat
[2008/01/28 08:56:28 | 000,003,840 | ---- | C] () -- C:\WINXP\System32\drivers\BANTExt.sys
[2008/01/27 17:39:39 | 000,000,030 | ---- | C] () -- C:\WINXP\INTURS.DAT
[2008/01/27 17:39:29 | 000,000,165 | ---- | C] () -- C:\WINXP\QUICKEN.INI
[2008/01/27 17:37:09 | 000,000,370 | ---- | C] () -- C:\WINXP\ODBC.INI
[2008/01/27 16:50:57 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat
[2008/01/27 16:44:19 | 000,021,640 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat
[2008/01/27 08:35:17 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI
[2008/01/27 08:34:02 | 000,173,080 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT
[2007/12/14 12:32:52 | 000,012,632 | ---- | C] () -- C:\WINXP\System32\lsdelete.exe
[2007/08/15 07:27:18 | 000,009,600 | ---- | C] () -- C:\WINXP\System32\drivers\n558.sys
[2006/05/05 14:18:56 | 000,011,634 | ---- | C] () -- C:\WINXP\hpomdl11.dat
[2005/09/11 19:35:18 | 000,000,000 | ---- | C] () -- C:\WINXP\System32\px.ini
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINXP\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINXP\System32\mlang.dat
[2004/08/04 05:00:00 | 000,406,594 | ---- | C] () -- C:\WINXP\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINXP\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINXP\System32\dssec.dat
[2004/08/04 05:00:00 | 000,063,920 | ---- | C] () -- C:\WINXP\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINXP\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINXP\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINXP\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINXP\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINXP\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINXP\System32\noise.dat
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINXP\System32\Jpeg32.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINXP\System32\hptcpmon.ini
[1999/03/22 01:00:00 | 000,065,536 | ---- | C] () -- C:\WINXP\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/09/12 20:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Acronis
[2010/12/19 12:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Alwil Software
[2011/08/14 18:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Easybits GO
[2008/01/27 18:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\IM
[2008/02/13 11:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\IncrediMail
[2008/05/27 14:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\JollyBear
[2011/08/01 15:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\LNGDHBAZXG
[2008/03/23 14:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Musicnotes
[2011/04/16 13:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Oberon Media
[2010/05/15 10:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\PhotoMail
[2008/05/25 20:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\ScanSoft
[2011/08/04 16:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\TEMP
[2009/01/10 13:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\WinZip
[2011/06/18 09:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Zoom Player
[2008/09/27 09:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\DeLorme
[2011/08/14 16:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\go
[2008/10/21 09:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\HotSync
[2008/05/26 13:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Leadertech
[2011/04/26 20:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Oberon Media
[2008/02/03 18:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Pogo Games
[2008/06/01 12:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Radmin
[2008/05/25 20:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\ScanSoft
[2008/09/17 14:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Skinux
[2008/08/16 07:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Stamps.com Internet Postage
[2008/10/21 09:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Supreme Auction
[2008/06/13 15:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Template

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/05/19 18:55:40 | 000,000,207 | -HS- | M] () -- C:\boot.ini
[2006/11/02 02:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2006/12/11 12:59:35 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/06/13 12:48:39 | 000,000,227 | ---- | M] () -- C:\CtDrvIns.log
[2008/06/13 12:49:52 | 000,003,031 | ---- | M] () -- C:\CtDrvStp.log
[2011/08/14 09:47:56 | 938,790,912 | -HS- | M] () -- C:\hiberfil.sys
[2008/01/26 14:35:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/08/14 09:51:32 | 000,090,395 | ---- | M] () -- C:\mombi.log
[2008/01/26 14:35:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/18 03:34:55 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/08/14 09:47:52 | 2818,572,288 | -HS- | M] () -- C:\pagefile.sys
[2008/06/11 04:44:18 | 000,088,516 | ---- | M] () -- C:\QDATA.IDX
[2008/06/11 04:44:18 | 004,575,960 | ---- | M] () -- C:\QDATA.QDF
[2008/06/11 04:44:18 | 000,373,760 | ---- | M] () -- C:\QDATA.QEL
[2004/11/11 19:08:22 | 000,000,032 | ---- | M] () -- C:\QDATA.QPH
[2008/06/11 04:44:18 | 000,016,996 | ---- | M] () -- C:\QDATA.QSD
[2010/12/14 13:42:26 | 000,120,393 | ---- | M] () -- C:\Quicken 2008.IDX
[2010/12/14 13:42:26 | 002,569,104 | ---- | M] () -- C:\Quicken 2008.QDF
[2010/12/14 13:42:26 | 000,154,624 | ---- | M] () -- C:\Quicken 2008.QEL
[2010/12/15 22:08:33 | 183,947,087 | ---- | M] () -- C:\quicken2010.zip
[2008/06/28 10:14:52 | 000,003,742 | ---- | M] () -- C:\QuickenOLBackupLauncher.IDX
[2008/06/28 10:14:52 | 001,087,560 | ---- | M] () -- C:\QuickenOLBackupLauncher.QDF
[2008/06/28 10:14:52 | 000,029,696 | ---- | M] () -- C:\QuickenOLBackupLauncher.QEL
[2008/06/01 13:28:49 | 001,511,664 | ---- | M] () -- C:\RADMIN20.EXE
[2006/12/11 13:17:58 | 000,000,402 | ---- | M] () -- C:\RHDSetup.log
[2009/01/31 17:42:53 | 000,001,235 | ---- | M] () -- C:\sti.log
[2006/12/11 13:27:36 | 000,000,000 | ---- | M] () -- C:\Trace.log

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >
[2006/02/19 03:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINXP\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2008/01/27 16:47:21 | 000,000,067 | -HS- | M] () -- C:\WINXP\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/04/10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINXP\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2001/11/20 14:37:28 | 000,047,616 | R--- | M] (Black Ice Software) -- C:\WINXP\system32\spool\prtprocs\w32x86\ppbiPr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 09:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINXP\avastSS.scr
[1 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/19 17:08:26 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2009/01/19 17:05:44 | 002,527,105 | ---- | M] () -- C:\Program Files\vcdgear355.zip

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/27 08:33:04 | 000,094,208 | ---- | M] () -- C:\WINXP\System32\config\default.sav
[2008/01/27 08:33:04 | 000,659,456 | ---- | M] () -- C:\WINXP\System32\config\software.sav
[2008/01/27 08:33:04 | 000,888,832 | ---- | M] () -- C:\WINXP\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/18 03:43:46 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/01/27 16:54:43 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2011/08/01 13:57:36 | 000,002,060 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.url
[2011/08/10 20:13:22 | 000,000,205 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Online Games Free Games Online Games Pogo Games.url
[2011/07/30 22:06:48 | 000,000,396 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Google.url
[2011/07/29 08:51:31 | 000,000,239 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Oregon First Community Credit Union.url
[2011/07/09 11:18:16 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Send Money, Pay Online, and Receive Money - all with PayPal.url
[2008/01/27 16:54:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2009/09/06 15:15:01 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\TVGuide.com.url

