Valued Member
My sister has some kind of redirector on her computer that, from what she told me, popped up to tell her it was 'Antimalware Doctor'... when she brought me the computer, she didn't have her firewall on, nor did she have any antivirus software installed... (she doesn't know much about computers) so i've since turned on the firewall and installed Agast.. I did a full scan with Avast when i had it installed, and it only could delete one threat.. the rest were read only.. I cant recall the name, and her computer shut down on me (unrelated to this issue, her cord is loose) I know it started with a B and ended with '-X' and when i googled it, it said it was a redirector... anyway... I went to the 'Before you start' thread and did what that told me to do, with some difficulty considering the redirector lol...
Here are the logs (it wouldnt let me download the TFC and OTL said it couldnt write to the file, so no log)
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Database version: 4554
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
9/6/2010 11:24:56 AM
mbam-log-2010-09-06 (11-24-56).txt
Scan type: Quick scan
Objects scanned: 136630
Time elapsed: 18 minute(s), 11 second(s)
Memory Processes Infected: 21
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 26
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 62
Memory Processes Infected:
C:\Users\chelsie\AppData\Roaming\antispy.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\Ivd.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\Ivg.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\yvz8r0apu.exe (Malware.Packer.Gen) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\uk6k00gr4.exe (Malware.Packer.Gen) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\win32.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\sysedit.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\debug.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\avp.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\nvsvc32.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\gdi32.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\win16.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\drweb.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\login.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\win.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\iexplarer.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\spoolsv.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\1614360016.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\svchost.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\avp32.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\.COMMgr\complmgr.exe (Trojan.Agent) -> No action taken.
Memory Modules Infected:
C:\Users\chelsie\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll (Rogue.DiskCleanUp) -> No action taken.
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Amnesiac (Trojan.Agent) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\desktop cleanup wizard (Rogue.DiskCleanUp) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\xbv6rd5szf (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnocg (Malware.Packer.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefngop (Malware.Packer.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnsd (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefngp (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnxb (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnoc (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnd (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefny (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnz9 (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnzp (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnfq (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnrc (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnsb (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnqe (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnf (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefntpf (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnwg (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnzy+lsie\appdata\local\temp\ 1614360016.exe (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnth (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnep (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\com+ manager (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\winid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\mediafix70700en02.exe (Trojan.FakeAlert) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\chelsie\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll (Rogue.DiskCleanUp) -> No action taken.
C:\Users\chelsie\AppData\Roaming\antispy.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\Ivd.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\Ivg.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\yvz8r0apu.exe (Malware.Packer.Gen) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\uk6k00gr4.exe (Malware.Packer.Gen) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\taskmgr.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\win32.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\sysedit.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\debug.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\avp.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\cmd.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\nvsvc32.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\gdi32.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\win16.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\winamp.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\drweb.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\login.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\win.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\iexplarer.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\spoolsv.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\1614360016.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\svchost.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\avp32.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\thuurs.exe (Malware.Packer.Gen) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\tusqol.dll (Trojan.Hiloti.Gen) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\1621360972.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\1705270972.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\bm4lcv9m.dll (Trojan.Ertfor) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\Ivc.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\Ive.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\Ivf.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\Ivh.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\jyacy95.dll (Trojan.Ertfor) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\jytr.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\setup.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\2284308032.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\escxanomrw.exe (Rootkit.Dropper) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\v28hhwz6uk6nd. exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\iexplorer.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\ihoc30.exe (Malware.Packer.Gen) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\sxcfgslr.exe (Trojan.Hiloti.Gen) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\gfwzib4exhtwu. exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\_TU5B87.tmp (Rogue.DiskCleanUp) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\wvvsqr.dll (Trojan.Hiloti.Gen) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\cac5C84.tmp (Trojan.Agent) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\ybsidifk.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\2198820032.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\3855422240.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\3924936240.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\knam.exe (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\zl4yd5.exe (Malware.Packer.Gen) -> No action taken.
C:\Users\chelsie\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Users\chelsie\AppData\Roaming\Microsoft\Interne t Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Users\chelsie\AppData\Roaming\Microsoft\Windows \Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Users\chelsie\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> No action taken.
C:\Users\chelsie\AppData\Local\Temp\skaioejiesfjoe e.tmp (Malware.Trace) -> No action taken.
C:\Users\chelsie\.COMMgr\complmgr.exe (Trojan.Agent) -> No action taken.
C:\Users\chelsie\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> No action taken.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\Users\chelsie\AppData\Roaming\791FF8A7294518B6E AE2B917F1341F0A\mediafix70700en02.exe (Trojan.FakeAlert) -> No action taken.
