Jump to content

Beau

Honorary Members
 View Profile  See their activity

  • Posts

    31

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Beau
    Possibly a little slower than before, but no issues with running any programs.
  2. Beau
    All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully. C:\Documents and Settings\All Users\Application Data\qlq51w0u17w181g5gmkpe8tff73iggwk0c7r655sa1 moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 2607143 bytes User: All Users User: Bonnie ->Temp folder emptied: 16616 bytes ->Temporary Internet Files folder emptied: 43764922 bytes ->Java cache emptied: 1174841 bytes ->Flash cache emptied: 119602 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56504 bytes User: Fred ->Temp folder emptied: 805405 bytes ->Temporary Internet Files folder emptied: 73168454 bytes ->Java cache emptied: 18221270 bytes ->Apple Safari cache emptied: 12241920 bytes ->Flash cache emptied: 3682 bytes User: Fred2 ->Temp folder emptied: 3182 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 56504 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 13680 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Zach ->Temp folder emptied: 14662 bytes ->Temporary Internet Files folder emptied: 9196062 bytes ->Java cache emptied: 100836 bytes ->Flash cache emptied: 57756 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2162283 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4916 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 29470 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 156.00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: Bonnie ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Fred ->Flash cache emptied: 0 bytes User: Fred2 ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService User: Zach ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb Restore point Set: OTL Restore Point (0) OTL by OldTimer - Version 3.2.22.3 log created on 04222011_181603 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_6f4.dat not found! Registry entries deleted on Reboot...
  3. Beau
    OTL Extras logfile created on: 4/22/2011 6:24:11 AM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Bonnie\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 186.30 Gb Total Space | 137.35 Gb Free Space | 73.73% Space Free | Partition Type: NTFS Computer Name: MINE-E06B998C2B | User Name: Bonnie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1655:TCP" = 1655:TCP:*:Enabled:Akamai NetSession Interface "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07D96709-4D40-424B-BA91-E2509BCEF711}" = Free CraigsList Reader Pro from CraigsPal 4.3.1 "{0A482964-EC0F-4E65-A51E-CC42CEBD2E58}" = WinTOTAL "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23287D7D-DB26-4423-B220-2D0063EC058D}" = AgWare ClickFORMS "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 22 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011 "{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10 "{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011 "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{901DA3A0-D651-4157-99B8-8DE8C8160A23}" = AgWare DataLog "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A945B332-F897-4B7D-BAEB-12E4A254950C}" = TOTAL 2010 "{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3 "{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9 "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com "{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Agent Ransack_is1" = Agent Ransack 2010 "AgWare ClickFORMS" = AgWare ClickFORMS (6.2.1) "AgWare DataLog" = AgWare DataLog (2.2.3) "Akamai" = Akamai NetSession Interface "Amethyst CADwizz" = Amethyst CADwizz "Apex Medina v4 Appraiser" = Apex Medina v4 Appraiser "Autodesk Design Review 2011" = Autodesk Design Review 2011 "AutoUnpack_is1" = AutoUnpack 4.4.4 "CCleaner" = CCleaner "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "DWG TrueView 2011" = DWG TrueView 2011 "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "ie8" = Windows Internet Explorer 8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NeroMultiInstaller!UninstallKey" = Nero Suite "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "PDF-XChange 3_is1" = PDF-XChange 3 "Quicken Basic 99" = Quicken Basic 99 "RealPlayer 12.0" = RealPlayer "tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9C "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/5/2011 10:33:12 PM | Computer Name = MINE-E06B998C2B | Source = Application Error | ID = 1000 Description = Faulting application pdfsaver3.exe, version 3.6.0.109, faulting module pdfsaver3.exe, version 3.6.0.109, fault address 0x000454fe. Error - 4/16/2011 10:04:22 AM | Computer Name = MINE-E06B998C2B | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL. Error - 4/16/2011 10:04:26 AM | Computer Name = MINE-E06B998C2B | Source = Microsoft Security Client | ID = 5000 Description = Error - 4/17/2011 1:12:00 AM | Computer Name = MINE-E06B998C2B | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL. Error - 4/17/2011 6:49:21 PM | Computer Name = MINE-E06B998C2B | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL. Error - 4/18/2011 12:52:51 AM | Computer Name = MINE-E06B998C2B | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL. Error - 4/18/2011 8:54:14 PM | Computer Name = MINE-E06B998C2B | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL. Error - 4/19/2011 8:54:14 PM | Computer Name = MINE-E06B998C2B | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL. Error - 4/20/2011 11:41:21 PM | Computer Name = MINE-E06B998C2B | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL. Error - 4/21/2011 11:41:30 PM | Computer Name = MINE-E06B998C2B | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL. [ OSession Events ] Error - 11/9/2010 10:11:49 PM | Computer Name = MINE-E06B998C2B | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 453 seconds with 420 seconds of active time. This session ended with a crash. Error - 12/23/2010 9:05:28 PM | Computer Name = MINE-E06B998C2B | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 46 seconds with 0 seconds of active time. This session ended with a crash. Error - 1/18/2011 7:42:14 PM | Computer Name = MINE-E06B998C2B | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 28 seconds with 0 seconds of active time. This session ended with a crash. Error - 2/5/2011 6:08:28 PM | Computer Name = MINE-E06B998C2B | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 55 seconds with 0 seconds of active time. This session ended with a crash. Error - 2/5/2011 6:09:31 PM | Computer Name = MINE-E06B998C2B | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 33 seconds with 0 seconds of active time. This session ended with a crash. Error - 2/19/2011 7:50:08 PM | Computer Name = MINE-E06B998C2B | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 67 seconds with 60 seconds of active time. This session ended with a crash. Error - 3/12/2011 9:29:27 PM | Computer Name = MINE-E06B998C2B | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash. Error - 3/22/2011 8:35:47 PM | Computer Name = MINE-E06B998C2B | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 27 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 4/19/2011 8:54:14 PM | Computer Name = MINE-E06B998C2B | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1589.0 Update Source: %%859 Update Stage: %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. Error - 4/20/2011 6:42:06 PM | Computer Name = MINE-E06B998C2B | Source = SideBySide | ID = 16842784 Description = Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system. Error - 4/20/2011 6:42:06 PM | Computer Name = MINE-E06B998C2B | Source = SideBySide | ID = 16842811 Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. . Error - 4/20/2011 6:42:06 PM | Computer Name = MINE-E06B998C2B | Source = SideBySide | ID = 16842811 Description = Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. . Error - 4/20/2011 11:41:21 PM | Computer Name = MINE-E06B998C2B | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1589.0 Update Source: %%859 Update Stage: %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. Error - 4/21/2011 11:41:30 PM | Computer Name = MINE-E06B998C2B | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1589.0 Update Source: %%859 Update Stage: %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. Error - 4/21/2011 11:41:49 PM | Computer Name = MINE-E06B998C2B | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1589.0 Update Source: %%851 Update Stage: %%854 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6702.0&avdelta=1.101.1589.0&asdelta=1.101.1589.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command. Error - 4/21/2011 11:41:49 PM | Computer Name = MINE-E06B998C2B | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1589.0 Update Source: %%851 Update Stage: %%854 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6702.0&avdelta=1.101.1589.0&asdelta=1.101.1589.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command. Error - 4/21/2011 11:41:49 PM | Computer Name = MINE-E06B998C2B | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1589.0 Update Source: %%851 Update Stage: %%854 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6702.0&avdelta=1.101.1589.0&asdelta=1.101.1589.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command. Error - 4/21/2011 11:41:49 PM | Computer Name = MINE-E06B998C2B | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1589.0 Update Source: %%851 Update Stage: %%854 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6702.0&avdelta=1.101.1589.0&asdelta=1.101.1589.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command. < End of report >
