Jump to content

Tadcat

Members
  • Posts

    16
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you so much. I'm sorry I am so confused -- moved=removed as well as deleted=removed as well as quarantined=removed -- I don't know if I will ever understand the terminology, let alone why it takes so many different scans to find things. I swear I will never know which antivirus to purchase and if any computer is ever fully protected. Ack Thank you so very very much!
  2. I'm home now--just turned on the computer so I don't know if there is any weird activity on my computer--- are there steps I need to take to get rid of the trojans that showed up in those scans? Thanks
  3. Here is the log file from Dr Web CureIt-- Image Plugin.msi\stream001;C:\WINDOWS\Downloaded Installations\{BF0B2E03-DCF8-42C1-BA3E-2FAC8CFE11ED}\Image Plugin.msi;Trojan.MulDrop.3419;; Image Plugin.msi;C:\WINDOWS\Downloaded Installations\{BF0B2E03-DCF8-42C1-BA3E-2FAC8CFE11ED};Container contains infected objects;Moved.; 270814e.msi\stream000;C:\WINDOWS\Installer\270814e.msi;Trojan.MulDrop.3419;; 270814e.msi;C:\WINDOWS\Installer;Container contains infected objects;Moved.; I never got an option to "cure" anything-- even though I followed your directions to the letter. There was no "additional context menu" that opened :-( And no place to "click 'yes to all' to cure/move files". I believe the report showed that the two folders were moved--but the other two things didn't say that they were moved (Image Plugin.msi\stream001;C:\WINDOWS\Downloaded Installations\{BF0B2E03-DCF8-42C1-BA3E-2FAC8CFE11ED}\Image Plugin.msi;Trojan.MulDrop.3419) and (270814e.msi\stream000;C:\WINDOWS\Installer\270814e.msi;Trojan.MulDrop.3419) So do these scans today show that I have two different trojans on this system? Ack! Thanks -- I will be out most of the day on Friday but I plan to be home in the evening.
  4. Okay :-) I was able to download the active x after I booted in safe mode with networking--- then I rebooted and was able to run the scan (I couldn't see the options to run while in safe mode). Here is the log-- C:\Qoobox\Quarantine\C\Documents and Settings\Amy\Local Settings\Application Data\ClipCommonIde\eventPathMgmt.dll.vir a variant of Win32/Sefnit.AL trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\Process.exe.vir Win32/PrcView application cleaned by deleting - quarantined C:\System Volume Information\_restore{F0EDFF1C-1F33-40B2-8C4E-97F5DC1A69A7}\RP1\A0000020.dll a variant of Win32/Sefnit.AL trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{F0EDFF1C-1F33-40B2-8C4E-97F5DC1A69A7}\RP1\A0000022.exe Win32/PrcView application cleaned by deleting - quarantined
  5. Argh Grrr stomp stomp stomp. I "disabled" all of the "active x add-ons" and tried again-- the same thing happened. Then I went in and disabled the one remaining "browser help object" and tried again-- now the "accept the terms and conditions" window just keeps repeating itself. I'll keep searching for an answer and hopefully I can make that scan work.
  6. After I accept "terms of use" and the pop up window comes up-- I get the following message from Internet Explorer-- " Internet Explorer has closed this webpage to help protect your computer A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage. What you can do: Go to your home page Try to return to eset.com More information Windows Data Execution Prevention detected an add-on trying to use system memory incorrectly. This can be caused by a malfunction or a malicious add-on. Other things you can do: Go online to learn about the Data Execution Prevention (DEP) security feature" I assume I don't have some setting correct somewhere.