< %USERPROFILE%\Desktop\*.exe >
[2011/08/14 18:08:54 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-14 03:34:25

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINXP\Application Data\TEMP:4EFDF5FB
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINXP\Application Data\TEMP:54997B77
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users.WINXP\Application Data\TEMP:225C4FFC

< End of report >

Advertisements

Register to Remove

#2 KellyB

New Member

Authentic Member
13 posts

Posted 14 August 2011 - 07:30 PM

OTL Extras logfile created on: 8/14/2011 6:13:23 PM - Run 1
OTL by OldTimer - Version 3.2.26.3 Folder = C:\Documents and Settings\Kelly\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.23 Mb Total Physical Memory | 325.80 Mb Available Physical Memory | 36.39% Memory free
3.43 Gb Paging File | 2.98 Gb Available in Paging File | 86.78% Paging File free
Paging file location(s): C:\pagefile.sys 2688 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 76.02 Gb Total Space | 35.43 Gb Free Space | 46.61% Space Free | Partition Type: NTFS
Drive E: | 30.01 Gb Total Space | 7.20 Gb Free Space | 23.99% Space Free | Partition Type: NTFS
Drive F: | 5.76 Gb Total Space | 0.88 Gb Free Space | 15.20% Space Free | Partition Type: NTFS

Computer Name: KRBSPC | User Name: Kelly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acronis\TrueImageWorkstation\TrueImage.exe" = C:\Program Files\Acronis\TrueImageWorkstation\TrueImage.exe:*:Enabled:Acronis True Image -- (Acronis)
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
"C:\Users\Kelly\Local Settings\Temporary Internet Files\Content.IE5\COBDU333\magentic_install[1].exe" = C:\Users\Kelly\Local Settings\Temporary Internet Files\Content.IE5\COBDU333\magentic_install[1].exe:*:Enabled:IncrediMail Installer
"C:\Program Files\Magentic\bin\Magentic.exe" = C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic
"C:\Program Files\Magentic\bin\MgImp.exe" = C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic
"C:\Program Files\Magentic\bin\MgApp.exe" = C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic
"C:\Users\Kelly\Local Settings\Temporary Internet Files\Content.IE5\COBDU333\incredimail_install[1].exe" = C:\Users\Kelly\Local Settings\Temporary Internet Files\Content.IE5\COBDU333\incredimail_install[1].exe:*:Enabled:IncrediMail Installer
"C:\Users\Kelly\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe" = C:\Users\Kelly\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe:*:Enabled:IncrediMail Installer
"C:\Users\Kelly\Local Settings\Temporary Internet Files\Content.IE5\7JLXXT5U\incredimail_install[1].exe" = C:\Users\Kelly\Local Settings\Temporary Internet Files\Content.IE5\7JLXXT5U\incredimail_install[1].exe:*:Enabled:IncrediMail Installer
"C:\Users\Kelly\Desktop\Remote Administrator v2.0\r_server.exe" = C:\Users\Kelly\Desktop\Remote Administrator v2.0\r_server.exe:*:Enabled:r_server
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\WINXP\system32\r_server.exe" = C:\WINXP\system32\r_server.exe:*:Enabled:r_server.exe -- ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
"C:\Users\Kelly\Local Settings\Temp\ImInstaller\3d_magic_installer.exe" = C:\Users\Kelly\Local Settings\Temp\ImInstaller\3d_magic_installer.exe:*:Enabled:IncrediMail Installer
"C:\Users\Kelly\Local Settings\Temp\ImInstaller\incredimail_installer.exe" = C:\Users\Kelly\Local Settings\Temp\ImInstaller\incredimail_installer.exe:*:Enabled:IncrediMail Installer
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{016CF441-8F40-469E-923B-35E2F9363E54}" = Radmin Viewer 3.1
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0C3EC2CF-CC86-4950-B0CB-8CCF5FE8EA04}" = Smead Viewables
"{15382D89-6EF6-4D21-9484-B500F2B10E46}" = PhotoMail Maker
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{2545228C-6A70-4A01-B936-6DA77984D298}" = Acronis True Image Workstation
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{2EBA5473-558B-462C-AEE4-FE50FA799F2A}" = Mouse Driver
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3E913965-40E7-4801-8C53-82A61E1533E7}" = Shipping Assistant 3.7
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B3282FB8-874B-4054-8356-9EB391A826F9}" = OLYMPUS muvee theaterPack
"{B3B4CD34-6C20-4b28-A231-FEC55B42C579}" = c6100_Help
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8574AE5-370F-4246-A301-B85A2CC89A5E}" = C6100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.2
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1E44702-21F5-4918-B8A3-6D126D5BD33C}" = Windows Messenger 5.1
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Try And Buy
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F9469799-696F-427D-B314-79E7AA681033}" = Nero 7 Ultra Edition
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"3D45FF85E81791CAE63BBEE9AA7052EE84E7D927" = Windows Driver Package - ATI Technologies Inc System (03/29/2006 5.10.1000.7)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.1
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FullDisk" = FullDisk
"HaaliMkx" = Haali Media Splitter
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Marxio Timer_is1" = Marxio Timer 1.11
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"OpenSource MPEG Splitter" = OpenSource MPEG Splitter (remove only)
"OpenSource MPEG2 Video Decoder" = OpenSource MPEG2 Video Decoder (remove only)
"PhotoMail" = PhotoMail Maker
"RealMedia" = RealMedia (remove only)
"Remote Administrator v2.0" = Remote Administrator v2.0
"SCANPORT ScanModule V2.39" = SCANPORT ScanModule V2.39
"SHOUTcast Source" = SHOUTcast Source (remove only)
"sp6" = Logitech SetPoint 6.20
"VIEWables Software" = VIEWables Software
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"WinAVI Video Converter_is1" = WinAVI Video Converter 5.8
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YTdetect" = Yahoo! Detect
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/13/2011 11:34:16 PM | Computer Name = KRBSPC | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WPF2_32'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINXP\TEMP\dd_NET_Framework30_Setup495E.txt.

Error - 8/13/2011 11:34:16 PM | Computer Name = KRBSPC | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WCF'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINXP\TEMP\dd_NET_Framework30_Setup495E.txt.

Error - 8/13/2011 11:34:16 PM | Computer Name = KRBSPC | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WPF_1'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINXP\TEMP\dd_NET_Framework30_Setup495E.txt.

Error - 8/13/2011 11:34:16 PM | Computer Name = KRBSPC | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WF'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINXP\TEMP\dd_NET_Framework30_Setup495E.txt.