  4. Beau
    OTL logfile created on: 4/22/2011 6:24:11 AM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Bonnie\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 186.30 Gb Total Space | 137.35 Gb Free Space | 73.73% Space Free | Partition Type: NTFS Computer Name: MINE-E06B998C2B | User Name: Bonnie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Bonnie\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\TechSmith\Snagit 10\TscHelp.exe (TechSmith Corporation) PRC - C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe (TechSmith Corporation) PRC - C:\Program Files\TechSmith\Snagit 10\SnagitEditor.exe (TechSmith Corporation) PRC - C:\Program Files\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.) PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.) PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (InstallShield Software Corporation) PRC - C:\QUICKENW\QWDLLS.EXE (Intuit) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Bonnie\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CiSvc) -- File not found SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll () SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) ========== Driver Services (SafeList) ========== DRV - (MpKsl7d67e380) -- File not found DRV - (catchme) -- File not found DRV - (MpKsl06d347bf) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DDEB57D8-5F11-4FD0-8010-204CAAB0D870}\MpKsl06d347bf.sys (Microsoft Corporation) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (hcwPP2) -- C:\WINDOWS\system32\drivers\hcwPP2.sys (Hauppauge Computer Works, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 00 26 3E DA 0F CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/05 15:24:46 | 000,000,000 | ---D | M] O1 HOSTS File: ([2011/04/16 16:20:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation) O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\QUICKENW\BILLMIND.EXE (Intuit) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE (Intuit) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 10.lnk = C:\Program Files\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {24075344-C216-4EDF-B001-D2147ACC9883} file:///C:/Win2000/Content/cabs/alaWeb.CAB (alaWeb.clsSolutionCenter) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1276207504078 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276207572828 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {AED6797A-D608-11D4-89D2-00105AA3C57F} file:///C:/Win2000/Content/cabs/alaGrid.CAB (alaGrid.TechDocSearch) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/06/09 13:58:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011/04/16 16:17:48 | 000,000,000 | ---D | M] - C:\AutoPatcher -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/04/22 06:22:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bonnie\Desktop\OTL.exe [2011/04/20 16:41:30 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regsvc.dll [2011/04/17 06:53:38 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Bonnie\Desktop\aswMBR.exe [2011/04/16 18:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011/04/16 18:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bonnie\Application Data\Malwarebytes [2011/04/16 18:26:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/04/16 18:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/04/16 18:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/04/16 18:26:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/04/16 18:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/04/16 18:26:06 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bonnie\Desktop\mbam-setup.exe [2011/04/16 16:09:38 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011/04/16 16:05:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011/04/16 16:05:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011/04/16 16:05:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011/04/16 16:05:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011/04/16 16:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/04/16 16:01:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/04/05 21:05:24 | 000,495,616 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK2.dll [2011/04/05 21:05:24 | 000,114,688 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EpPicPrt.dll [2011/04/05 21:05:24 | 000,077,824 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICEntry.dll [2011/04/05 21:05:24 | 000,073,728 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK.dll [2011/04/05 21:05:24 | 000,065,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EPPicMgr.dll [2011/04/05 21:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\Panasonic [2011/04/05 21:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panasonic [2011/04/05 21:04:27 | 000,021,248 | ---- | C] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys [2011/04/05 21:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft [2011/04/05 21:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Software Suite [2011/04/05 21:04:25 | 000,143,360 | ---- | C] (ArcSoft, Inc.) -- C:\WINDOWS\System32\PhotoBase Screen Saver.scr [2011/04/05 21:04:24 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL [2010/06/18 18:23:03 | 000,098,304 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoLicense.dll [2010/06/18 18:23:03 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoPAX.dll [2010/06/18 18:23:03 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll [2010/06/18 18:23:02 | 000,110,592 | ---- | C] ( ) -- C:\WINDOWS\System32\alaUploader.exe [2010/06/18 18:23:02 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\alaLIB.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Bonnie\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Bonnie\Local Settings\Application Data\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/04/22 06:24:15 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1004.job [2011/04/22 06:24:15 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1004.job [2011/04/22 06:23:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bonnie\Desktop\OTL.exe [2011/04/22 06:19:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/04/21 22:28:46 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9DA549B8-356D-49D4-B335-757A58E8148D}.job [2011/04/21 19:52:45 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1005.job [2011/04/21 19:52:44 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1005.job [2011/04/21 11:19:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/04/21 09:01:18 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1006.job [2011/04/21 09:01:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1006.job [2011/04/21 08:56:54 | 000,003,115 | ---- | M] () -- C:\WINDOWS\ALAMODE.INI [2011/04/21 08:50:18 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2011/04/21 08:50:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/04/20 16:30:59 | 004,325,372 | R--- | M] () -- C:\Documents and Settings\Bonnie\Desktop\ComboFix.exe [2011/04/19 22:41:21 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/04/19 22:35:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/04/18 05:19:43 | 004,323,999 | R--- | M] () -- C:\Documents and Settings\Bonnie\Desktop\Iexplorer.com [2011/04/18 04:27:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/04/17 11:22:41 | 002,220,006 | ---- | M] () -- C:\Documents and Settings\Bonnie\Desktop\v80.zip [2011/04/17 06:55:07 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Bonnie\Desktop\MBR.dat [2011/04/17 06:54:26 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Bonnie\Desktop\aswMBR.exe [2011/04/16 20:03:45 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\Bonnie\Desktop\ESET online Scanner [2011/04/16 18:26:22 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bonnie\Desktop\mbam-setup.exe [2011/04/16 17:55:19 | 000,001,260 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI [2011/04/16 16:29:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/04/16 16:20:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/04/16 16:09:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2011/04/16 15:40:35 | 000,013,162 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\qlq51w0u17w181g5gmkpe8tff73iggwk0c7r655sa1 [2011/04/15 03:31:15 | 000,356,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/04/15 03:10:50 | 000,463,224 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/04/15 03:10:50 | 000,078,240 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/04/05 21:05:26 | 000,001,675 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LUMIX Simple Viewer.lnk [2011/04/05 21:05:00 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk [2011/04/05 21:04:27 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PhotoBase 4.5.lnk [2011/03/30 11:11:34 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Bonnie\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk [2011/03/27 14:53:30 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Bonnie\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Bonnie\Local Settings\Application Data\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/04/18 05:19:20 | 004,323,999 | R--- | C] () -- C:\Documents and Settings\Bonnie\Desktop\Iexplorer.com [2011/04/17 19:48:52 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1005.job [2011/04/17 11:22:39 | 