  7. Here is the log-- All processes killed ========== FILES ========== C:\Documents and Settings\Amy\My Documents\~WRD1863.tmp moved successfully. C:\Documents and Settings\Amy\My Documents\~WRD2037.tmp moved successfully. C:\Documents and Settings\Amy\My Documents\~WRL0001.tmp moved successfully. C:\Documents and Settings\Amy\My Documents\~WRL0003.tmp moved successfully. C:\Documents and Settings\Amy\My Documents\~WRL0004.tmp moved successfully. C:\Documents and Settings\Amy\My Documents\~WRL0114.tmp moved successfully. C:\Documents and Settings\Amy\My Documents\~WRL2984.tmp moved successfully. C:\WINDOWS\003415_.tmp moved successfully. C:\WINDOWS\DUMP5f17.tmp moved successfully. C:\WINDOWS\msdownld.tmp folder moved successfully. C:\WINDOWS\System32\CONFIG.TMP moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Admin ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 13689532 bytes User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: All Users User: Amy ->Temp folder emptied: 2692178 bytes ->Temporary Internet Files folder emptied: 46602534 bytes ->Java cache emptied: 7140 bytes ->Flash cache emptied: 17804 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 348 bytes User: LocalService ->Temp folder emptied: 65748 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16867 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 16950 bytes Total Files Cleaned = 60.00 mb [EMPTYFLASH] User: Admin User: Administrator User: All Users User: Amy ->Flash cache emptied: 0 bytes User: Default User User: Guest ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.17.3 log created on 12142010_095224 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  8. OTL.txt log-- OTL logfile created on: 12/13/2010 6:37:28 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Amy\Desktop\malwaredec10 Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free Paging file location(s): C:\pagefile.sys 1512 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.05 Gb Total Space | 39.93 Gb Free Space | 26.79% Space Free | Partition Type: NTFS Computer Name: AMYHOMENOVIS | User Name: Amy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Amy\Desktop\malwaredec10\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit) PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC) PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC) PRC - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) PRC - C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\WINDOWS\system32\spool\drivers\W32X86\3\CAPM3SWK.EXE (CANON INC.) PRC - C:\WINDOWS\system32\CAPM3RSK.EXE (CANON INC.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Amy\Desktop\malwaredec10\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msacm32.dll (Microsoft Corporation) MOD - C:\WINDOWS\AppPatch\acgenral.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LexBceS) -- C:\WINDOWS\System32\LEXBCES.EXE File not found SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit) SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3001.dll (NOS Microsystems Ltd.) SRV - (GoToMyPC) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC) SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\DOCUME~1\Amy\LOCALS~1\Temp\catchme.sys File not found DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola) DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys () DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (WISTechVIDCAP) -- C:\WINDOWS\system32\drivers\wisgostrm.sys (Pinnacle Systems) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH) DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH) DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider) DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.) DRV - (RapidPortM3) -- C:\WINDOWS\system32\drivers\CAPM3LP.SYS (CANON INC.) DRV - (asc) -- C:\WINDOWS\System32\drivers\ASC.SYS (Advanced System Products, Inc.) DRV - (DMX3191) -- C:\WINDOWS\System32\drivers\DMX3191.SYS (Microsoft Corporation) DRV - (UDNT) -- C:\WINDOWS\System32\drivers\udnt.sys () DRV - (AEC671X) -- C:\WINDOWS\System32\drivers\AEC671X.SYS (Acard Technology Corp.) DRV - (ATMhelpr) -- C:\WINDOWS\System32\drivers\ATMHELPR.SYS (Adobe Systems Incorporated) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/14 08:47:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/30 17:57:18 | 000,000,000 | ---D | M] O1 HOSTS File: ([2010/12/10 11:02:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - No CLSID value found. O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider) O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation) O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.) O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC) O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe () O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: intuit.com ([community] https in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/a/f...tualEarth3D.cab (Reg Error: Key error.) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab (CKAVWebScan Object) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.0.6.5.cab (DownloadManager Control) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab (SysData Class) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1176312989750 (MUWebControl Class) O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab (WScanCtl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://webcams.mtu.edu/webcam2/AxisCamControl.ocx (CamImage Class) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} http://entriq.vo.llnwd.net/o1/NBCUniversal...eck_1_0_0_4.cab (CentrinoCheck Control) O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} http://entriq.vo.llnwd.net/o1/NBCUniversal...0_15_Silent.cab (Reg Error: Key error.) O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe (Virtools WebPlayer Class) O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} http://entriq.vo.llnwd.net/o1/NBCUniversal...sal_1_0_0_3.