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-07 17:14:56
Windows 6.1.7600
Running: pl0xnhch.exe; Driver: C:\Users\chelsie\AppData\Local\Temp\kxrdafod.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83245AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83245104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832453F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8322E2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8322D898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832451DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83245958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832456F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83245F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832461A8
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8E41EB9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8E41E9C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8E41EAFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E5E599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E82F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!ZwLoadDriver 82FBC291 7 Bytes JMP 8E41EAFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83023FBF 5 Bytes JMP 8E41A5B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 8303DCF3 5 Bytes JMP 8E41BFD2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 8304BD63 7 Bytes JMP 8E41E9C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 830F5EAC 7 Bytes JMP 8E41EBA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text peauth.sys 96F6DC9D 28 Bytes [0F, 61, 94, 21, 49, 90, 85, ...]
.text peauth.sys 96F6DCC1 28 Bytes [0F, 61, 94, 21, 49, 90, 85, ...]
PAGE peauth.sys 96F73B9B 72 Bytes [A7, 5A, 9A, 99, C7, 4D, C2, ...]
PAGE peauth.sys 96F73BEC 111 Bytes [90, 8E, 7F, A7, B8, 57, AB, ...]
PAGE peauth.sys 96F7402C 102 Bytes [47, A6, DF, E0, C1, D8, 4C, ...]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[944] ntdll.dll!LdrLoadDll 7778F585 5 Bytes JMP 010513F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[944] WS2_32.dll!closesocket 75C03BED 5 Bytes JMP 0006660B
.text C:\Program Files\Mozilla Firefox\firefox.exe[944] WS2_32.dll!recv 75C047DF 5 Bytes JMP 000663C0
.text C:\Program Files\Mozilla Firefox\firefox.exe[944] WS2_32.dll!WSASend 75C068A7 5 Bytes JMP 00066477
.text C:\Program Files\Mozilla Firefox\firefox.exe[944] WS2_32.dll!WSARecv 75C0C29F 5 Bytes JMP 00066511
.text C:\Program Files\Mozilla Firefox\firefox.exe[944] WS2_32.dll!send 75C0C4C8 5 Bytes JMP 0006634D
.text C:\Windows\Explorer.EXE[1412] kernel32.dll!CreateProcessInternalW 776A42CE 5 Bytes JMP 0047874A
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000079 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\BTHUSB \Device\0000007b bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\001a6bf361a5
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upg rade\LocalRadioSettings
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\001a6bf361a5 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade \LocalRadioSettings (not active ControlSet)
---- EOF - GMER 1.0.15 ----
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv9500 Notebook PC
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 165):
0x82E1B000 \SystemRoot\system32\ntkrnlpa.exe
0x8322B000 \SystemRoot\system32\halmacpi.dll
0x80BD5000 \SystemRoot\system32\kdcom.dll
0x88621000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x8862C000 \SystemRoot\system32\PSHED.dll
0x8863D000 \SystemRoot\system32\BOOTVID.dll
0x88645000 \SystemRoot\system32\CLFS.SYS
0x88687000 \SystemRoot\system32\CI.dll
0x88732000 \SystemRoot\system32\drivers\Wdf01000.sys
0x887A3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x887B1000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x88600000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x88609000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8880A000 \SystemRoot\system32\DRIVERS\pci.sys
0x88834000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8883F000 \SystemRoot\System32\drivers\partmgr.sys
0x88850000 \SystemRoot\system32\DRIVERS\pciide.sys
0x88857000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x88865000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x88875000 \SystemRoot\System32\drivers\volmgrx.sys
0x888C0000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x888C8000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x888D3000 \SystemRoot\System32\drivers\mountmgr.sys
0x888E9000 \SystemRoot\system32\DRIVERS\atapi.sys
0x888F2000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x88915000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8891E000 \SystemRoot\system32\drivers\fltmgr.sys
0x88952000 \SystemRoot\system32\drivers\fileinfo.sys
0x88A38000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88B67000 \SystemRoot\System32\Drivers\msrpc.sys
0x88B92000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88963000 \SystemRoot\System32\Drivers\cng.sys
0x88BA5000 \SystemRoot\System32\drivers\pcw.sys
0x88BB3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x88C34000 \SystemRoot\system32\drivers\ndis.sys
0x88CEB000 \SystemRoot\system32\drivers\NETIO.SYS
0x88D29000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x88E25000 \SystemRoot\System32\drivers\tcpip.sys
0x88F6E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88F9F000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x88FA8000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x88FE7000 \SystemRoot\System32\Drivers\spldr.sys
0x88D4E000 \SystemRoot\System32\drivers\rdyboost.sys
0x88FEF000 \SystemRoot\System32\Drivers\mup.sys
0x88E00000 \SystemRoot\System32\drivers\hwpolicy.sys
0x88D7B000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x88E08000 \SystemRoot\system32\DRIVERS\disk.sys
0x88DAD000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x88C00000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x88C1F000 \SystemRoot\System32\Drivers\Null.SYS
0x88C26000 \SystemRoot\System32\Drivers\Beep.SYS
0x88BBC000 \SystemRoot\System32\drivers\vga.sys
0x88BC8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x88BE9000 \SystemRoot\System32\drivers\watchdog.sys
0x88BF6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x88A00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x88A08000 \SystemRoot\system32\drivers\rdprefmp.sys
0x88A10000 \SystemRoot\System32\Drivers\Msfs.SYS
0x88A1B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x889C0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x88A29000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x889D7000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8E009000 \SystemRoot\system32\drivers\afd.sys
0x8E063000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8E068000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E09A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8E0A1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E0C0000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8E0D1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E0DF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E0F2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E102000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E143000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E14D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E157000 \SystemRoot\System32\drivers\discache.sys
0x8E163000 \SystemRoot\system32\drivers\csc.sys