002,220,006 | ---- | C] () -- C:\Documents and Settings\Bonnie\Desktop\v80.zip [2011/04/17 06:55:07 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Bonnie\Desktop\MBR.dat [2011/04/16 20:03:22 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\Bonnie\Desktop\ESET online Scanner [2011/04/16 16:09:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2011/04/16 16:09:40 | 000,260,272 | RHS- | C] () -- C:\cmldr [2011/04/16 16:05:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/04/16 16:05:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/04/16 16:05:28 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/04/16 16:05:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/04/16 16:05:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/04/16 16:00:59 | 004,325,372 | R--- | C] () -- C:\Documents and Settings\Bonnie\Desktop\ComboFix.exe [2011/04/16 09:03:25 | 000,013,162 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qlq51w0u17w181g5gmkpe8tff73iggwk0c7r655sa1 [2011/04/05 21:05:26 | 000,001,675 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LUMIX Simple Viewer.lnk [2011/04/05 21:05:24 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2011/04/05 21:05:24 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2011/04/05 21:05:24 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2011/04/05 21:05:24 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2011/04/05 21:05:24 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2011/04/05 21:05:24 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2011/04/05 21:05:24 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2011/04/05 21:05:24 | 000,013,732 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_EN.cfg [2011/04/05 21:05:24 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2011/04/05 21:05:24 | 000,006,442 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_IT.cfg [2011/04/05 21:05:24 | 000,006,335 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_GE.cfg [2011/04/05 21:05:24 | 000,006,195 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_FR.cfg [2011/04/05 21:05:24 | 000,006,195 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_CF.cfg [2011/04/05 21:05:24 | 000,006,122 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_DU.cfg [2011/04/05 21:05:24 | 000,006,103 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_ES.cfg [2011/04/05 21:05:24 | 000,005,817 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_KO.cfg [2011/04/05 21:05:24 | 000,005,436 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_SC.cfg [2011/04/05 21:05:24 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2011/04/05 21:05:24 | 000,002,889 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_RU.cfg [2011/04/05 21:05:24 | 000,002,426 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_TC.cfg [2011/04/05 21:05:24 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2011/04/05 21:05:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2011/04/05 21:05:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2011/04/05 21:05:24 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2011/04/05 21:05:24 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2011/04/05 21:05:24 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2011/04/05 21:05:24 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2011/04/05 21:05:24 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2011/04/05 21:05:24 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2011/04/05 21:05:24 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2011/04/05 21:05:23 | 000,006,347 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_PT.cfg [2011/04/05 21:05:23 | 000,006,347 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_BP.cfg [2011/04/05 21:05:00 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk [2011/04/05 21:04:27 | 000,001,761 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PhotoBase 4.5.lnk [2011/03/24 17:18:18 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1006.job [2011/03/24 17:18:17 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1006.job [2010/11/13 17:05:53 | 000,000,031 | ---- | C] () -- C:\WINDOWS\DataPrompterOptions.ini [2010/09/05 15:34:05 | 000,077,424 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/08/27 20:19:26 | 000,120,592 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/07/30 18:52:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/07/20 21:23:07 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010/06/29 18:09:20 | 000,000,070 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2010/06/26 09:20:15 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Bonnie\Local Settings\Application Data\d3d9caps.dat [2010/06/19 18:02:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll [2010/06/19 17:56:34 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll [2010/06/18 19:14:52 | 000,001,260 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2010/06/18 19:14:51 | 000,006,472 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT [2010/06/18 19:14:51 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini [2010/06/18 18:23:18 | 000,003,115 | ---- | C] () -- C:\WINDOWS\ALAMODE.INI [2010/06/18 18:23:06 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\TX32.dll [2010/06/18 18:23:05 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\PAXMeta.dll [2010/06/18 18:23:05 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\Postiex.dll [2010/06/18 18:23:05 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P2kDesk.dll [2010/06/18 18:23:03 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\AXF_AXS.dll [2010/06/18 18:23:03 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFfpx7.dll [2010/06/18 18:23:03 | 000,204,864 | ---- | C] () -- C:\WINDOWS\System32\AtxWrap.dll [2010/06/18 18:23:03 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKodak.dll [2010/06/18 18:23:03 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\DeskSkt.dll [2010/06/18 18:23:03 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DP2kFrms.dll [2010/06/18 18:23:03 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini [2010/06/18 18:23:02 | 001,159,168 | ---- | C] () -- C:\WINDOWS\System32\alaMFC2.dll [2010/06/18 18:23:02 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\alaMapi.dll [2010/06/18 18:23:02 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ala32.dll [2010/06/18 18:23:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\alaIE.dll [2010/06/18 18:23:02 | 000,000,559 | ---- | C] () -- C:\WINDOWS\System32\alaUploader.exe.config [2010/06/09 13:58:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010/06/09 13:55:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010/06/09 08:50:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010/06/09 08:49:06 | 000,356,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/04/03 22:55:32 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe [2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2007/03/08 14:42:14 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\alavistautils.dll [2006/07/21 15:50:34 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll [2002/12/31 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/12/31 08:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2002/12/31 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2002/12/31 08:00:00 | 000,463,224 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2002/12/31 08:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2002/12/31 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2002/12/31 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2002/12/31 08:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2002/12/31 08:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2002/12/31 08:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2002/12/31 08:00:00 | 000,078,240 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2002/12/31 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2002/12/31 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2002/12/31 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2002/12/31 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2002/12/31 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2002/12/23 09:38:30 | 000,000,115 | ---- | C] () -- C:\WINDOWS\DataPrompterRegistration.ini ========== LOP Check ========== [2010/06/19 21:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\alamode [2010/08/26 21:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk [2010/07/04 14:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2011/02/11 22:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith [2011/02/05 12:26:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0AA7123A-2B56-42E6-8F5E-F8ECFEBEF8F4} [2010/06/19 20:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/02/05 12:29:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{57365A34-86F9-4066-B58A-1069F5322053} [2010/08/27 19:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonnie\Application Data\Autodesk [2010/06/19 13:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonnie\Application Data\Windows Desktop Search [2010/06/19 13:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bonnie\Application Data\Windows Search [2011/04/19 22:41:21 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2011/04/21 22:28:46 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9DA549B8-356D-49D4-B335-757A58E8148D}.job ========== Purity Check ========== < End of report >
  5. Beau
    Everything appears to be working normally.