Error - 8/13/2011 11:34:16 PM | Computer Name = KRBSPC | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WPF_Other'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINXP\TEMP\dd_NET_Framework30_Setup495E.txt.

Error - 8/13/2011 11:34:16 PM | Computer Name = KRBSPC | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WF_32'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINXP\TEMP\dd_NET_Framework30_Setup495E.txt.

Error - 8/13/2011 11:34:16 PM | Computer Name = KRBSPC | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WPF2'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINXP\TEMP\dd_NET_Framework30_Setup495E.txt.

Error - 8/13/2011 11:34:16 PM | Computer Name = KRBSPC | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'XPS'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINXP\TEMP\dd_NET_Framework30_Setup495E.txt.

Error - 8/13/2011 11:34:16 PM | Computer Name = KRBSPC | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WCS'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINXP\TEMP\dd_NET_Framework30_Setup495E.txt.

Error - 8/13/2011 11:34:16 PM | Computer Name = KRBSPC | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'WPF_Other_32'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINXP\TEMP\dd_NET_Framework30_Setup495E.txt.

[ System Events ]
Error - 8/11/2011 6:49:30 PM | Computer Name = KRBSPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SMPLSCSI

Error - 8/12/2011 12:31:15 PM | Computer Name = KRBSPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SMPLSCSI

Error - 8/12/2011 3:13:13 PM | Computer Name = KRBSPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SMPLSCSI

Error - 8/12/2011 4:13:25 PM | Computer Name = KRBSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 8/12/2011 4:14:49 PM | Computer Name = KRBSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 8/12/2011 4:16:33 PM | Computer Name = KRBSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Error - 8/13/2011 1:03:51 AM | Computer Name = KRBSPC | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 8/13/2011 3:57:39 PM | Computer Name = KRBSPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SMPLSCSI

Error - 8/13/2011 11:34:25 PM | Computer Name = KRBSPC | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 8/14/2011 12:48:40 PM | Computer Name = KRBSPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SMPLSCSI

< End of report >

#3 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 18 August 2011 - 05:16 AM

Lets check for a rootkit

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#4 KellyB

New Member

Authentic Member
13 posts

Posted 18 August 2011 - 08:42 PM

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software Run date: 2011-08-18 19:34:07 ----------------------------- 19:34:07.171 OS Version: Windows 5.1.2600 Service Pack 3 19:34:07.171 Number of processors: 1 586 0x605 19:34:07.171 ComputerName: KRBSPC UserName: Kelly 19:34:09.140 Initialize success 19:34:10.343 AVAST engine defs: 11081801 19:34:14.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 19:34:14.656 Disk 0 Vendor: ST3120213AS 3.AHL Size: 114473MB BusType: 3 19:34:16.671 Disk 0 MBR read successfully 19:34:16.671 Disk 0 MBR scan 19:34:16.765 Disk 0 Windows XP default MBR code 19:34:16.781 Disk 0 scanning sectors +234436545 19:34:16.859 Disk 0 scanning C:\WINXP\system32\drivers 19:34:34.859 Service scanning 19:34:35.968 Modules scanning 19:35:27.406 Disk 0 trace - called modules: 19:35:27.421 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll ATAPI.SYS pciide.sys PCIIDEX.SYS 19:35:27.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85542ab8] 19:35:27.421 3 CLASSPNP.SYS[f75ecfd7] -> nt!IofCallDriver -> \Device\00000068[0x855452a0] 19:35:27.765 5 ACPI.sys[f7473620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8551c940] 19:35:28.093 AVAST engine scan C:\WINXP 19:35:48.578 AVAST engine scan C:\WINXP\system32 19:37:58.640 AVAST engine scan C:\WINXP\system32\drivers 19:38:18.281 AVAST engine scan C:\Documents and Settings\Kelly 19:38:20.562 AVAST engine scan C:\Documents and Settings\All Users.WINXP 19:38:20.609 Scan finished successfully 19:39:15.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kelly\Desktop\MBR.dat" 19:39:15.250 The log file has been saved successfully to "C:\Documents and Settings\Kelly\Desktop\aswMBR.txt"

#5 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 19 August 2011 - 02:46 AM

Good Morning,

Most times a rootkit type of infection ( that hides from most scanners ) can cause all sort of issues but aswMBR looks fine, When you ran Malwarebytes, did you update it first ? Open it, check for updates and run the Quick scan, if it finds anything then post the log for me to see.

Please download ATF Cleaner by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility. If you dont want to lose your log ins, just click on Select All and then uncheck cookies

Posted Image

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#6 KellyB

New Member

Authentic Member
13 posts

Posted 20 August 2011 - 04:59 PM

The ATF Cleaner link doesn't work, and I can't download it from someplace else. I ran the ESET scanner but it didn't scan anything (I think) and didn't find anything.

Attached Thumbnails

#7 KellyB

New Member

Authentic Member
13 posts

Posted 20 August 2011 - 05:05 PM

The previous run was from Firefox, and I tried again with IE and got the same instant, no scan result.

#8 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 20 August 2011 - 05:58 PM

Looks like the link for ATF Cleaner was pulled, thanks for the heads up, you can run this other cleaner, but first, you said you ran Malwarebytes, lets try it again, besure to check for updates first and then run the Quick scan, just post the log if it found anything, let me know either way.

Download TFC to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#9 KellyB

New Member

Authentic Member
13 posts

Posted 21 August 2011 - 02:14 PM

Ran TLC. Malwarebytes found and quarantined 1 item. Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7529 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/21/2011 12:46:46 PM mbam-log-2011-08-21 (12-46-46).txt Scan type: Quick scan Objects scanned: 210721 Time elapsed: 28 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\Kelly\my documents\downloads\setuplivingplay.exe (Adware.Gamevance) -> Quarantined and deleted successfully.

#10 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 21 August 2011 - 04:07 PM

Great How are things running now ?

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Advertisements

Register to Remove

#11 KellyB

New Member

Authentic Member
13 posts

Posted 21 August 2011 - 07:03 PM

Pogo games still won't load, and Firefox still closes unexpectedly. Would it help to run HijackThis?

#12 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 22 August 2011 - 02:45 AM

Good Morning,

Hijackthis is a bit outdated, we dont use it much anymore , running OTL like you did shows much more than Hijackthis can.