0x8E1C7000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E1DF000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8E409000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8E430000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8E451000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8E463000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E467000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E470000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8E47A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E4C5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E4D4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E4DA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E4F9000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x8E525000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8E53E000 \SystemRoot\system32\DRIVERS\nvm62x32.sys
0x8E235000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8E34D000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x8E357000 \SystemRoot\system32\DRIVERS\vgapnp.sys
0x8E364000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E37C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E389000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E396000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8E3A3000 \SystemRoot\System32\Drivers\RootMdm.sys
0x8E3AB000 \SystemRoot\system32\drivers\modem.sys
0x8E3B8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8E3CA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E3E2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E200000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E593000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E5AB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E5C2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E222000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x8E229000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8E233000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8DA27000 \SystemRoot\system32\DRIVERS\ks.sys
0x8DA5B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8DA69000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8DAAD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8DABE000 \SystemRoot\system32\drivers\HdAudio.sys
0x8DB0E000 \SystemRoot\system32\drivers\portcls.sys
0x8DB3D000 \SystemRoot\system32\drivers\drmk.sys
0x8DB56000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS
0x8EA31000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
0x8EB33000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
0x8EBE8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8EA00000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8EA02000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8DB93000 \SystemRoot\System32\Drivers\bthport.sys
0x8DA00000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8EA14000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8E5D9000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x889E1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9060B000 \SystemRoot\System32\Drivers\usbvideo.sys
0x91660000 \SystemRoot\System32\win32k.sys
0x9062F000 \SystemRoot\System32\drivers\Dxapi.sys
0x918B0000 \SystemRoot\System32\drivers\dxg.sys
0x90639000 \SystemRoot\system32\DRIVERS\monitor.sys
0x918E0000 \SystemRoot\System32\TSDDD.dll
0x91960000 \SystemRoot\System32\framebuf.dll
0x90644000 \SystemRoot\system32\DRIVERS\udfs.sys
0x90684000 \SystemRoot\System32\Drivers\fastfat.SYS
0x906AE000 \SystemRoot\System32\Drivers\crashdmp.sys
0x906BB000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x906C6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x906CF000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x906E0000 \SystemRoot\system32\drivers\luafv.sys
0x906FB000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x90712000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x90715000 \SystemRoot\system32\drivers\WudfPf.sys
0x9072F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9073F000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x90785000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x90795000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x96E3F000 \SystemRoot\system32\drivers\HTTP.sys
0x96EC4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x96EDD000 \SystemRoot\System32\drivers\mpsdrv.sys
0x96EEF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x96F12000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x96F4D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x96F68000 \SystemRoot\system32\drivers\peauth.sys
0x96E00000 \SystemRoot\System32\Drivers\secdrv.SYS
0x96E0A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x96E2B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x907A8000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9842C000 \SystemRoot\System32\DRIVERS\srv.sys
0x98508000 \??\C:\Users\chelsie\AppData\Local\Temp\kxrdafod.s ys
0x77730000 \Windows\System32\ntdll.dll
0x47F60000 \Windows\System32\smss.exe
0x77970000 \Windows\System32\apisetschema.dll
Processes (total 45):
0 System Idle Process
4 System
264 C:\Windows\System32\smss.exe
388 csrss.exe
424 csrss.exe
432 C:\Windows\System32\wininit.exe
460 C:\Windows\System32\winlogon.exe
524 C:\Windows\System32\services.exe
540 C:\Windows\System32\lsass.exe
548 C:\Windows\System32\lsm.exe
656 C:\Windows\System32\svchost.exe
756 C:\Windows\System32\svchost.exe
852 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1380 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1400 C:\Windows\System32\dwm.exe
1412 C:\Windows\explorer.exe
1708 C:\Windows\System32\spoolsv.exe
1748 C:\Windows\System32\svchost.exe
1860 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1888 C:\Program Files\Bonjour\mDNSResponder.exe
1916 C:\Windows\System32\taskhost.exe
1924 C:\Windows\System32\svchost.exe
1972 C:\Windows\System32\lxctcoms.exe
512 C:\Windows\System32\svchost.exe
2072 C:\Windows\System32\svchost.exe
2712 C:\Program Files\Java\jre6\bin\jusched.exe
2720 C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
2728 C:\Program Files\Lexmark 5400 Series\lxctmon.exe
2752 C:\Program Files\Lexmark 5400 Series\ezprint.exe
2780 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2852 C:\Program Files\iTunes\iTunesHelper.exe
2996 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3208 C:\Windows\System32\SearchIndexer.exe
3572 C:\Program Files\iPod\bin\iPodService.exe
3852 C:\Windows\System32\svchost.exe
4080 C:\Program Files\Windows Media Player\wmpnetwk.exe
2272 C:\Windows\System32\svchost.exe
944 C:\Program Files\Mozilla Firefox\firefox.exe
2960 C:\Windows\System32\audiodg.exe
1336 C:\Users\chelsie\Downloads\MBRCheck.exe
3408 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: WDCWD1200BEVS-60UST0, Rev: 01.01A01
PhysicalDrive1 Model Number: TOSHIBAMK8037GSX, Rev: DL232C
Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
74 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:04:52 PM, on 9/6/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Free Online News, Sport, Music, Movies, Money, Cars and Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Free Online News, Sport, Music, Movies, Money, Cars and Windows Live from MSN UK
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SCHSLYKO] rundll32 "C:\Users\chelsie\AppData\Roaming\bootstri.dll",OR RBRSLU
O4 - HKCU\..\Run: [mediafix70700en02.exe] C:\Users\chelsie\AppData\Roaming\791FF8A7294518B6E AE2B917F1341F0A\mediafix70700en02.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
--
End of file - 5776 bytes
Thanks in advance!