  6. Beau
    Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6377 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/21/2011 5:52:40 PM mbam-log-2011-04-21 (17-52-40).txt Scan type: Quick scan Objects scanned: 203494 Time elapsed: 4 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  7. Beau
    ComboFix 11-04-20.01 - Bonnie 04/20/2011 16:34:50.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2943.2180 [GMT -5:00] Running from: c:\documents and settings\Bonnie\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bonnie\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\System32\regsvc.dll was missing Restored copy from - c:\windows\ServicePackFiles\i386\regsvc.dll . . ((((((((((((((((((((((((( Files Created from 2011-03-20 to 2011-04-20 ))))))))))))))))))))))))))))))) . . 2011-04-20 21:41 . 2008-04-14 10:42 59904 ----a-w- c:\windows\system32\regsvc.dll 2011-04-20 21:41 . 2008-04-14 10:42 59904 ----a-w- c:\windows\system32\dllcache\regsvc.dll 2011-04-20 03:36 . 2011-04-20 03:36 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78147EC1-FBBB-4D4A-B427-3FB280F817D2}\MpKsl00beb007.sys 2011-04-20 01:46 . 2011-04-20 01:46 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78147EC1-FBBB-4D4A-B427-3FB280F817D2}\MpKsl7d67e380.sys 2011-04-20 01:46 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78147EC1-FBBB-4D4A-B427-3FB280F817D2}\mpengine.dll 2011-04-16 23:40 . 2011-04-16 23:40 -------- d-----w- c:\program files\ESET 2011-04-16 23:27 . 2011-04-16 23:27 -------- d-----w- c:\documents and settings\Bonnie\Application Data\Malwarebytes 2011-04-16 23:26 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-16 23:26 . 2011-04-16 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-04-16 23:26 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-16 23:26 . 2011-04-16 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-16 22:52 . 2011-04-16 22:52 -------- d-----w- c:\documents and settings\Fred2 2011-04-06 02:05 . 2005-06-01 09:10 495616 ----a-w- c:\windows\system32\PICSDK2.dll 2011-04-06 02:05 . 2005-06-01 08:10 77824 ----a-w- c:\windows\system32\PICEntry.dll 2011-04-06 02:05 . 2005-06-01 05:10 73728 ----a-w- c:\windows\system32\PICSDK.dll 2011-04-06 02:05 . 2004-03-03 11:10 65536 ----a-w- c:\windows\system32\EPPicMgr.dll 2011-04-06 02:05 . 2004-03-03 11:10 114688 ----a-w- c:\windows\system32\EpPicPrt.dll 2011-04-06 02:05 . 2011-04-06 02:05 -------- d-----w- c:\program files\Panasonic 2011-04-06 02:04 . 2003-09-03 07:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll 2011-04-06 02:04 . 2003-09-03 07:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll 2011-04-06 02:04 . 2003-09-03 07:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll 2011-04-06 02:04 . 2003-09-03 07:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll 2011-04-06 02:04 . 2003-09-03 07:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe 2011-04-06 02:04 . 2003-09-03 07:23 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2011-04-06 02:04 . 2011-04-06 02:04 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll 2011-04-06 02:04 . 2011-04-06 02:04 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll 2011-04-06 02:04 . 2011-04-06 02:04 -------- d-----w- c:\program files\Common Files\ArcSoft 2011-04-06 02:04 . 2003-09-20 13:45 21248 ----a-w- c:\windows\system32\drivers\pfc.sys 2011-04-06 02:04 . 2005-03-16 18:45 143360 ----a-w- c:\windows\system32\PhotoBase Screen Saver.scr 2011-04-06 02:04 . 1995-08-01 09:44 212480 ----a-w- c:\windows\PCDLIB32.DLL 2011-03-24 22:13 . 2011-03-24 22:16 -------- d-----w- c:\documents and settings\Zach . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-06 00:37 . 2008-11-19 17:15 1409 ----a-w- c:\windows\Fonts\AFORM105.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\ALAMODE.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM120.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM112.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM100.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM09B.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM090.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM080.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\ADATA095.fot 2011-03-21 01:15 . 2010-06-19 02:27 81920 ----a-w- c:\windows\ALCFDRTM.VER 2011-03-15 04:05 . 2010-07-05 23:51 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-03-13 23:52 . 2010-11-11 01:04 398760 ----a-r- c:\windows\system32\cpnprt2.cid 2011-03-07 05:33 . 2010-06-09 18:56 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37 . 2002-12-31 13:00 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2002-12-31 13:00 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06 . 2002-12-31 13:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06 . 2002-12-31 13:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:06 . 2002-12-31 13:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:41 . 2002-12-31 13:00 385024 ----a-w- c:\windows\system32\html.iec 2011-02-17 13:18 . 2002-12-31 13:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2002-12-31 13:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:32 . 2010-06-10 22:30 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56 . 2002-12-31 13:00 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:53 . 2002-12-31 13:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2002-12-31 13:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33 . 2002-12-31 13:00 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33 . 2002-12-31 13:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-02 23:11 . 2010-07-04 20:09 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-02-02 07:58 . 2010-06-09 18:54 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2010-06-09 18:54 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2002-12-31 13:00 439296 ----a-w- c:\windows\system32\shimgvw.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-04-16_21.20.34 ))))))))))))))))))))))))))))))))))))))))) . + 2010-06-11 19:14 . 2011-04-16 22:53 17685 c:\windows\system32\Lang\WzrdLang.bin - 2010-06-11 19:14 . 2011-03-24 22:14 17685 c:\windows\system32\Lang\WzrdLang.bin + 2010-06-11 19:14 . 2011-04-16 22:53 10246 c:\windows\system32\Lang\TradChin.bin - 2010-06-11 19:14 . 2011-03-24 22:14 10246 c:\windows\system32\Lang\TradChin.bin + 2010-06-11 19:14 . 2011-04-16 22:53 12264 c:\windows\system32\Lang\Thai.bin - 2010-06-11 19:14 . 2011-03-24 22:14 12264 c:\windows\system32\Lang\Thai.bin + 2010-06-11 19:14 . 2011-04-16 22:53 13565 c:\windows\system32\Lang\SWEDISH.bin - 2010-06-11 19:14 . 2011-03-24 22:14 13565 c:\windows\system32\Lang\SWEDISH.bin - 2010-06-11 19:14 . 2011-03-24 22:14 15521 c:\windows\system32\Lang\Spanish.bin + 2010-06-11 19:14 . 2011-04-16 22:53 15521 c:\windows\system32\Lang\Spanish.bin + 2010-06-11 19:14 . 2011-04-16 22:53 15530 c:\windows\system32\Lang\Russian.bin - 2010-06-11 19:14 . 2011-03-24 22:14 15530 c:\windows\system32\Lang\Russian.bin - 2010-06-11 19:14 . 2011-03-24 22:14 14672 c:\windows\system32\Lang\Portuguese.bin + 2010-06-11 19:14 . 2011-04-16 22:53 14672 c:\windows\system32\Lang\Portuguese.bin - 2010-06-11 19:14 . 2011-03-24 22:14 11441 c:\windows\system32\Lang\Korean.bin + 2010-06-11 19:14 . 2011-04-16 22:53 11441 c:\windows\system32\Lang\Korean.bin + 2010-06-11 19:14 . 2011-04-16 22:53 13377 c:\windows\system32\Lang\Japanese.bin - 2010-06-11 19:14 . 2011-03-24 22:14 13377 c:\windows\system32\Lang\Japanese.bin - 2010-06-11 19:14 . 2011-03-24 22:14 15739 c:\windows\system32\Lang\Italian.bin + 2010-06-11 19:14 . 2011-04-16 22:53 15739 c:\windows\system32\Lang\Italian.bin - 2010-06-11 19:14 . 2011-03-24 22:14 14920 c:\windows\system32\Lang\German.bin + 2010-06-11 19:14 . 2011-04-16 22:53 14920 c:\windows\system32\Lang\German.bin - 2010-06-11 19:14 . 2011-03-24 22:14 15407 c:\windows\system32\Lang\French.bin + 2010-06-11 19:14 . 2011-04-16 22:53 15407 c:\windows\system32\Lang\French.bin - 2010-06-11 19:14 . 2011-03-24 22:14 12220 c:\windows\system32\Lang\English.bin + 2010-06-11 19:14 . 2011-04-16 22:53 12220 c:\windows\system32\Lang\English.bin + 2010-06-11 19:14 . 2011-04-16 22:53 14502 c:\windows\system32\Lang\Dutch.bin - 2010-06-11 19:14 . 2011-03-24 22:14 14502 c:\windows\system32\Lang\Dutch.bin + 2010-06-11 19:14 . 