I doubt this program will find anything wrong but it cant hurt to run it

Please download TDSSKiller.zip

Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#13 KellyB

New Member

Authentic Member
13 posts

Posted 22 August 2011 - 06:52 PM

Kind of frustrating that nothing is found but the problems I mentioned just seem suspiciously like some hidden malware. Here's the report: 2011/08/22 17:48:28.0453 0972 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17 2011/08/22 17:48:29.0000 0972 ================================================================================ 2011/08/22 17:48:29.0000 0972 SystemInfo: 2011/08/22 17:48:29.0000 0972 2011/08/22 17:48:29.0000 0972 OS Version: 5.1.2600 ServicePack: 3.0 2011/08/22 17:48:29.0000 0972 Product type: Workstation 2011/08/22 17:48:29.0000 0972 ComputerName: KRBSPC 2011/08/22 17:48:29.0000 0972 UserName: Kelly 2011/08/22 17:48:29.0000 0972 Windows directory: C:\WINXP 2011/08/22 17:48:29.0000 0972 System windows directory: C:\WINXP 2011/08/22 17:48:29.0000 0972 Processor architecture: Intel x86 2011/08/22 17:48:29.0000 0972 Number of processors: 1 2011/08/22 17:48:29.0000 0972 Page size: 0x1000 2011/08/22 17:48:29.0000 0972 Boot type: Normal boot 2011/08/22 17:48:29.0000 0972 ================================================================================ 2011/08/22 17:48:29.0875 0972 Initialize success 2011/08/22 17:48:38.0296 2964 ================================================================================ 2011/08/22 17:48:38.0296 2964 Scan started 2011/08/22 17:48:38.0296 2964 Mode: Manual; 2011/08/22 17:48:38.0296 2964 ================================================================================ 2011/08/22 17:48:39.0421 2964 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINXP\system32\drivers\Aavmker4.sys 2011/08/22 17:48:39.0906 2964 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINXP\system32\DRIVERS\ACPI.sys 2011/08/22 17:48:40.0109 2964 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINXP\system32\drivers\ACPIEC.sys 2011/08/22 17:48:40.0437 2964 aec (8bed39e3c35d6a489438b8141717a557) C:\WINXP\system32\drivers\aec.sys 2011/08/22 17:48:40.0640 2964 AFD (355556d9e580915118cd7ef736653a89) C:\WINXP\System32\drivers\afd.sys 2011/08/22 17:48:42.0093 2964 ASPI32 (144fa0451138bedd54931aa84a32983b) C:\WINXP\system32\drivers\ASPI32.sys 2011/08/22 17:48:42.0281 2964 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINXP\system32\drivers\aswFsBlk.sys 2011/08/22 17:48:42.0484 2964 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINXP\system32\drivers\aswMon2.sys 2011/08/22 17:48:42.0671 2964 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINXP\system32\drivers\aswRdr.sys 2011/08/22 17:48:42.0859 2964 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINXP\system32\drivers\aswSP.sys 2011/08/22 17:48:43.0062 2964 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINXP\system32\drivers\aswTdi.sys 2011/08/22 17:48:43.0234 2964 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINXP\system32\DRIVERS\asyncmac.sys 2011/08/22 17:48:43.0421 2964 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINXP\system32\DRIVERS\ATAPI.SYS 2011/08/22 17:48:43.0859 2964 ati2mtag (8763ede3e0cd40f5c3450571ac57f205) C:\WINXP\system32\DRIVERS\ati2mtag.sys 2011/08/22 17:48:44.0171 2964 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINXP\system32\DRIVERS\atmarpc.sys 2011/08/22 17:48:44.0359 2964 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINXP\system32\DRIVERS\audstub.sys 2011/08/22 17:48:44.0562 2964 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINXP\System32\Drivers\BANTExt.sys 2011/08/22 17:48:44.0750 2964 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINXP\system32\drivers\Beep.sys 2011/08/22 17:48:44.0953 2964 btaudio (b0a533aa6c5ce5f51cf738bf7e5cb5c4) C:\WINXP\system32\drivers\btaudio.sys 2011/08/22 17:48:45.0187 2964 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINXP\system32\DRIVERS\btport.sys 2011/08/22 17:48:45.0359 2964 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINXP\system32\DRIVERS\BthEnum.sys 2011/08/22 17:48:45.0562 2964 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINXP\system32\DRIVERS\bthpan.sys 2011/08/22 17:48:45.0750 2964 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINXP\system32\Drivers\BTHport.sys 2011/08/22 17:48:45.0984 2964 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINXP\system32\Drivers\BTHUSB.sys 2011/08/22 17:48:46.0187 2964 BTKRNL (9ba609d995f7b708c62e53168df3ed2a) C:\WINXP\system32\DRIVERS\btkrnl.sys 2011/08/22 17:48:46.0437 2964 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINXP\system32\DRIVERS\btwdndis.sys 2011/08/22 17:48:46.0625 2964 btwhid (e48668b4a6a5cf68b33aecad18ee8e1e) C:\WINXP\system32\DRIVERS\btwhid.sys 2011/08/22 17:48:46.0812 2964 BTWUSB (ad7f4b81a3f8d330dd8382b7cf4df341) C:\WINXP\system32\Drivers\btwusb.sys 2011/08/22 17:48:46.0984 2964 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINXP\system32\drivers\cbidf2k.sys 2011/08/22 17:48:47.0156 2964 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINXP\system32\DRIVERS\CCDECODE.sys 2011/08/22 17:48:47.0484 2964 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINXP\system32\drivers\Cdaudio.sys 2011/08/22 17:48:47.0671 2964 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINXP\system32\drivers\Cdfs.sys 2011/08/22 17:48:47.0843 2964 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINXP\system32\DRIVERS\cdrom.sys 2011/08/22 17:48:48.0843 2964 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINXP\system32\DRIVERS\disk.sys 2011/08/22 17:48:49.0062 2964 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINXP\system32\drivers\dmboot.sys 2011/08/22 17:48:49.0265 2964 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINXP\system32\drivers\dmio.sys 2011/08/22 17:48:49.0453 2964 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINXP\system32\drivers\dmload.sys 2011/08/22 17:48:49.0625 2964 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINXP\system32\drivers\DMusic.sys 2011/08/22 17:48:49.0828 2964 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINXP\system32\DRIVERS\Dot4.sys 2011/08/22 17:48:50.0015 2964 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINXP\system32\DRIVERS\Dot4Prt.sys 2011/08/22 17:48:50.0328 2964 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINXP\system32\drivers\drmkaud.sys 2011/08/22 17:48:50.0562 2964 Fastfat (38d332a6d56af32635675f132548343e) C:\WINXP\system32\drivers\Fastfat.sys 2011/08/22 17:48:50.0734 2964 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINXP\system32\drivers\Fdc.sys 2011/08/22 17:48:50.0906 2964 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINXP\system32\drivers\Fips.sys 2011/08/22 17:48:51.0093 2964 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINXP\system32\drivers\Flpydisk.sys 2011/08/22 17:48:51.0265 2964 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINXP\system32\drivers\fltmgr.sys 2011/08/22 17:48:51.0468 2964 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINXP\system32\drivers\Fs_Rec.sys 2011/08/22 17:48:51.0640 2964 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINXP\system32\DRIVERS\ftdisk.sys 2011/08/22 17:48:51.0843 2964 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINXP\system32\DRIVERS\msgpc.sys 2011/08/22 17:48:52.0062 2964 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINXP\system32\DRIVERS\HDAudBus.sys 2011/08/22 17:48:52.0250 2964 