As a user, sometimes I understand the technical requests/requirements and sometimes I don't. I'll do my best and I know that you will, too, and I appreciate that.
Desktop Dell Optiplex GX270 (purchased in 2006) running Windows XP (version 5.1.2600 Service Pack 3 Build 2600) with 1GB of memory.
Webroot secure anywhere is the basic antivirus.
I use malwarebytes intermittently (manual mode), but it does not find any problems.
There are a couple of other users set up in the computer, but I am the only user have have been the only user for three or four years.
I use explorer, but there is an old version of firefox installed, but I never use it for a long time.
P2P note. Some time ago, for a reason no longer remembered, under Google's influence, I downloaded bittorrent, which I believe is a P2P program, which I have never used. Please advise if and how you would ike me to delete this. Ordinarily, I would use the Control Panel then Removal tool.
Problem Statement/Background
Six months ago, I somehow got freeze.com/netassist on my computer which would redirect my website to their website, particularly while attempting variations on online shopping. Not good.
I brought it in to my buddy at Friendly Computers and paid to have it licked clean of the malware, but I could tell it was still not quite right. Lived with it.
What prompts me to contact you right now. A friend sent me an email with a .mov attachment. I googled and downloaded something with the word fox (not firefox) in it to play it or convert it and it failed. Being the somewhat cautious type, I just went to Control Panel to delete it right away. While there, I saw ilivid and thought that was not right. I went to delete it using the removal tool and it just sat there for too long so I escaped out of it and now I am coming to you.
I googled "Ilivid.com" and one of the first natural results led to your forum with some very specific instructions like running OTL with some parameters and gmer.
I downloaded and ran full scan OTL with no parameters and, although a user, I am an old DOS dog and I recognize some files and my spidey senses kick up at others. I got some results which don't seem right, so I googled them and they brought up a number of results which ask: Is this file malware? Is this file OK? How do I get rid of this malware, etc..., so I decided to call in the professionals, you guys.
There really are not a lot of symptoms -- they are subtle, but I have known they are there despite MalwareBytes not finding anything. For example, going back two months, the resolution on my monitor would change. Or something too subtle for this user would happen and then my status line would disappear. It was sitting below bottom of the visible screen. I tried the hardware adjustment buttons and resets and some software ones, too and now I think I just have a slightly higher resolution or maybe it resolved itself.
At some point a couple of months ago, maybe when this display behavior was happening, I did <Ctrl><Alt><Del> to bring up the Windows Task Managerand I looked at Processes. Or maybe I looked in the Program Files section and saw programs that did not look like they should be there or maybe I had deleted them through the Control Panel Software Removal Tool.
Anyway, I sort of know what .dll files are (CRAZY USER) and I renamed some of what I thought were bad .dll files so that a bad program calling them would not be able to find them. The computer has behaved OK now for a while, but I know the problem is still deep within.
Anyway, I ran OTL-full scan, no arguments, and I have the logs OTL.txt and extras.txt. I don't know how to interpret it and I have not taken any action on the results other than to join this forum and seek your assistance. Here are a few of the names of what I think are suspicious looking files:
There is a Hosts section of the report which includes: http://www.007guard.com; http://www.008k.com; http://www.000hq.com; 010402.com;032439.com; 0scan.com; 1000gratisproben.com; a reference to searchquband, ilivid, ilivid player;
DDS - Note that started DDS and it told me to turn off script blocking. I tried to figure out how to turn off script blocking but before figuring that out, it completed. So if the results appear invalid or if I should just turn off script-blocking and start again and open a new ticket, please let me know.
Actually re-ran it after supposedly turning off script blocking, but not sure .... Anyway, here they are:
dds.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Robert at 16:37:10 on 2012-03-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.216 [GMT -4:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Update\Install\{68DAF550-7BD5-4E0B-98C6-F56EA4B61D9E}\GoogleToolbarInstaller_updater_signed.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\notepad.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=110807&ba ... 0d56d4ea2c
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uURLSearchHooks: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] "c:\windows\system32\igfxtray.exe"
mRun: [igfxhkcmd] "c:\windows\system32\hkcmd.exe"
mRun: [igfxpers] "c:\windows\system32\igfxpers.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: jpds.org
Trusted Zone: microsoft.com\office
Trusted Zone: mris.com
DPF: Web-Based Email Tools - hxxp://email05.secureserver.net/Download.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://landrec.arlingtonva.us/public/al ... _1_7_6.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/ ... arth3D.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 3019596046
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 3433857140
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {93D532DD-85FC-4A92-8254-8DB5437D8690} - hxxp://imgweb.charlestoncounty.org/AppN ... XPopup.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/ ... emLite.CAB
DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{6B868B1D-604E-4AC3-A34F-2983327ED35E} : DhcpNameServer = 192.168.1.1 71.252.0.12
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\robert\application data\mozilla\firefox\profiles\eegpe86j.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=110807&ba ... 0d56d4ea2c
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110807&ba ... 6d4ea2c&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_31.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 74677818000000000000000d56d4ea2c
FF - user.js: extensions.BabylonToolbar_i.hardId - 74677818000000000000000d56d4ea2c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15421
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:46:40
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110807
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2011-12-31 109520]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-6 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-2-24 47640]
R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2011-12-31 658968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-28 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-28 135664]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2011-8-29 10112]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== File Associations ===============
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
=============== Created Last 30 ================
.