2011-04-16 22:53 13851 c:\windows\system32\Lang\Danish.bin - 2010-06-11 19:14 . 2011-03-24 22:14 13851 c:\windows\system32\Lang\Danish.bin + 2010-06-11 19:14 . 2011-04-16 22:53 11835 c:\windows\system32\Lang\Arabic.bin - 2010-06-11 19:14 . 2011-03-24 22:14 11835 c:\windows\system32\Lang\Arabic.bin + 2011-04-20 03:36 . 2011-04-20 03:36 16384 c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_d0.dat + 2011-04-20 03:36 . 2011-04-20 03:36 16384 c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_6fc.dat - 2010-06-11 19:14 . 2011-03-24 22:14 9522 c:\windows\system32\Lang\SimChin.bin + 2010-06-11 19:14 . 2011-04-16 22:53 9522 c:\windows\system32\Lang\SimChin.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-19 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016] "AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-05 274608] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Billminder.lnk - c:\quickenw\BILLMIND.EXE [2010-6-18 30208] LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2011-4-5 57344] Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2010-6-18 27136] Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Fred^Start Menu^Programs^Startup^Check for OneTouch Updates.lnk] path=c:\documents and settings\Fred\Start Menu\Programs\Startup\Check for OneTouch Updates.lnk backup=c:\windows\pss\Check for OneTouch Updates.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 16:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2010-06-19 23:06 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1792:TCP"= 1792:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R1 MpKsl00beb007;MpKsl00beb007;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78147EC1-FBBB-4D4A-B427-3FB280F817D2}\MpKsl00beb007.sys [4/19/2011 10:36 PM 28752] R1 MpKsl7d67e380;MpKsl7d67e380;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78147EC1-FBBB-4D4A-B427-3FB280F817D2}\MpKsl7d67e380.sys [4/19/2011 8:46 PM 28752] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [12/31/2002 8:00 AM 14336] S1 MpKsle04a1819;MpKsle04a1819;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{358E2811-4CA3-4E21-83FF-8CBC21BD6650}\MpKsle04a1819.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{358E2811-4CA3-4E21-83FF-8CBC21BD6650}\MpKsle04a1819.sys [?] S1 MpKsle2a75a25;MpKsle2a75a25;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA60671F-C88C-41AA-986F-6490C8993877}\MpKsle2a75a25.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA60671F-C88C-41AA-986F-6490C8993877}\MpKsle2a75a25.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/19/2010 8:56 PM 135664] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL00BEB007 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] . 2011-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 01:56] . 2011-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 01:56] . 2011-04-20 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26] . 2011-04-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-20 c:\windows\Tasks\User_Feed_Synchronization-{9DA549B8-356D-49D4-B335-757A58E8148D}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://my.yahoo.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html DPF: {24075344-C216-4EDF-B001-D2147ACC9883} - file:///C:/Win2000/Content/cabs/alaWeb.CAB DPF: {AED6797A-D608-11D4-89D2-00105AA3C57F} - file:///C:/Win2000/Content/cabs/alaGrid.CAB . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-20 16:41 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2560) c:\windows\system32\WININET.dll c:\windows\system32\AcSignIcon.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . - - - - - - - > 'explorer.exe'(2624) c:\windows\system32\WININET.dll c:\windows\system32\AcSignIcon.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-04-20 16:44:03 ComboFix-quarantined-files.txt 2011-04-20 21:44 ComboFix2.txt 2011-04-19 23:26 ComboFix3.txt 2011-04-18 10:28 ComboFix4.txt 2011-04-16 21:22 . Pre-Run: 147,550,519,296 bytes free Post-Run: 147,575,840,768 bytes free . - - End Of File - - 67349410673FEE32251D43417F9E444A
  8. Beau
    I was able to run combofix under my profile. Here's the results ComboFix 11-04-19.01 - Fred 04/19/2011 18:20:16.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2943.2068 [GMT -5:00] Running from: c:\documents and settings\Fred\Desktop\Iexplorer.com AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((( Files Created from 2011-03-19 to 2011-04-19 ))))))))))))))))))))))))))))))) . . 2011-04-18 00:49 . 2011-04-18 00:49 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3ECFEF-3380-48C1-A95D-F60D6274AD46}\MpKsle4fe38fd.sys 2011-04-17 01:05 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3ECFEF-3380-48C1-A95D-F60D6274AD46}\mpengine.dll 2011-04-16 23:40 . 2011-04-16 23:40 -------- d-----w- c:\program files\ESET 2011-04-16 23:27 . 2011-04-16 23:27 -------- d-----w- c:\documents and settings\Bonnie\Application Data\Malwarebytes 2011-04-16 23:26 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-16 23:26 . 2011-04-16 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-04-16 23:26 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-16 23:26 . 2011-04-16 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-16 22:52 . 2011-04-16 22:52 -------- d-----w- c:\documents and settings\Fred2 2011-04-06 02:05 . 2005-06-01 09:10 495616 ----a-w- c:\windows\system32\PICSDK2.dll 2011-04-06 02:05 . 2005-06-01 08:10 77824 ----a-w- c:\windows\system32\PICEntry.dll 2011-04-06 02:05 . 2005-06-01 05:10 73728 ----a-w- c:\windows\system32\PICSDK.dll 2011-04-06 02:05 . 2004-03-03 11:10 65536 ----a-w- c:\windows\system32\EPPicMgr.dll 2011-04-06 02:05 . 2004-03-03 11:10 114688 ----a-w- c:\windows\system32\EpPicPrt.dll 2011-04-06 02:05 . 2011-04-06 02:05 -------- d-----w- c:\program files\Panasonic 2011-04-06 02:04 . 2003-09-03 07:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll 2011-04-06 02:04 . 2003-09-03 07:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll 2011-04-06 02:04 . 2003-09-03 07:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll 2011-04-06 02:04 . 2003-09-03 07:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll 2011-04-06 02:04 . 2003-09-03 07:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe 2011-04-06 02:04 . 2003-09-03 07:23 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2011-04-06 02:04 . 2011-04-06 02:04 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll 2011-04-06 02:04 . 2011-04-06 02:04 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll 2011-04-06 02:04 . 2011-04-06 02:04 -------- d-----w- c:\program files\Common Files\ArcSoft 2011-04-06 02:04 . 2003-09-20 13:45 21248 ----a-w- c:\windows\system32\drivers\pfc.sys 2011-04-06 02:04 . 2005-03-16 18:45 143360 ----a-w- c:\windows\system32\PhotoBase Screen Saver.scr 2011-04-06 02:04 . 1995-08-01 09:44 212480 ----a-w- c:\windows\PCDLIB32.DLL 2011-03-24 22:13 . 2011-03-24 22:16 -------- d-----w- c:\documents and settings\Zach . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-06 00:37 . 2008-11-19 17:15 1409 ----a-w- c:\windows\Fonts\AFORM105.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\ALAMODE.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM120.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM112.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM100.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM09B.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM090.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM080.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\ADATA095.fot 2011-03-21 01:15 . 2010-06-19 02:27 81920 ----a-w- c:\windows\ALCFDRTM.VER 2011-03-15 04:05 . 2010-07-05 23:51 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-03-13 23:52 . 2010-11-11 01:04 398760 ----a-r- c:\windows\system32\cpnprt2.cid 2011-03-07 05:33 . 2010-06-09 18:56 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37 . 2002-12-31 13:00 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2002-12-31 13:00 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06 . 2002-12-31 13:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06 . 2002-12-31 13:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:06 . 2002-12-31 13:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:41 . 