Senior Member
1. Your Malwarebytes log says "No action taken" after each line.
Please, re-run MBAM, fix all issues and post new log.
2. We don't use HJT around here anymore.
Please, post required OTL logs.
Valued Member
oops! I posted the wrong log for malwarebytes.. here is the right one i think. OTL isn't writing any logs, or its hanging.. i can't tell. it said it couldn't write to a .bat file and now it says 'Manual File Scan - Looking in folder C:\Windows\system32\drivers\..' for a while now..
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Database version: 4554
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
9/6/2010 11:25:22 AM
mbam-log-2010-09-06 (11-25-22).txt
Scan type: Quick scan
Objects scanned: 136630
Time elapsed: 18 minute(s), 11 second(s)
Memory Processes Infected: 21
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 26
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 62
Memory Processes Infected:
C:\Users\chelsie\AppData\Roaming\antispy.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Users\chelsie\AppData\Local\Temp\Ivd.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\chelsie\AppData\Local\Temp\Ivg.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\chelsie\AppData\Local\Temp\yvz8r0apu.exe (Malware.Packer.Gen) -> Unloaded process successfully.
C:\Users\chelsie\AppData\Local\Temp\uk6k00gr4.exe (Malware.Packer.Gen) -> Unloaded process successfully.
C:\Users\chelsie\AppData\Local\Temp\win32.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\chelsie\AppData\Local\Temp\sysedit.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\chelsie\AppData\Local\Temp\debug.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\chelsie\AppData\Local\Temp\avp.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\chelsie\AppData\Local\Temp\nvsvc32.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\chelsie\AppData\Local\Temp\gdi32.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\chelsie\AppData\Local\Temp\win16.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\chelsie\AppData\Local\Temp\drweb.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\chelsie\AppData\Local\Temp\login.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\chelsie\AppData\Local\Temp\win.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\chelsie\AppData\Local\Temp\iexplarer.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\chelsie\AppData\Local\Temp\spoolsv.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\chelsie\AppData\Local\Temp\1614360016.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\chelsie\AppData\Local\Temp\svchost.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\chelsie\AppData\Local\Temp\avp32.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Users\chelsie\.COMMgr\complmgr.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
C:\Users\chelsie\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll (Rogue.DiskCleanUp) -> Delete on reboot.
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Amnesiac (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\desktop cleanup wizard (Rogue.DiskCleanUp) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\xbv6rd5szf (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnocg (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefngop (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnsd (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefngp (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnxb (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnoc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnd (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefny (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnz9 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnzp (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnfq (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnrc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnsb (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnqe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnf (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefntpf (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnwg (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnzy+lsie\appdata\local\temp\ 1614360016.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnth (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\lvjrfeefnep (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\com+ manager (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\mediafix70700en02.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\chelsie\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll (Rogue.DiskCleanUp) -> Delete on reboot.
C:\Users\chelsie\AppData\Roaming\antispy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\Ivd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\Ivg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\yvz8r0apu.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\uk6k00gr4.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\win32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\sysedit.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\debug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\avp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\cmd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\nvsvc32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\gdi32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\win16.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\winamp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\drweb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\login.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\win.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\iexplarer.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\spoolsv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\1614360016.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\avp32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\thuurs.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\tusqol.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\1621360972.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\1705270972.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\bm4lcv9m.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\Ivc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\Ive.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\Ivf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\Ivh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\jyacy95.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\jytr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\2284308032.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\escxanomrw.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\v28hhwz6uk6nd. exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\iexplorer.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\ihoc30.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\sxcfgslr.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\gfwzib4exhtwu. exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\_TU5B87.tmp (Rogue.DiskCleanUp) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\wvvsqr.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\cac5C84.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\ybsidifk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\2198820032.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\3855422240.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\3924936240.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\knam.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\zl4yd5.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\chelsie\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Roaming\Microsoft\Interne t Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Roaming\Microsoft\Windows \Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Local\Temp\skaioejiesfjoe e.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\chelsie\.COMMgr\complmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\chelsie\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\chelsie\AppData\Roaming\791FF8A7294518B6E AE2B917F1341F0A\mediafix70700en02.exe (Trojan.FakeAlert) -> Delete on reboot.