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINXP\system32\DRIVERS\hidbth.sys 2011/08/22 17:48:52.0437 2964 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINXP\system32\DRIVERS\hidusb.sys 2011/08/22 17:48:52.0781 2964 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINXP\system32\DRIVERS\HPZid412.sys 2011/08/22 17:48:52.0968 2964 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINXP\system32\DRIVERS\HPZipr12.sys 2011/08/22 17:48:53.0156 2964 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINXP\system32\DRIVERS\HPZius12.sys 2011/08/22 17:48:53.0343 2964 HSFHWBS2 (5df616addb75c1ad36c1f9e4de0f7654) C:\WINXP\system32\DRIVERS\HSFHWBS2.sys 2011/08/22 17:48:53.0562 2964 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINXP\system32\DRIVERS\HSF_DP.sys 2011/08/22 17:48:53.0828 2964 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINXP\system32\Drivers\HTTP.sys 2011/08/22 17:48:54.0312 2964 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINXP\system32\DRIVERS\i8042prt.sys 2011/08/22 17:48:54.0484 2964 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINXP\system32\DRIVERS\imapi.sys 2011/08/22 17:48:54.0968 2964 IntcAzAudAddService (14b48553be78472d2bd3a518658a1710) C:\WINXP\system32\drivers\RtkHDAud.sys 2011/08/22 17:48:55.0437 2964 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINXP\system32\DRIVERS\intelppm.sys 2011/08/22 17:48:55.0625 2964 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINXP\system32\drivers\ip6fw.sys 2011/08/22 17:48:55.0812 2964 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINXP\system32\DRIVERS\ipfltdrv.sys 2011/08/22 17:48:55.0984 2964 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINXP\system32\DRIVERS\ipinip.sys 2011/08/22 17:48:56.0156 2964 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINXP\system32\DRIVERS\ipnat.sys 2011/08/22 17:48:56.0343 2964 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINXP\system32\DRIVERS\ipsec.sys 2011/08/22 17:48:56.0531 2964 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINXP\system32\DRIVERS\irenum.sys 2011/08/22 17:48:56.0718 2964 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINXP\system32\DRIVERS\isapnp.sys 2011/08/22 17:48:56.0890 2964 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINXP\system32\DRIVERS\kbdclass.sys 2011/08/22 17:48:57.0078 2964 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINXP\system32\DRIVERS\kbdhid.sys 2011/08/22 17:48:57.0250 2964 kmixer (692bcf44383d056aed41b045a323d378) C:\WINXP\system32\drivers\kmixer.sys 2011/08/22 17:48:57.0453 2964 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINXP\system32\DRIVERS\KMWDFILTER.sys 2011/08/22 17:48:57.0625 2964 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINXP\system32\drivers\KSecDD.sys 2011/08/22 17:48:57.0828 2964 LBeepKE (c99ba72106a858cb8b521bb4c02c93ed) C:\WINXP\system32\Drivers\LBeepKE.sys 2011/08/22 17:48:58.0171 2964 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\WINXP\system32\DRIVERS\LHidFilt.Sys 2011/08/22 17:48:58.0359 2964 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\WINXP\system32\DRIVERS\LMouFilt.Sys 2011/08/22 17:48:58.0546 2964 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINXP\system32\drivers\mbamswissarmy.sys 2011/08/22 17:48:58.0703 2964 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINXP\system32\DRIVERS\mdmxsdk.sys 2011/08/22 17:48:58.0890 2964 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINXP\system32\drivers\mnmdd.sys 2011/08/22 17:48:59.0078 2964 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINXP\system32\drivers\Modem.sys 2011/08/22 17:48:59.0265 2964 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINXP\system32\DRIVERS\mouclass.sys 2011/08/22 17:48:59.0468 2964 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINXP\system32\DRIVERS\mouhid.sys 2011/08/22 17:48:59.0656 2964 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINXP\system32\drivers\MountMgr.sys 2011/08/22 17:49:00.0046 2964 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINXP\system32\DRIVERS\mrxdav.sys 2011/08/22 17:49:00.0234 2964 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINXP\system32\DRIVERS\mrxsmb.sys 2011/08/22 17:49:00.0421 2964 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINXP\system32\drivers\Msfs.sys 2011/08/22 17:49:00.0640 2964 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINXP\system32\drivers\MSKSSRV.sys 2011/08/22 17:49:00.0812 2964 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINXP\system32\drivers\MSPCLOCK.sys 2011/08/22 17:49:00.0984 2964 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINXP\system32\drivers\MSPQM.sys 2011/08/22 17:49:01.0156 2964 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINXP\system32\DRIVERS\mssmbios.sys 2011/08/22 17:49:01.0562 2964 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINXP\system32\drivers\MSTEE.sys 2011/08/22 17:49:02.0000 2964 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINXP\system32\drivers\Mup.sys 2011/08/22 17:49:02.0484 2964 n558 (88705dc61b9275b82e48904d53031f5b) C:\WINXP\system32\Drivers\n558.sys 2011/08/22 17:49:02.0921 2964 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINXP\system32\DRIVERS\NABTSFEC.sys 2011/08/22 17:49:03.0406 2964 NDIS (1df7f42665c94b825322fae71721130d) C:\WINXP\system32\drivers\NDIS.sys 2011/08/22 17:49:03.0765 2964 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINXP\system32\DRIVERS\NdisIP.sys 2011/08/22 17:49:03.0968 2964 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINXP\system32\DRIVERS\ndistapi.sys 2011/08/22 17:49:04.0234 2964 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINXP\system32\DRIVERS\ndisuio.sys 2011/08/22 17:49:04.0640 2964 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINXP\system32\DRIVERS\ndiswan.sys 2011/08/22 17:49:04.0890 2964 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINXP\system32\drivers\NDProxy.sys 2011/08/22 17:49:05.0062 2964 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINXP\system32\DRIVERS\netbios.sys 2011/08/22 17:49:05.0234 2964 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINXP\system32\DRIVERS\netbt.sys 2011/08/22 17:49:05.0453 2964 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINXP\system32\drivers\Npfs.sys 2011/08/22 17:49:05.0640 2964 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINXP\system32\drivers\Ntfs.sys 2011/08/22 17:49:05.0906 2964 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINXP\system32\drivers\Null.sys 2011/08/22 17:49:06.0093 2964 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINXP\system32\DRIVERS\nwlnkflt.sys 2011/08/22 17:49:06.0281 2964 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINXP\system32\DRIVERS\nwlnkfwd.sys 2011/08/22 17:49:06.0484 2964 ONSIO (fb7630d5723440f1a7d33d6d219e7cdd) C:\WINXP\SYSTEM32\DRIVERS\ONSIO.SYS 2011/08/22 17:49:06.0687 2964 oxmep (b065bcd0efcbc4c9a1b92ca71d1e156b) C:\WINXP\system32\DRIVERS\oxmep.sys 2011/08/22 17:49:06.0890 2964 oxpar (0b2f22e758a459b87a06689a8fedf63e) C:\WINXP\system32\DRIVERS\oxpar.sys 2011/08/22 17:49:07.0109 2964 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINXP\system32\drivers\Parport.sys 2011/08/22 17:49:07.0296 2964 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINXP\system32\drivers\PartMgr.sys 2011/08/22 17:49:07.0468 2964 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINXP\system32\drivers\ParVdm.sys 2011/08/22 17:49:07.0640 2964 PCI (a219903ccf74233761d92bef471a07b1) C:\WINXP\system32\DRIVERS\pci.sys 2011/08/22 17:49:07.0984 2964 