2002-12-31 13:00 385024 ----a-w- c:\windows\system32\html.iec 2011-02-17 13:18 . 2002-12-31 13:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2002-12-31 13:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:32 . 2010-06-10 22:30 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56 . 2002-12-31 13:00 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:53 . 2002-12-31 13:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2002-12-31 13:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33 . 2002-12-31 13:00 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33 . 2002-12-31 13:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-02 23:11 . 2010-07-04 20:09 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-02-02 07:58 . 2010-06-09 18:54 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2010-06-09 18:54 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2002-12-31 13:00 439296 ----a-w- c:\windows\system32\shimgvw.dll . . ------- Sigcheck ------- . [7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll . c:\windows\System32\regsvc.dll ... is missing !! . ((((((((((((((((((((((((((((( SnapShot@2011-04-16_21.20.34 ))))))))))))))))))))))))))))))))))))))))) . + 2010-06-11 19:14 . 2011-04-16 22:53 17685 c:\windows\system32\Lang\WzrdLang.bin - 2010-06-11 19:14 . 2011-03-24 22:14 17685 c:\windows\system32\Lang\WzrdLang.bin + 2010-06-11 19:14 . 2011-04-16 22:53 10246 c:\windows\system32\Lang\TradChin.bin - 2010-06-11 19:14 . 2011-03-24 22:14 10246 c:\windows\system32\Lang\TradChin.bin + 2010-06-11 19:14 . 2011-04-16 22:53 12264 c:\windows\system32\Lang\Thai.bin - 2010-06-11 19:14 . 2011-03-24 22:14 12264 c:\windows\system32\Lang\Thai.bin + 2010-06-11 19:14 . 2011-04-16 22:53 13565 c:\windows\system32\Lang\SWEDISH.bin - 2010-06-11 19:14 . 2011-03-24 22:14 13565 c:\windows\system32\Lang\SWEDISH.bin - 2010-06-11 19:14 . 2011-03-24 22:14 15521 c:\windows\system32\Lang\Spanish.bin + 2010-06-11 19:14 . 2011-04-16 22:53 15521 c:\windows\system32\Lang\Spanish.bin + 2010-06-11 19:14 . 2011-04-16 22:53 15530 c:\windows\system32\Lang\Russian.bin - 2010-06-11 19:14 . 2011-03-24 22:14 15530 c:\windows\system32\Lang\Russian.bin - 2010-06-11 19:14 . 2011-03-24 22:14 14672 c:\windows\system32\Lang\Portuguese.bin + 2010-06-11 19:14 . 2011-04-16 22:53 14672 c:\windows\system32\Lang\Portuguese.bin - 2010-06-11 19:14 . 2011-03-24 22:14 11441 c:\windows\system32\Lang\Korean.bin + 2010-06-11 19:14 . 2011-04-16 22:53 11441 c:\windows\system32\Lang\Korean.bin + 2010-06-11 19:14 . 2011-04-16 22:53 13377 c:\windows\system32\Lang\Japanese.bin - 2010-06-11 19:14 . 2011-03-24 22:14 13377 c:\windows\system32\Lang\Japanese.bin - 2010-06-11 19:14 . 2011-03-24 22:14 15739 c:\windows\system32\Lang\Italian.bin + 2010-06-11 19:14 . 2011-04-16 22:53 15739 c:\windows\system32\Lang\Italian.bin - 2010-06-11 19:14 . 2011-03-24 22:14 14920 c:\windows\system32\Lang\German.bin + 2010-06-11 19:14 . 2011-04-16 22:53 14920 c:\windows\system32\Lang\German.bin - 2010-06-11 19:14 . 2011-03-24 22:14 15407 c:\windows\system32\Lang\French.bin + 2010-06-11 19:14 . 2011-04-16 22:53 15407 c:\windows\system32\Lang\French.bin - 2010-06-11 19:14 . 2011-03-24 22:14 12220 c:\windows\system32\Lang\English.bin + 2010-06-11 19:14 . 2011-04-16 22:53 12220 c:\windows\system32\Lang\English.bin + 2010-06-11 19:14 . 2011-04-16 22:53 14502 c:\windows\system32\Lang\Dutch.bin - 2010-06-11 19:14 . 2011-03-24 22:14 14502 c:\windows\system32\Lang\Dutch.bin + 2010-06-11 19:14 . 2011-04-16 22:53 13851 c:\windows\system32\Lang\Danish.bin - 2010-06-11 19:14 . 2011-03-24 22:14 13851 c:\windows\system32\Lang\Danish.bin + 2010-06-11 19:14 . 2011-04-16 22:53 11835 c:\windows\system32\Lang\Arabic.bin - 2010-06-11 19:14 . 2011-03-24 22:14 11835 c:\windows\system32\Lang\Arabic.bin + 2011-04-18 00:48 . 2011-04-18 00:48 16384 c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_7cc.dat + 2011-04-18 00:48 . 2011-04-18 00:48 16384 c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_6ec.dat - 2010-06-11 19:14 . 2011-03-24 22:14 9522 c:\windows\system32\Lang\SimChin.bin + 2010-06-11 19:14 . 2011-04-16 22:53 9522 c:\windows\system32\Lang\SimChin.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-19 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016] "AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-05 274608] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Billminder.lnk - c:\quickenw\BILLMIND.EXE [2010-6-18 30208] LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2011-4-5 57344] Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2010-6-18 27136] Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Fred^Start Menu^Programs^Startup^Check for OneTouch Updates.lnk] path=c:\documents and settings\Fred\Start Menu\Programs\Startup\Check for OneTouch Updates.lnk backup=c:\windows\pss\Check for OneTouch Updates.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 16:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2010-06-19 23:06 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4183:TCP"= 4183:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R1 MpKsle4fe38fd;MpKsle4fe38fd;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3ECFEF-3380-48C1-A95D-F60D6274AD46}\MpKsle4fe38fd.sys [4/17/2011 7:49 PM 28752] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [12/31/2002 8:00 AM 14336] S1 MpKsle04a1819;MpKsle04a1819;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{358E2811-4CA3-4E21-83FF-8CBC21BD6650}\MpKsle04a1819.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{358E2811-4CA3-4E21-83FF-8CBC21BD6650}\MpKsle04a1819.sys [?] S1 MpKsle2a75a25;MpKsle2a75a25;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA60671F-C88C-41AA-986F-6490C8993877}\MpKsle2a75a25.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA60671F-C88C-41AA-986F-6490C8993877}\MpKsle2a75a25.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/19/2010 8:56 PM 135664] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSLE4FE38FD . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] . 2011-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 01:56] . 2011-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 01:56] . 2011-04-18 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26] . 2011-04-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-19 c:\windows\Tasks\User_Feed_Synchronization-{9DA549B8-356D-49D4-B335-757A58E8148D}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://my.yahoo.com/ uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch uInternet Settings,ProxyOverride = *.local IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html DPF: {24075344-C216-4EDF-B001-D2147ACC9883} - file:///C:/Win2000/Content/cabs/alaWeb.CAB DPF: {AED6797A-D608-11D4-89D2-00105AA3C57F} - file:///C:/Win2000/Content/cabs/alaGrid.CAB . . ------- File Associations ------- . .scr=DWGTrueViewScriptFile . - - - - ORPHANS REMOVED - - - - . WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-19 18:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(4568) c:\windows\system32\WININET.dll c:\windows\system32\AcSignIcon.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\progra~1\WINDOW~2\wmpband.dll c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . - - - - - - - > 'explorer.exe'(3132) c:\windows\system32\WININET.dll c:\windows\system32\AcSignIcon.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . - - - - - - - > 'explorer.exe'(4776) c:\windows\system32\WININET.dll c:\windows\system32\AcSignIcon.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-04-19 18:26:38 ComboFix-quarantined-files.txt 2011-04-19 23:26 ComboFix2.txt 2011-04-18 10:28 ComboFix3.txt 2011-04-16 21:22 . Pre-Run: 147,581,014,016 bytes free Post-Run: 147,664,715,776 bytes free . - - End Of File - - 1CF37048D6FD84E7DA2A596EB2AC4D28
  9. Beau
    exeHelper by Raktor Build 20100414 Run at 18:07:50 on 04/19/11 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- --------------------------------------------------------------------------------------------------------- This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 04/19/2011 at 18:10:34. Operating System: Microsoft Windows XP Processes terminated by Rkill or while it was running: Rkill completed on 04/19/2011 at 18:10:39.