Senior Member
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Valued Member
ok here it is.
ComboFix 10-09-08.03 - chelsie 09/09/2010 16:40:40.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1983.1341 [GMT -2.5:30]
Running from: c:\users\chelsie\Downloads\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\chelsie\.COMMgr
c:\users\chelsie\AppData\Local\Desktop Cleanup Wizard
c:\users\chelsie\AppData\Roaming\791FF8A7294518B6E AE2B917F1341F0A
c:\users\chelsie\AppData\Roaming\791FF8A7294518B6E AE2B917F1341F0A\enemies-names.txt
c:\users\chelsie\AppData\Roaming\791FF8A7294518B6E AE2B917F1341F0A\local.ini
c:\users\chelsie\AppData\Roaming\791FF8A7294518B6E AE2B917F1341F0A\lsrslt.ini
c:\users\chelsie\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Antimalware Doctor
Infected copy of c:\windows\system32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90 ef265a43c13\wininit.exe
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_5228 3b2af41f3691\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-08-09 to 2010-09-09 )))))))))))))))))))))))))))))))
.
2010-09-09 19:27 . 2010-09-09 19:39 -------- d-----w- c:\users\chelsie\AppData\Local\temp
2010-09-09 19:27 . 2010-09-09 19:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-09 19:07 . 2010-09-09 19:07 -------- d-----w- C:\32788R22FWJFW
2010-09-07 14:58 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:58 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:58 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:58 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:57 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:57 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 14:57 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:56 . 2010-09-07 14:56 -------- d-----w- c:\programdata\Alwil Software
2010-09-07 14:56 . 2010-09-07 14:56 -------- d-----w- c:\program files\Alwil Software
2010-09-06 15:25 . 2010-09-06 16:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-06 15:25 . 2010-09-06 15:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-06 15:23 . 2010-09-06 15:23 -------- d-----w- c:\program files\Trend Micro
2010-09-06 13:35 . 2010-09-06 13:35 -------- d-----w- c:\users\chelsie\AppData\Roaming\Malwarebytes
2010-09-06 13:34 . 2010-04-29 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-06 13:34 . 2010-09-06 13:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-06 13:34 . 2010-09-06 13:34 -------- d-----w- c:\programdata\Malwarebytes
2010-09-06 13:34 . 2010-04-29 18:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-06 02:17 . 2009-12-03 03:27 -------- d-----w- c:\users\chelsie\AppData\Roaming\vlc
2010-08-13 05:35 . 2010-05-06 23:02 -------- d-----w- c:\programdata\Microsoft Help
2010-08-13 03:41 . 2010-03-05 02:37 -------- d-----w- c:\program files\Lx_cats
2010-07-29 06:30 . 2010-08-12 10:59 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 10:59 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-06-30 06:25 . 2010-08-12 10:59 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 02:47 . 2010-08-12 10:59 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-12 10:59 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-12 10:59 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-12 10:59 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-12 10:59 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-12 10:59 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-12 10:59 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-12 10:59 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-14 06:12 . 2010-08-12 10:59 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-01 149280]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-24 623960]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X 86\3\LXCTtime.dll" [2006-11-21 106496]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI. exe" [2010-09-07 2838912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 15:38 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 07:38 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-04 1343400]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2010-09-07 50768]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VS TAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VS TDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVER S\VSTCNXT3.SYS [2009-07-13 661504]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\chelsie\AppData\Roaming\Mozilla\Firefox\P rofiles\h46izo94.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\users\chelsie\AppData\Roaming\Facebook\npfbplug in_1_0_1.dll
FF - plugin: c:\users\chelsie\AppData\Roaming\Facebook\npfbplug in_1_0_3.dll
FF - plugin: c:\windows\system32\Wat\npWatWeb.dll
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-SCHSLYKO - c:\users\chelsie\AppData\Roaming\bootstri.dll
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\lxctcoms.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
************************************************** ************************
.
Completion time: 2010-09-09 17:15:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-09 19:45
Pre-Run: 82,843,045,888 bytes free
Post-Run: 82,626,875,392 bytes free
- - End Of File - - 099EEF68CA76D1A74DCADCADC24FE658
Senior Member
My instructions say to run Combofix from desktop.Running from: c:\users\chelsie\Downloads\ComboFix.exe
Please, move combofix.exe file to your desktop.
Please, re-run Combofix and post new log.
Valued Member
oops! sorry... 4 kids under 3 running around here has addled my brain lol.