2012-03-22 15:47:43 -------- d-----w- c:\documents and settings\robert\application data\BabylonToolbar
2012-03-22 15:46:44 -------- d-----w- c:\program files\BabylonToolbar
2012-03-22 15:46:31 -------- d-----w- c:\documents and settings\robert\local settings\application data\Babylon
2012-03-22 15:46:29 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2012-03-22 15:46:27 -------- d-----w- c:\documents and settings\robert\application data\Babylon
2012-03-10 01:32:32 4431872 ----a-w- c:\windows\system32\GPhotos.scr
.
==================== Find3M ====================
.
2012-03-16 14:28:02 146040 ----a-w- c:\windows\system32\WRusr.dll
2012-03-16 14:28:02 109520 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-03-16 05:00:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-02 02:12:45 60304 ----a-w- c:\documents and settings\robert\g2mdlhlpx.exe
2012-02-27 17:05:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-27 17:05:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 16:37:59.72 ===============
attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/14/2008 2:13:13 PM
System Uptime: 3/14/2012 9:59:22 AM (199 hours ago)
.
Motherboard: Dell Computer Corp. | | 0K5786
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 393.088 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP93: 12/24/2011 9:31:58 AM - System Checkpoint
RP94: 12/25/2011 10:31:54 AM - System Checkpoint
RP95: 12/26/2011 11:31:54 AM - System Checkpoint
RP96: 12/27/2011 12:31:55 PM - System Checkpoint
RP97: 12/28/2011 1:31:56 PM - System Checkpoint
RP98: 12/29/2011 2:31:54 PM - System Checkpoint
RP99: 12/30/2011 2:32:01 PM - System Checkpoint
RP100: 12/31/2011 3:24:57 PM - System Checkpoint
RP101: 1/1/2012 4:24:59 PM - System Checkpoint
RP102: 1/2/2012 5:24:59 PM - System Checkpoint
RP103: 1/3/2012 6:25:02 PM - System Checkpoint
RP104: 1/4/2012 6:26:02 PM - System Checkpoint
RP105: 1/4/2012 8:37:29 PM - Installed Portfolio Browser
RP106: 1/5/2012 9:24:57 PM - System Checkpoint
RP107: 1/6/2012 10:35:39 PM - System Checkpoint
RP108: 1/7/2012 11:24:58 PM - System Checkpoint
RP109: 1/9/2012 12:51:54 AM - System Checkpoint
RP110: 1/10/2012 1:24:58 AM - System Checkpoint
RP111: 1/11/2012 2:24:58 AM - System Checkpoint
RP112: 1/11/2012 3:00:17 AM - Software Distribution Service 3.0
RP113: 1/12/2012 3:00:29 AM - Software Distribution Service 3.0
RP114: 1/13/2012 3:05:43 AM - System Checkpoint
RP115: 1/14/2012 4:05:45 AM - System Checkpoint
RP116: 1/15/2012 5:05:46 AM - System Checkpoint
RP117: 1/16/2012 6:05:43 AM - System Checkpoint
RP118: 1/17/2012 7:05:44 AM - System Checkpoint
RP119: 1/18/2012 7:06:48 AM - System Checkpoint
RP120: 1/19/2012 8:05:49 AM - System Checkpoint
RP121: 1/20/2012 9:05:49 AM - System Checkpoint
RP122: 1/21/2012 10:05:47 AM - System Checkpoint
RP123: 1/22/2012 11:05:51 AM - System Checkpoint
RP124: 1/23/2012 2:57:55 PM - System Checkpoint
RP125: 1/24/2012 3:06:57 PM - System Checkpoint
RP126: 1/25/2012 4:05:50 PM - System Checkpoint
RP127: 1/26/2012 5:45:33 PM - System Checkpoint
RP128: 1/27/2012 6:07:07 PM - System Checkpoint
RP129: 1/28/2012 7:06:00 PM - System Checkpoint
RP130: 1/29/2012 7:49:06 PM - System Checkpoint
RP131: 1/30/2012 8:40:53 PM - System Checkpoint
RP132: 1/31/2012 9:40:51 PM - System Checkpoint
RP133: 2/1/2012 10:40:49 PM - System Checkpoint
RP134: 2/3/2012 2:12:13 AM - System Checkpoint
RP135: 2/4/2012 2:40:53 AM - System Checkpoint
RP136: 2/5/2012 7:53:49 AM - System Checkpoint
RP137: 2/6/2012 8:22:48 AM - System Checkpoint
RP138: 2/8/2012 12:04:50 PM - System Checkpoint
RP139: 2/9/2012 12:38:39 PM - System Checkpoint
RP140: 2/9/2012 2:21:20 PM - Installed Windows Internet Explorer 8.