  10. Beau
    ComboFix 11-04-17.02 - Bonnie 04/18/2011 5:21.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2943.2136 [GMT -5:00] Running from: c:\documents and settings\Bonnie\Desktop\Iexplorer.com AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((( Files Created from 2011-03-18 to 2011-04-18 ))))))))))))))))))))))))))))))) . . 2011-04-18 00:49 . 2011-04-18 00:49 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3ECFEF-3380-48C1-A95D-F60D6274AD46}\MpKsle4fe38fd.sys 2011-04-17 01:05 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3ECFEF-3380-48C1-A95D-F60D6274AD46}\mpengine.dll 2011-04-16 23:40 . 2011-04-16 23:40 -------- d-----w- c:\program files\ESET 2011-04-16 23:27 . 2011-04-16 23:27 -------- d-----w- c:\documents and settings\Bonnie\Application Data\Malwarebytes 2011-04-16 23:26 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-16 23:26 . 2011-04-16 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-04-16 23:26 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-16 23:26 . 2011-04-16 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-16 22:52 . 2011-04-16 22:52 -------- d-----w- c:\documents and settings\Fred2 2011-04-06 02:05 . 2005-06-01 09:10 495616 ----a-w- c:\windows\system32\PICSDK2.dll 2011-04-06 02:05 . 2005-06-01 08:10 77824 ----a-w- c:\windows\system32\PICEntry.dll 2011-04-06 02:05 . 2005-06-01 05:10 73728 ----a-w- c:\windows\system32\PICSDK.dll 2011-04-06 02:05 . 2004-03-03 11:10 65536 ----a-w- c:\windows\system32\EPPicMgr.dll 2011-04-06 02:05 . 2004-03-03 11:10 114688 ----a-w- c:\windows\system32\EpPicPrt.dll 2011-04-06 02:05 . 2011-04-06 02:05 -------- d-----w- c:\program files\Panasonic 2011-04-06 02:04 . 2003-09-03 07:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll 2011-04-06 02:04 . 2003-09-03 07:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll 2011-04-06 02:04 . 2003-09-03 07:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll 2011-04-06 02:04 . 2003-09-03 07:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll 2011-04-06 02:04 . 2003-09-03 07:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe 2011-04-06 02:04 . 2003-09-03 07:23 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2011-04-06 02:04 . 2011-04-06 02:04 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll 2011-04-06 02:04 . 2011-04-06 02:04 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll 2011-04-06 02:04 . 2011-04-06 02:04 -------- d-----w- c:\program files\Common Files\ArcSoft 2011-04-06 02:04 . 2003-09-20 13:45 21248 ----a-w- c:\windows\system32\drivers\pfc.sys 2011-04-06 02:04 . 2005-03-16 18:45 143360 ----a-w- c:\windows\system32\PhotoBase Screen Saver.scr 2011-04-06 02:04 . 1995-08-01 09:44 212480 ----a-w- c:\windows\PCDLIB32.DLL 2011-03-24 22:13 . 2011-03-24 22:16 -------- d-----w- c:\documents and settings\Zach . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-06 00:37 . 2008-11-19 17:15 1409 ----a-w- c:\windows\Fonts\AFORM105.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\ALAMODE.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM120.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM112.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM100.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM09B.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM090.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\AFORM080.fot 2011-04-06 00:37 . 1995-12-01 18:01 1409 ----a-w- c:\windows\Fonts\ADATA095.fot 2011-03-21 01:15 . 2010-06-19 02:27 81920 ----a-w- c:\windows\ALCFDRTM.VER 2011-03-15 04:05 . 2010-07-05 23:51 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-03-13 23:52 . 2010-11-11 01:04 398760 ----a-r- c:\windows\system32\cpnprt2.cid 2011-03-07 05:33 . 2010-06-09 18:56 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37 . 2002-12-31 13:00 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2002-12-31 13:00 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06 . 2002-12-31 13:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06 . 2002-12-31 13:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:06 . 2002-12-31 13:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:41 . 2002-12-31 13:00 385024 ----a-w- c:\windows\system32\html.iec 2011-02-17 13:18 . 2002-12-31 13:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2002-12-31 13:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:32 . 2010-06-10 22:30 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56 . 2002-12-31 13:00 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:53 . 2002-12-31 13:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2002-12-31 13:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33 . 2002-12-31 13:00 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33 . 2002-12-31 13:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-02 23:11 . 2010-07-04 20:09 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-02-02 07:58 . 2010-06-09 18:54 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2010-06-09 18:54 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2002-12-31 13:00 439296 ----a-w- c:\windows\system32\shimgvw.dll . . ------- Sigcheck ------- . [7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll . c:\windows\System32\regsvc.dll ... is missing !! . ((((((((((((((((((((((((((((( SnapShot@2011-04-16_21.20.34 ))))))))))))))))))))))))))))))))))))))))) . + 2010-06-11 19:14 . 2011-04-16 22:53 17685 c:\windows\system32\Lang\WzrdLang.bin - 2010-06-11 19:14 . 2011-03-24 22:14 17685 c:\windows\system32\Lang\WzrdLang.bin + 2010-06-11 19:14 . 2011-04-16 22:53 10246 c:\windows\system32\Lang\TradChin.bin - 2010-06-11 19:14 . 2011-03-24 22:14 10246 c:\windows\system32\Lang\TradChin.bin + 2010-06-11 19:14 . 2011-04-16 22:53 12264 c:\windows\system32\Lang\Thai.bin - 2010-06-11 19:14 . 2011-03-24 22:14 12264 c:\windows\system32\Lang\Thai.bin + 2010-06-11 19:14 . 2011-04-16 22:53 13565 c:\windows\system32\Lang\SWEDISH.bin - 2010-06-11 19:14 . 2011-03-24 22:14 13565 c:\windows\system32\Lang\SWEDISH.bin - 2010-06-11 19:14 . 2011-03-24 22:14 15521 c:\windows\system32\Lang\Spanish.bin + 2010-06-11 19:14 . 2011-04-16 22:53 15521 c:\windows\system32\Lang\Spanish.bin + 2010-06-11 19:14 . 2011-04-16 22:53 15530 c:\windows\system32\Lang\Russian.bin - 2010-06-11 19:14 . 2011-03-24 22:14 15530 c:\windows\system32\Lang\Russian.bin - 2010-06-11 19:14 . 2011-03-24 22:14 14672 c:\windows\system32\Lang\Portuguese.bin + 2010-06-11 19:14 . 2011-04-16 22:53 14672 c:\windows\system32\Lang\Portuguese.bin - 2010-06-11 19:14 . 2011-03-24 22:14 11441 c:\windows\system32\Lang\Korean.bin + 2010-06-11 19:14 . 2011-04-16 22:53 11441 c:\windows\system32\Lang\Korean.bin + 2010-06-11 19:14 . 2011-04-16 22:53 13377 c:\windows\system32\Lang\Japanese.bin - 2010-06-11 19:14 . 2011-03-24 22:14 13377 c:\windows\system32\Lang\Japanese.bin - 2010-06-11 19:14 . 2011-03-24 22:14 15739 c:\windows\system32\Lang\Italian.bin + 2010-06-11 19:14 . 