--ComboFix 10-09-09.03 - chelsie 09/10/2010 0:17.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1983.1338 [GMT -2.5:30]
Running from: c:\users\chelsie\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2010-08-10 to 2010-09-10 )))))))))))))))))))))))))))))))
.
2010-09-10 03:03 . 2010-09-10 03:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-10 03:03 . 2010-09-10 03:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-10 02:44 . 2010-09-10 02:45 -------- d-----w- C:\32788R22FWJFW
2010-09-09 19:27 . 2010-09-10 03:03 -------- d-----w- c:\users\chelsie\AppData\Local\temp
2010-09-07 14:58 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:58 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:58 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:58 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:57 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:57 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 14:57 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:56 . 2010-09-07 14:56 -------- d-----w- c:\programdata\Alwil Software
2010-09-07 14:56 . 2010-09-07 14:56 -------- d-----w- c:\program files\Alwil Software
2010-09-06 15:25 . 2010-09-06 16:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-06 15:25 . 2010-09-06 15:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-06 15:23 . 2010-09-06 15:23 -------- d-----w- c:\program files\Trend Micro
2010-09-06 13:35 . 2010-09-06 13:35 -------- d-----w- c:\users\chelsie\AppData\Roaming\Malwarebytes
2010-09-06 13:34 . 2010-04-29 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-06 13:34 . 2010-09-06 13:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-06 13:34 . 2010-09-06 13:34 -------- d-----w- c:\programdata\Malwarebytes
2010-09-06 13:34 . 2010-04-29 18:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-06 02:17 . 2009-12-03 03:27 -------- d-----w- c:\users\chelsie\AppData\Roaming\vlc
2010-08-13 05:35 . 2010-05-06 23:02 -------- d-----w- c:\programdata\Microsoft Help
2010-08-13 03:41 . 2010-03-05 02:37 -------- d-----w- c:\program files\Lx_cats
2010-07-29 06:30 . 2010-08-12 10:59 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 10:59 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-06-30 06:25 . 2010-08-12 10:59 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 02:47 . 2010-08-12 10:59 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-12 10:59 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-12 10:59 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-12 10:59 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-12 10:59 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-12 10:59 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-12 10:59 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-12 10:59 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-14 06:12 . 2010-08-12 10:59 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-01 149280]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-24 623960]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X 86\3\LXCTtime.dll" [2006-11-21 106496]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI. exe" [2010-09-07 2838912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 15:38 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 07:38 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-04 1343400]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2010-09-07 50768]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VS TAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VS TDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVER S\VSTCNXT3.SYS [2009-07-13 661504]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\chelsie\AppData\Roaming\Mozilla\Firefox\P rofiles\h46izo94.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-09-10 00:39:23
ComboFix-quarantined-files.txt 2010-09-10 03:09
ComboFix2.txt 2010-09-09 19:45
Pre-Run: 82,520,166,400 bytes free
Post-Run: 82,339,422,208 bytes free
- - End Of File - - BFD3ACF1977D3AF6F5C5C07EC27816A9
Senior Member
Hahaha....4 kids under 3 running around here has addled my brain lol.
Combofix log looks good
How is computer doing?
Please, re-run OTL "Quick scan" and post fresh log.
Valued Member
OTL hasn't been working for me. If i paste the code from the 'read this first' thread, i get no .txt files... if i don't, i just get the otl.txt, so i'll post that for now.
OTL logfile created on: 9/10/2010 9:28:57 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\chelsie\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 76.54 Gb Free Space | 68.47% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 36.38 Gb Free Space | 48.81% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 245.23 Mb Total Space | 222.07 Mb Free Space | 90.56% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CHELSIE-PC
Current User Name: chelsie
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/07 16:12:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\chelsie\Downloads\OTL.exe
PRC - [2010/09/07 12:42:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 12:41:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/03 17:46:52 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/31 03:30:51 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/24 16:27:46 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/07/13 22:44:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 22:44:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2006/11/22 11:11:36 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxctcoms.exe
PRC - [2006/11/22 11:11:24 | 000,082,864 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 5400 Series\ezprint.exe
PRC - [2006/11/22 11:11:22 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 5400 Series\lxctmon.exe
========== Modules (SafeList) ==========
MOD - [2010/09/07 16:12:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\chelsie\Downloads\OTL.exe
MOD - [2009/07/13 22:46:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 22:46:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 22:46:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 22:46:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 22:46:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 22:45:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 22:45:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 22:45:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 22:45:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 22:45:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 22:44:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 22:33:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_4211 89da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/09/07 12:41:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 12:41:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 12:41:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/04 18:30:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 22:46:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 22:46:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 22:46:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 22:46:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 22:46:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 22:46:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 22:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 22:46:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 22:46:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 22:46:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 22:46:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 22:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 22:45:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 22:45:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 22:45:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 22:45:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 22:44:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 22:44:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 22:44:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 22:44:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2006/11/22 11:11:36 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxctcoms.exe -- (lxct_device)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\chelsie\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/09/07 12:22:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 12:22:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 12:17:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 12:17:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 12:17:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/11 05:14:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 2221 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 22