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINXP\system32\DRIVERS\pciide.sys 2011/08/22 17:49:08.0343 2964 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINXP\system32\drivers\Pcmcia.sys 2011/08/22 17:49:09.0828 2964 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINXP\system32\DRIVERS\raspptp.sys 2011/08/22 17:49:10.0015 2964 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINXP\system32\DRIVERS\psched.sys 2011/08/22 17:49:10.0203 2964 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINXP\system32\DRIVERS\ptilink.sys 2011/08/22 17:49:10.0390 2964 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINXP\system32\Drivers\PxHelp20.sys 2011/08/22 17:49:11.0343 2964 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINXP\system32\DRIVERS\rasacd.sys 2011/08/22 17:49:11.0515 2964 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINXP\system32\DRIVERS\rasl2tp.sys 2011/08/22 17:49:11.0687 2964 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINXP\system32\DRIVERS\raspppoe.sys 2011/08/22 17:49:11.0875 2964 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINXP\system32\DRIVERS\raspti.sys 2011/08/22 17:49:12.0046 2964 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINXP\system32\DRIVERS\rdbss.sys 2011/08/22 17:49:12.0250 2964 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINXP\system32\DRIVERS\RDPCDD.sys 2011/08/22 17:49:12.0421 2964 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINXP\system32\DRIVERS\rdpdr.sys 2011/08/22 17:49:12.0625 2964 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINXP\system32\drivers\RDPWD.sys 2011/08/22 17:49:12.0796 2964 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINXP\system32\DRIVERS\redbook.sys 2011/08/22 17:49:13.0000 2964 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINXP\system32\DRIVERS\rfcomm.sys 2011/08/22 17:49:13.0187 2964 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINXP\system32\DRIVERS\Rtnicxp.sys 2011/08/22 17:49:13.0359 2964 rtl8139 (d507c1400284176573224903819ffda3) C:\WINXP\system32\DRIVERS\RTL8139.SYS 2011/08/22 17:49:13.0562 2964 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINXP\system32\DRIVERS\secdrv.sys 2011/08/22 17:49:13.0750 2964 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINXP\system32\drivers\Serial.sys 2011/08/22 17:49:13.0921 2964 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINXP\system32\drivers\Sfloppy.sys 2011/08/22 17:49:14.0265 2964 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINXP\system32\DRIVERS\SLIP.sys 2011/08/22 17:49:14.0437 2964 SMPLSCSI (da949a74f097247530b279d70fb318c4) C:\WINXP\system32\drivers\SMPLSCSI.SYS 2011/08/22 17:49:14.0625 2964 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\WINXP\system32\DRIVERS\snapman.sys 2011/08/22 17:49:14.0937 2964 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINXP\system32\drivers\splitter.sys 2011/08/22 17:49:15.0125 2964 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINXP\system32\DRIVERS\sr.sys 2011/08/22 17:49:15.0328 2964 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINXP\system32\DRIVERS\srv.sys 2011/08/22 17:49:15.0531 2964 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINXP\system32\DRIVERS\StreamIP.sys 2011/08/22 17:49:15.0703 2964 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINXP\system32\DRIVERS\swenum.sys 2011/08/22 17:49:15.0890 2964 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINXP\system32\drivers\swmidi.sys 2011/08/22 17:49:16.0671 2964 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINXP\system32\drivers\sysaudio.sys 2011/08/22 17:49:16.0875 2964 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINXP\system32\DRIVERS\tcpip.sys 2011/08/22 17:49:17.0062 2964 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINXP\system32\drivers\TDPIPE.sys 2011/08/22 17:49:17.0250 2964 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINXP\system32\drivers\TDTCP.sys 2011/08/22 17:49:17.0421 2964 TermDD (88155247177638048422893737429d9e) C:\WINXP\system32\DRIVERS\termdd.sys 2011/08/22 17:49:17.0609 2964 tifsfilter (1ad143f1779f87996b20979cf4b48714) C:\WINXP\system32\DRIVERS\tifsfilt.sys 2011/08/22 17:49:17.0812 2964 timounter (64694b2a5c772e1c61feac300ed90ca6) C:\WINXP\system32\DRIVERS\timntr.sys 2011/08/22 17:49:18.0187 2964 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINXP\system32\drivers\Udfs.sys 2011/08/22 17:49:18.0546 2964 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINXP\system32\DRIVERS\update.sys 2011/08/22 17:49:18.0765 2964 usbaudio (e919708db44ed8543a7c017953148330) C:\WINXP\system32\drivers\usbaudio.sys 2011/08/22 17:49:19.0078 2964 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINXP\system32\DRIVERS\usbccgp.sys 2011/08/22 17:49:19.0406 2964 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINXP\system32\DRIVERS\usbehci.sys 2011/08/22 17:49:19.0578 2964 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINXP\system32\DRIVERS\usbhub.sys 2011/08/22 17:49:19.0906 2964 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINXP\system32\DRIVERS\usbohci.sys 2011/08/22 17:49:20.0125 2964 usbprint (a717c8721046828520c9edf31288fc00) C:\WINXP\system32\DRIVERS\usbprint.sys 2011/08/22 17:49:20.0312 2964 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINXP\system32\DRIVERS\usbscan.sys 2011/08/22 17:49:20.0484 2964 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINXP\system32\DRIVERS\USBSTOR.SYS 2011/08/22 17:49:20.0656 2964 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINXP\system32\DRIVERS\usbuhci.sys 2011/08/22 17:49:20.0843 2964 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINXP\system32\DRIVERS\usb8023.sys 2011/08/22 17:49:21.0031 2964 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINXP\System32\drivers\vga.sys 2011/08/22 17:49:21.0375 2964 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINXP\system32\drivers\VolSnap.sys 2011/08/22 17:49:21.0562 2964 vulfnths (c0f55cc0903cfdc819f6d857402b697c) C:\WINXP\System32\Drivers\vulfnth.sys 2011/08/22 17:49:21.0750 2964 vulfntrs (545d98a7f61af1c7c4ad38b8f333e0b7) C:\WINXP\System32\Drivers\vulfntr.sys 2011/08/22 17:49:21.0921 2964 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINXP\system32\DRIVERS\wanarp.sys 2011/08/22 17:49:22.0125 2964 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINXP\system32\Drivers\wdf01000.sys 2011/08/22 17:49:22.0468 2964 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINXP\system32\drivers\wdmaud.sys 2011/08/22 17:49:22.0718 2964 winachsf (473ee64c368ce2eed110376c11960259) C:\WINXP\system32\DRIVERS\HSF_CNXT.sys 2011/08/22 17:49:23.0015 2964 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINXP\system32\DRIVERS\WSTCODEC.SYS 2011/08/22 17:49:23.0093 2964 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 2011/08/22 17:49:23.0265 2964 Boot (0x1200) (0b06f2cee9cb9c56bd3654e29674b131) \Device\Harddisk0\DR0\Partition0 2011/08/22 17:49:23.0296 2964 Boot (0x1200) (7db389bc2a1f9af452683a9f708339df) \Device\Harddisk0\DR0\Partition1 2011/08/22 17:49:23.0328 2964 Boot (0x1200) (cb5824a667ccdd9cfa3208d9e854d390) \Device\Harddisk0\DR0\Partition2 2011/08/22 17:49:23.0328 2964 ================================================================================ 2011/08/22 17:49:23.0328 2964 Scan finished 2011/08/22 17:49:23.0328 2964 ================================================================================ 2011/08/22 17:49:23.0359 3356 Detected object count: 0 2011/08/22 17:49:23.0359 3356 Actual detected object count: 0