2011-04-16 22:53 15739 c:\windows\system32\Lang\Italian.bin - 2010-06-11 19:14 . 2011-03-24 22:14 14920 c:\windows\system32\Lang\German.bin + 2010-06-11 19:14 . 2011-04-16 22:53 14920 c:\windows\system32\Lang\German.bin - 2010-06-11 19:14 . 2011-03-24 22:14 15407 c:\windows\system32\Lang\French.bin + 2010-06-11 19:14 . 2011-04-16 22:53 15407 c:\windows\system32\Lang\French.bin - 2010-06-11 19:14 . 2011-03-24 22:14 12220 c:\windows\system32\Lang\English.bin + 2010-06-11 19:14 . 2011-04-16 22:53 12220 c:\windows\system32\Lang\English.bin + 2010-06-11 19:14 . 2011-04-16 22:53 14502 c:\windows\system32\Lang\Dutch.bin - 2010-06-11 19:14 . 2011-03-24 22:14 14502 c:\windows\system32\Lang\Dutch.bin + 2010-06-11 19:14 . 2011-04-16 22:53 13851 c:\windows\system32\Lang\Danish.bin - 2010-06-11 19:14 . 2011-03-24 22:14 13851 c:\windows\system32\Lang\Danish.bin + 2010-06-11 19:14 . 2011-04-16 22:53 11835 c:\windows\system32\Lang\Arabic.bin - 2010-06-11 19:14 . 2011-03-24 22:14 11835 c:\windows\system32\Lang\Arabic.bin + 2011-04-18 00:48 . 2011-04-18 00:48 16384 c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_7cc.dat + 2011-04-18 00:48 . 2011-04-18 00:48 16384 c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_6ec.dat - 2010-06-11 19:14 . 2011-03-24 22:14 9522 c:\windows\system32\Lang\SimChin.bin + 2010-06-11 19:14 . 2011-04-16 22:53 9522 c:\windows\system32\Lang\SimChin.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-19 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016] "AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-05 274608] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Billminder.lnk - c:\quickenw\BILLMIND.EXE [2010-6-18 30208] LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2011-4-5 57344] Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2010-6-18 27136] Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Fred^Start Menu^Programs^Startup^Check for OneTouch Updates.lnk] path=c:\documents and settings\Fred\Start Menu\Programs\Startup\Check for OneTouch Updates.lnk backup=c:\windows\pss\Check for OneTouch Updates.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 16:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2010-06-19 23:06 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4147:TCP"= 4147:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R1 MpKsle4fe38fd;MpKsle4fe38fd;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D3ECFEF-3380-48C1-A95D-F60D6274AD46}\MpKsle4fe38fd.sys [4/17/2011 7:49 PM 28752] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [12/31/2002 8:00 AM 14336] S1 MpKsle04a1819;MpKsle04a1819;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{358E2811-4CA3-4E21-83FF-8CBC21BD6650}\MpKsle04a1819.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{358E2811-4CA3-4E21-83FF-8CBC21BD6650}\MpKsle04a1819.sys [?] S1 MpKsle2a75a25;MpKsle2a75a25;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA60671F-C88C-41AA-986F-6490C8993877}\MpKsle2a75a25.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA60671F-C88C-41AA-986F-6490C8993877}\MpKsle2a75a25.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/19/2010 8:56 PM 135664] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSLE4FE38FD . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] . 2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 01:56] . 2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 01:56] . 2011-04-18 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26] . 2011-04-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-1801674531-682003330-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-1801674531-682003330-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-18 c:\windows\Tasks\User_Feed_Synchronization-{9DA549B8-356D-49D4-B335-757A58E8148D}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://my.yahoo.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html DPF: {24075344-C216-4EDF-B001-D2147ACC9883} - file:///C:/Win2000/Content/cabs/alaWeb.CAB DPF: {AED6797A-D608-11D4-89D2-00105AA3C57F} - file:///C:/Win2000/Content/cabs/alaGrid.CAB . . ------- File Associations ------- . .scr=DWGTrueViewScriptFile . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-18 05:26 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1428) c:\windows\system32\WININET.dll c:\windows\system32\AcSignIcon.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . - - - - - - - > 'explorer.exe'(2264) c:\windows\system32\WININET.dll c:\windows\system32\AcSignIcon.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-04-18 05:28:46 ComboFix-quarantined-files.txt 2011-04-18 10:28 ComboFix2.txt 2011-04-16 21:22 . Pre-Run: 147,700,350,976 bytes free Post-Run: 147,734,368,256 bytes free . - - End Of File - - 993E29D6EEF72AD11BA911B325A5E98A
  11. Beau
    Matt, combofix starts but then a window opens and asks what program to use to open the file. Then I can't close the "Open with" window.
  12. Beau
    aswMBR version 0.9.4 Copyright© 2011 AVAST Software Run date: 2011-04-17 06:54:27 ----------------------------- 06:54:27.000 OS Version: Windows 5.1.2600 Service Pack 3 06:54:27.000 Number of processors: 2 586 0x403 06:54:27.000 ComputerName: MINE-E06B998C2B UserName: Bonnie 06:54:28.609 Initialize success 06:54:33.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 06:54:33.218 Disk 0 Vendor: Maxtor_6B200M0 BANC1B10 Size: 190782MB BusType: 3 06:54:35.218 Disk 0 MBR read successfully 06:54:35.218 Disk 0 MBR scan 06:54:37.218 Disk 0 scanning sectors +390700800 06:54:37.234 Disk 0 scanning C:\WINDOWS\system32\drivers 06:54:41.453 Service scanning 06:54:42.390 Disk 0 trace - called modules: 06:54:42.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS 06:54:42.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3fcab8] 06:54:42.406 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000061[0x8a45f3b8] 06:54:42.406 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a3ffd98] 06:54:42.406 Scan finished successfully
  13. Beau
    C:\Documents and Settings\Fred\Application Data\Sun\Java\Deployment\cache\6.0\57\4ed53739-64f5111f a variant of Win32/Kryptik.MRQ trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Documents and Settings\Fred\Local Settings\Application Data\qog.exe.vir a variant of Win32/Kryptik.MRQ trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{C723B882-D103-4993-A591-C1988299F44F}\RP447\A0038187.exe a variant of Win32/Kryptik.MRQ trojan cleaned by deleting - quarantined
  14. Beau
    Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6377 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/16/2011 6:36:24 PM mbam-log-2011-04-16 (18-36-24).txt Scan type: Quick scan Objects scanned: 200717 Time elapsed: 6 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  15. Beau
    Mine, so I just did it on her's and it ran OK. I'll complete your instructions now. Thank you.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.