DRV - [2009/07/13 22
DRV - [2009/07/13 22
DRV - [2009/07/13 22
DRV - [2009/07/13 22
DRV - [2009/07/13 22
DRV - [2009/07/13 22
DRV - [2009/07/13 22
DRV - [2009/07/13 22
DRV - [2009/07/13 22:50:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 22:50:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 22:50:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 22:50:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 22:50:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 22:50:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 22:50:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 22:50:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 22:50:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 22:50:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 22:50:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 22:50:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 22:50:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 22:50:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 22:50:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 22:50:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 22:49:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 22:49:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 22:49:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 22:49:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 22:49:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 22:49:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 22:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 22:49:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 22:49:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 22:49:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 22:49:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 22:49:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 22:49:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 22:49:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 22:49:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 22:47:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 22:27:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 21:32:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 21:31:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 21:25:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 21:23:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 21:22:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 21:22:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 21:22:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 21:22:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 2135 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 21
DRV - [2009/07/13 21
DRV - [2009/07/13 21:16:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 21:15:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 21:06:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 21:03:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 20:58:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 20:58:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 20:54:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 20:49:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 20:46:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 20:41:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 20:24:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:23:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 20:23:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 20:23:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 20:23:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 20:23:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 19:43:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 19:43:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 19:43:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/13 19:32:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/13 19:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2009/07/13 19:32:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 19:32:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 19:32:48 | 001,131,008 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/07/13 19:32:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 84 83 EC BA 72 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/06 22:24:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/06 22:24:23 | 000,000,000 | ---D | M]
[2009/12/01 16:55:54 | 000,000,000 | ---D | M] -- C:\Users\chelsie\AppData\Roaming\Mozilla\Extension s
[2009/12/02 11:48:57 | 000,000,000 | ---D | M] -- C:\Users\chelsie\AppData\Roaming\Mozilla\Firefox\P rofiles\h46izo94.default\extensions
[2009/12/01 17:24:47 | 000,002,171 | ---- | M] () -- C:\Users\chelsie\AppData\Roaming\Mozilla\Firefox\P rofiles\h46izo94.default\searchplugins\bing.xml
[2009/12/01 17:36:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/09/09 17:09:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [Lexmark 5400 Series Fax Server] C:\Program Files\Lexmark 5400 Series\fm3032.exe ()
O4 - HKLM..\Run: [LXCTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCTtim e.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxctmon.exe] C:\Program Files\Lexmark 5400 Series\lxctmon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.222.0.94 24.222.0.95
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Windows\web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\web\Wallpaper\img23.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/09/10 00:39:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/09/10 00:38:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/09/10 00:14:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/10 00:14:51 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/09/09 16:57:33 | 000,000,000 | ---D | C] -- C:\Users\chelsie\AppData\Local\temp
[2010/09/09 16:38:16 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/09 16:38:16 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/09 16:38:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/09 16:38:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/09 16:37:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/07 12:28:06 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/07 12:28:06 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/07 12:28:03 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/07 12:28:01 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/07 12:27:58 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/07 12:27:01 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 12:27:00 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/07 12:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/09/07 12:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/09/06 12:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/09/06 12:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/06 12:53:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/06 11:05:10 | 000,000,000 | ---D | C] -- C:\Users\chelsie\AppData\Roaming\Malwarebytes