#14 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 22 August 2011 - 07:06 PM

Kelly,

This tool would have found and removed a rootkit and it found nothing, :thumbup:

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#15 KellyB

New Member

Authentic Member
13 posts

Posted 22 August 2011 - 08:44 PM

Ok, ran Combofix. Report follows. Also, it reset my default browser to IE but Pogo games still don't load but this time the "cannot connect to server" window popped up as a separate window and immediately disappeared, and I got a message that it was trying to close my (window or tab, I forgot), so I said no, and now the Pogo game page is mostly blank.

The file AdmDll.dll that it deleted is used by Remote Administrator when my son connects to my PC to help (that's him typing now) so we put it back.

ComboFix 11-08-22.04 - Kelly 08/22/2011 18:45:43.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.139 [GMT -7:00]
Running from: c:\documents and settings\Kelly\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Kelly\WINDOWS
c:\winxp\system32\AdmDll.dll
c:\winxp\system32\ccrpTmr6.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-23 to 2011-08-23 )))))))))))))))))))))))))))))))
.
.
2011-08-20 22:49 . 2011-08-20 22:49 -------- d-----w- c:\program files\ESET
2011-08-20 00:04 . 2011-08-20 00:05 -------- d-----w- c:\winxp\system32\Adobe
2011-08-17 21:06 . 2011-08-17 21:15 -------- d-----w- c:\program files\GameVelvet
2011-08-16 01:44 . 2008-06-10 06:50 37280 ----a-w- c:\winxp\system32\drivers\btwmodem.sys
2011-08-16 01:25 . 2011-08-16 01:25 -------- d-----w- c:\documents and settings\Kelly\Bluetooth Software
2011-08-16 01:18 . 2008-06-10 06:50 74656 ----a-w- c:\winxp\system32\drivers\btwusb.sys
2011-08-16 01:18 . 2008-06-10 06:49 55352 ----a-w- c:\winxp\system32\drivers\btwhid.sys
2011-08-16 01:18 . 2008-06-10 06:49 37424 ----a-w- c:\winxp\system32\drivers\btport.sys
2011-08-16 01:18 . 2008-06-10 06:49 156392 ----a-w- c:\winxp\system32\drivers\btwdndis.sys
2011-08-16 01:18 . 2008-06-10 06:49 106557 ----a-w- c:\winxp\system32\btw_ci.dll
2011-08-16 01:18 . 2008-06-10 06:49 879496 ----a-w- c:\winxp\system32\drivers\btkrnl.sys
2011-08-16 01:18 . 2008-06-10 06:49 539432 ----a-w- c:\winxp\system32\drivers\btaudio.sys
2011-08-16 01:17 . 2011-08-16 01:17 -------- d-----w- c:\program files\WIDCOMM
2011-08-15 03:56 . 2011-08-15 03:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-08-15 03:56 . 2011-08-15 03:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-08-15 03:56 . 2011-08-15 03:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-08-15 03:56 . 2011-08-15 03:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-08-15 03:56 . 2011-08-15 03:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-08-15 03:56 . 2011-08-15 03:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-08-15 03:56 . 2011-08-15 03:56 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-08-15 03:55 . 2011-08-15 03:56 -------- d-----w- c:\program files\QuickTime
2011-08-15 03:55 . 2011-08-15 03:55 -------- d-----w- c:\documents and settings\All Users.WINXP\Application Data\Apple Computer
2011-08-15 03:53 . 2011-08-15 03:53 -------- d-----w- c:\program files\Common Files\Apple
2011-08-15 03:52 . 2011-08-15 03:52 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\Apple
2011-08-15 03:52 . 2011-08-15 03:52 -------- d-----w- c:\program files\Apple Software Update
2011-08-15 03:52 . 2011-08-15 03:52 -------- d-----w- c:\documents and settings\All Users.WINXP\Application Data\Apple
2011-08-15 00:48 . 2011-08-15 00:48 73728 ----a-w- c:\winxp\system32\javacpl.cpl
2011-08-15 00:48 . 2011-08-15 00:48 -------- d-----w- c:\program files\Java
2011-08-13 20:51 . 2011-08-15 00:48 472808 ----a-w- c:\winxp\system32\deployJava1.dll
2011-08-10 03:16 . 2011-06-24 14:10 139656 -c----w- c:\winxp\system32\dllcache\rdpwd.sys
2011-08-10 03:13 . 2011-07-08 14:02 10496 -c----w- c:\winxp\system32\dllcache\ndistapi.sys
2011-08-05 17:14 . 2011-08-05 17:14 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\Power2Go
2011-08-04 23:40 . 2001-08-30 04:00 59904 ----a-w- c:\winxp\system32\wbemdisp.tlb
2011-08-04 23:40 . 1998-07-22 07:00 102912 ----a-w- c:\winxp\system32\Vb6stkit.dll
2011-08-04 23:40 . 1998-07-22 07:00 102160 ----a-w- c:\winxp\system32\VB6KO.DLL
2011-08-04 23:40 . 1998-06-24 07:00 115016 ----a-w- c:\winxp\system32\MSINET.OCX
2011-08-04 23:38 . 2011-08-04 23:38 -------- d-----w- c:\documents and settings\Kelly\Application Data\CyberLink
2011-08-04 23:34 . 2011-08-04 23:41 -------- d-----w- c:\program files\CyberLink
2011-08-04 23:34 . 2011-08-04 23:42 -------- d-----w- c:\documents and settings\All Users.WINXP\Application Data\CyberLink
2011-08-04 00:15 . 2011-08-04 00:15 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-04 00:15 . 2011-08-04 00:15 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-01 21:35 . 2011-08-01 21:37 -------- dc-h--w- c:\winxp\ie8
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-06 04:48 . 2011-07-05 20:05 404640 ----a-w- c:\winxp\system32\FlashPlayerCPLApp.cpl
2011-08-04 23:32 . 2011-02-12 23:28 16400 ----a-w- c:\winxp\system32\drivers\LNonPnP.sys
2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\winxp\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-04 12:00 10496 ----a-w- c:\winxp\system32\drivers\ndistapi.sys
2011-07-07 02:52 . 2011-04-27 03:35 41272 ----a-w- c:\winxp\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2011-04-27 03:35 22712 ----a-w- c:\winxp\system32\drivers\mbam.sys
2011-07-06 01:37 . 2011-07-06 01:37 94208 ----a-w- c:\winxp\system32\QuickTimeVR.qtx
2011-07-06 01:37 . 2011-07-06 01:37 69632 ----a-w- c:\winxp\system32\QuickTime.qts
2011-06-24 14:10 . 2008-01-27 23:42 139656 ----a-w- c:\winxp\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-04 12:00 916480 ----a-w- c:\winxp\system32\wininet.dll
2011-06-23 18:36 . 2004-08-04 12:00 43520 ------w- c:\winxp\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-04 12:00 1469440 ------w- c:\winxp\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 12:00 385024 ------w- c:\winxp\system32\html.iec
2011-06-20 17:44 . 2004-08-04 12:00 293376 ----a-w- c:\winxp\system32\winsrv.dll
2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\winxp\system32\win32k.sys