RP141: 2/9/2012 2:22:22 PM - Software Distribution Service 3.0
RP142: 2/10/2012 3:00:17 AM - Software Distribution Service 3.0
RP143: 2/11/2012 3:21:31 AM - System Checkpoint
RP144: 2/12/2012 4:21:28 AM - System Checkpoint
RP145: 2/13/2012 5:21:28 AM - System Checkpoint
RP146: 2/14/2012 6:21:28 AM - System Checkpoint
RP147: 2/15/2012 7:21:33 AM - System Checkpoint
RP148: 2/16/2012 3:00:26 AM - Software Distribution Service 3.0
RP149: 2/17/2012 3:37:20 AM - System Checkpoint
RP150: 2/18/2012 3:41:51 AM - System Checkpoint
RP151: 2/19/2012 9:53:45 PM - System Checkpoint
RP152: 2/20/2012 10:41:48 PM - System Checkpoint
RP153: 2/21/2012 11:41:49 PM - System Checkpoint
RP154: 2/23/2012 12:42:58 AM - System Checkpoint
RP155: 2/24/2012 1:53:52 AM - System Checkpoint
RP156: 2/25/2012 2:41:53 AM - System Checkpoint
RP157: 2/26/2012 3:41:50 AM - System Checkpoint
RP158: 2/27/2012 4:41:52 AM - System Checkpoint
RP159: 2/27/2012 12:04:27 PM - Removed Java(TM) 6 Update 12
RP160: 2/27/2012 12:05:01 PM - Installed Java(TM) 6 Update 31
RP161: 2/27/2012 1:16:26 PM - Software Distribution Service 3.0
RP162: 2/27/2012 8:28:22 PM - Installed Chessmaster 10th Edition
RP163: 2/28/2012 9:28:49 PM - System Checkpoint
RP164: 2/29/2012 11:41:16 PM - System Checkpoint
RP165: 3/1/2012 11:52:22 PM - System Checkpoint
RP166: 3/3/2012 12:52:23 AM - System Checkpoint
RP167: 3/4/2012 2:04:21 AM - System Checkpoint
RP168: 3/5/2012 2:52:19 AM - System Checkpoint
RP169: 3/6/2012 2:52:24 AM - System Checkpoint
RP170: 3/7/2012 3:52:26 AM - System Checkpoint
RP171: 3/8/2012 4:52:29 AM - System Checkpoint
RP172: 3/9/2012 5:52:26 AM - System Checkpoint
RP173: 3/10/2012 9:05:02 AM - System Checkpoint
RP174: 3/11/2012 10:53:31 AM - System Checkpoint
RP175: 3/12/2012 2:41:20 PM - System Checkpoint
RP176: 3/13/2012 2:53:43 PM - System Checkpoint
RP177: 3/14/2012 3:00:27 AM - Software Distribution Service 3.0
RP178: 3/15/2012 3:03:56 AM - System Checkpoint
RP179: 3/16/2012 4:03:56 AM - System Checkpoint
RP180: 3/17/2012 5:03:49 AM - System Checkpoint
RP181: 3/18/2012 6:03:51 AM - System Checkpoint
RP182: 3/19/2012 9:53:36 AM - System Checkpoint
RP183: 3/20/2012 10:15:52 AM - System Checkpoint
RP184: 3/21/2012 11:05:02 AM - System Checkpoint
RP185: 3/22/2012 11:54:09 AM - Removed NetAssistant
.
==== Installed Programs ======================
.
Acrobat.com
Acronis True Image Home
ACT!
Adobe Acrobat Connect Add-in
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 6.0.1
Adobe Reader 9.5.0
Adobe Shockwave Player 11.6
Babylon toolbar on IE
Bookup 2000 Express build 26
CCleaner
Chessmaster 10th Edition
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Conexant SmartHSFi V92 56K DF PCI Modem
Critical Update for Windows Media Player 11 (KB959772)
Data Lifeguard Diagnostic for Windows
eFax Messenger 4.3
File Type Assistant
FinalTorrent 2011
GearDrvs
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.1.0.880
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iLivid
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Connections Drivers
Java 2 Runtime Environment, SE v1.4.2_15
Java 2 Runtime Environment, SE v1.4.2_18
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kruptos 2 Professional
LogMeIn
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Live Meeting 2007
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 6-9 Converter
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.6.23)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6.0 Parser (KB933579)
MyAttorney Home & Business
OGA Notifier 2.0.0048.0
Picasa 3
Portfolio Browser
PowerDVD 5.1
Reader Rabbit's Preschool
RealPlayer
Rosetta Stone 2.1.2.0A
SecondLife (remove only)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic RecordNow!
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 9
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Virtual Earth 3D (Beta)
WebFldrs XP
Webroot SecureAnywhere
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
3/16/2012 10:28:08 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WRSVC service, but this action failed with the following error: An instance of the service is already running.
3/16/2012 10:27:58 AM, error: Service Control Manager [7031] - The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
.
==== End Of File ===========================