[2010/09/06 11:04:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/06 11:04:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/06 11:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/06 11:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/05 00:05:38 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxctserv.dll
[2010/03/05 00:05:38 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxctusb1.dll
[2010/03/05 00:05:38 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcthbn3.dll
[2010/03/05 00:05:38 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxctcomc.dll
[2010/03/05 00:05:38 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxctpmui.dll
[2010/03/05 00:05:38 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxctlmpm.dll
[2010/03/05 00:05:38 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxctcomm.dll
[2010/03/05 00:05:38 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxctinpa.dll
[2010/03/05 00:05:38 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxctiesc.dll
[2010/03/05 00:05:38 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCThcp.dll
[2010/03/05 00:05:38 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxctprox.dll
[2010/03/05 00:05:38 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxctpplc.dll
[2 C:\Users\chelsie\Desktop\*.tmp files -> C:\Users\chelsie\Desktop\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/09/10 21:33:03 | 003,407,872 | -HS- | M] () -- C:\Users\chelsie\NTUSER.DAT
[2010/09/10 21:31:47 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/10 21:31:47 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/10 21:26:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/10 21:26:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/10 21:26:27 | 1559,433,216 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/10 15:29:22 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/10 15:29:22 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/10 15:29:22 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/10 00:34:07 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/10 00:14:44 | 003,841,413 | R--- | M] () -- C:\Users\chelsie\Desktop\ComboFix.exe
[2010/09/09 17:09:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/09/08 08:51:57 | 000,782,971 | -H-- | M] () -- C:\Users\chelsie\AppData\Local\IconCache.db
[2010/09/08 08:51:13 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/09/07 12:42:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 12:41:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/07 12:28:07 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/09/07 12:22:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/07 12:22:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/07 12:17:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/07 12:17:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/07 12:17:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/06 12:55:59 | 000,001,240 | ---- | M] () -- C:\Users\chelsie\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/06 12:55:59 | 000,001,216 | ---- | M] () -- C:\Users\chelsie\Desktop\Spybot - Search & Destroy.lnk
[2010/09/06 12:53:53 | 000,002,039 | ---- | M] () -- C:\Users\chelsie\Desktop\HijackThis.lnk
[2010/09/06 11:04:27 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/02 12:38:37 | 000,010,950 | ---- | M] () -- C:\Users\chelsie\Desktop\LOAN LETTER.docx
[2010/09/02 12:22:49 | 000,000,162 | -H-- | M] () -- C:\Users\chelsie\Desktop\~$AN LETTER.docx
[2010/08/13 03:33:26 | 000,409,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/07/23 21:59:29 | 000,011,922 | ---- | M] () -- C:\Users\chelsie\Desktop\Mount Carmel Letter.docx
[2010/07/08 07:42:16 | 000,028,160 | ---- | M] () -- C:\Users\chelsie\Desktop\Mount Carmel Letter 2.doc
[2010/07/03 15:43:08 | 000,000,162 | -H-- | M] () -- C:\Users\chelsie\Desktop\~$unt Carmel Letter.docx
[2 C:\Users\chelsie\Desktop\*.tmp files -> C:\Users\chelsie\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/09/09 16:38:16 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/09 16:38:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/09 16:38:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/09 16:38:16 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/09 16:38:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/09 16:36:32 | 003,841,413 | R--- | C] () -- C:\Users\chelsie\Desktop\ComboFix.exe
[2010/09/07 12:28:07 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/09/06 12:55:59 | 000,001,240 | ---- | C] () -- C:\Users\chelsie\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/06 12:55:59 | 000,001,216 | ---- | C] () -- C:\Users\chelsie\Desktop\Spybot - Search & Destroy.lnk
[2010/09/06 12:53:53 | 000,002,039 | ---- | C] () -- C:\Users\chelsie\Desktop\HijackThis.lnk
[2010/09/06 11:04:27 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/02 12:22:49 | 000,000,162 | -H-- | C] () -- C:\Users\chelsie\Desktop\~$AN LETTER.docx
[2010/08/30 00:08:34 | 000,010,950 | ---- | C] () -- C:\Users\chelsie\Desktop\LOAN LETTER.docx
[2010/07/08 07:42:15 | 000,028,160 | ---- | C] () -- C:\Users\chelsie\Desktop\Mount Carmel Letter 2.doc
[2010/07/03 15:41:43 | 000,011,922 | ---- | C] () -- C:\Users\chelsie\Desktop\Mount Carmel Letter.docx
[2010/07/03 15:41:43 | 000,000,162 | -H-- | C] () -- C:\Users\chelsie\Desktop\~$unt Carmel Letter.docx
[2010/06/06 14:17:14 | 000,009,216 | ---- | C] () -- C:\Users\chelsie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/05 00:06:51 | 000,045,056 | ---- | C] () -- C:\Windows\System32\lxctpmon.dll
[2010/03/05 00:06:51 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXCTFXPU.DLL
[2010/03/05 00:05:38 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCTinst.dll
[2010/03/05 00:05:38 | 000,204,800 | ---- | C] () -- C:\Windows\System32\lxctgrd.dll
[2009/07/13 21
[2009/07/13 21:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2006/11/07 13:30:48 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxctcoin.dll
[2006/08/14 18:17:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxctcaps.dll
[2006/08/08 16:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxctdrs.dll
[2006/05/03 15:31:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxctcnv4.dll
[2006/04/25 04:11:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxctvs.dll
========== LOP Check ==========
[2010/03/05 11:13:17 | 000,000,000 | ---D | M] -- C:\Users\chelsie\AppData\Roaming\5400 Series
[2010/02/27 21:51:43 | 000,000,000 | ---D | M] -- C:\Users\chelsie\AppData\Roaming\Facebook
[2010/02/27 18:11:29 | 000,000,000 | ---D | M] -- C:\Users\chelsie\AppData\Roaming\Research In Motion
[2010/06/12 08:40:42 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Senior Member
You didn't say:
================================================== ===============How is computer doing?
Update your Java version here: Verify Java Version
Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
Now, we need to remove old Java version and its remnants...
Download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
================================================== ============
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code::OTL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found [2 C:\Users\chelsie\Desktop\*.tmp files -> C:\Users\chelsie\Desktop\*.tmp -> ] :Services :Reg :Files :Commands [purity] [emptytemp] [emptyflash] [Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
================================================== ============
Last scans....
1. Download Security Check from HERE, and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
2. Download Temp File Cleaner (TFC)
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
3. Go to Kaspersky website and perform an online antivirus scan.
- Disable your active antivirus program.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
- Mail databases
- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