2011-08-04 00:15 . 2011-04-03 02:54 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"CreativeMouse "="c:\program files\Mouse Driver\MouseDrv.exe" [2004-06-27 503808]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-20 222504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
.
c:\documents and settings\Kelly\Start Menu\Programs\Startup\
Shortcut to Nkboard.exe.lnk - c:\noisykey\Nkboard.exe [1998-12-21 28672]
.
c:\documents and settings\All Users.WINXP\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-11 576104]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINXP^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users.WINXP\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\winxp\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINXP^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users.WINXP\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\winxp\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINXP^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINXP\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\winxp\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Kelly^Start Menu^Programs^Startup^Ulead Product Tour.lnk]
path=c:\documents and settings\Kelly\Start Menu\Programs\Startup\Ulead Product Tour.lnk
backup=c:\winxp\pss\Ulead Product Tour.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-01-31 21:01 140832 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-01-31 21:03 1862112 ----a-w- c:\program files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 15:20 57344 ----a-w- c:\winxp\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-08-22 17:52 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\winxp\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\winxp\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 09:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2006-07-17 03:35 204843 ----a-w- c:\progra~1\INCRED~1\bin\IncMail.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2004-04-14 22:04 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-13 00:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2007-09-04 21:52 54576 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
2007-02-23 03:53 2209224 ----a-w- c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2004-04-14 21:46 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-02-03 16:32 18085888 ----a-w- c:\winxp\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-08-23 17:30 2879488 ----a-w- c:\winxp\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 17:22 155648 ------w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-01-31 20:59 1129232 ----a-w- c:\program files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acronis\\TrueImageWorkstation\\TrueImage.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"c:\\WINXP\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\WINXP\\system32\\r_server.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 aswSP;aswSP;c:\winxp\system32\drivers\aswSP.sys [12/19/2010 12:18 PM 165584]
R1 oxpar;%OXPAR.SVCDESC%;c:\winxp\system32\drivers\oxpar.sys [2/2/2008 1:21 PM 80128]
R2 aswFsBlk;aswFsBlk;c:\winxp\system32\drivers\aswFsBlk.sys [12/19/2010 12:18 PM 17744]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\winxp\system32\drivers\LBeepKE.sys [2/12/2011 4:27 PM 10448]
R3 oxmep;OXPCI support driver;c:\winxp\system32\drivers\oxmep.sys [2/2/2008 1:21 PM 5120]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/2/2010 10:26 AM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/2/2010 10:26 AM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\winxp\system32\drivers\mbamswissarmy.sys [4/26/2011 8:35 PM 41272]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-23 c:\winxp\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-02 17:26]
.
2011-08-23 c:\winxp\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-02 17:26]
.
2011-08-22 c:\winxp\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-2139871995-725345543-1003Core.job
- c:\documents and settings\Kelly\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-13 22:09]
.
2011-08-23 c:\winxp\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-2139871995-725345543-1003UA.job
- c:\documents and settings\Kelly\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-13 22:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Kelly\Application Data\Mozilla\Firefox\Profiles\oczf82m1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Magentic - c:\progra~1\Magentic\bin\Magentic.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-SiteRanker - c:\program files\SiteRanker\SiteRankTray.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-Uninstall_CToolbar - c:\docume~1\Kelly\LOCALS~1\Temp\CUninst.exe
MSConfigStartUp-WireLessMouse - c:\program files\Multimedia Mouse Driver\StartAutorun.exe
AddRemove-HaaliMkx - c:\program files\Haali\MatroskaSplitter\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-22 19:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-329068152-2139871995-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:35,19,cf,4d,51,bf,45,4a,ec,ff,bb,d4,a9,79,e0,9b,03,e3,8a,01,d2,
b1,11,79,81,c7,25,62,89,a7,cc,8d,96,d9,dd,16,75,8b,e5,36,d2,aa,f8,3f,a9,ec,\
"rkeysecu"=hex:74,3c,5e,77,e0,fd,4f,4c,ac,f4,90,4f,8a,e1,79,ce
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1012)
c:\winxp\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(3680)
c:\winxp\system32\WININET.dll
c:\winxp\system32\btmmhook.dll
c:\winxp\system32\ieframe.dll
c:\winxp\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\winxp\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\winxp\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\winxp\system32\rundll32.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\winxp\system32\HPZipm12.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\winxp\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2011-08-22 19:10:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-23 02:10
.
Pre-Run: 42,013,810,688 bytes free
Post-Run: 41,888,186,368 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINXP
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINXP="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 07A69BD97340324BC575D72586F33CD7

Body Background

skin color theme