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Amy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Amy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/04/22 21:09:32 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/12/13 11:29:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/12/10 10:54:11 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/12/10 10:45:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/12/10 10:45:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/12/10 10:45:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/12/10 10:45:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/12/10 10:43:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/12/10 10:42:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/12/07 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy\Desktop\malwaredec10 [2010/12/07 20:25:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Amy\Recent [2010/12/02 18:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy\Local Settings\Application Data\ClipCommonIde [7 C:\Documents and Settings\Amy\My Documents\*.tmp files -> C:\Documents and Settings\Amy\My Documents\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/12/13 18:11:48 | 000,000,519 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI [2010/12/13 18:10:10 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Amy\Desktop\Microsoft Word.lnk [2010/12/13 18:08:50 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk [2010/12/13 17:48:13 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Amy\Desktop\Microsoft Excel.lnk [2010/12/13 11:56:39 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Amy\My Documents\vincephone.doc [2010/12/13 09:50:09 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{12EF49A8-3980-49E6-87E5-ACB6B01832EF}.job [2010/12/13 09:49:22 | 000,441,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/12/13 09:49:22 | 000,071,700 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/12/13 09:45:27 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/12/13 09:45:15 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2010/12/13 09:45:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/12/10 11:02:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/12/10 10:54:21 | 000,000,355 | RHS- | M] () -- C:\boot.ini [2010/12/09 21:12:34 | 000,000,775 | ---- | M] () -- C:\WINDOWS\OPLIMIT.INI [2010/12/08 21:12:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Amy\defogger_reenable [2010/12/08 20:50:49 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/12/07 22:59:57 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI [2010/12/07 22:59:57 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/12/07 19:08:45 | 000,000,245 | ---- | M] () -- C:\Boot.bak [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/11/18 17:43:57 | 000,148,480 | ---- | M] () -- C:\albioncatalog2011sp.xls [7 C:\Documents and Settings\Amy\My Documents\*.tmp files -> C:\Documents and Settings\Amy\My Documents\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/12/13 18:08:50 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk [2010/12/13 11:53:04 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Amy\My Documents\vincephone.doc [2010/12/10 10:54:21 | 000,000,245 | ---- | C] () -- C:\Boot.bak [2010/12/10 10:54:15 | 000,260,272 | RHS- | C] () -- C:\cmldr [2010/12/10 10:45:44 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/12/10 10:45:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/12/10 10:45:44 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/12/10 10:45:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/12/10 10:45:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/12/08 21:12:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Amy\defogger_reenable [2010/11/18 17:43:57 | 000,148,480 | ---- | C] () -- C:\albioncatalog2011sp.xls [2010/10/09 17:24:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Amy\Local Settings\Application Data\housecall.guid.cache [2010/07/06 21:15:47 | 001,939,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/07/06 18:56:03 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\D9E905DCC9.sys [2010/07/06 18:56:00 | 000,005,018 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2009/10/15 16:14:12 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2009/08/12 14:08:45 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2008/07/22 22:29:58 | 000,000,519 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2008/07/22 22:29:58 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2008/07/22 22:29:15 | 000,000,229 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2008/07/22 22:29:15 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2008/07/22 22:26:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL [2008/07/22 22:26:41 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI [2008/07/22 22:26:38 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini [2008/07/22 22:26:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2008/05/28 07:20:44 | 000,037,203 | ---- | C] () -- C:\Documents and Settings\Amy\Application Data\Comma Separated Values (DOS).ADR [2007/12/14 15:30:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007/10/05 09:55:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll [2007/06/10 14:08:52 | 000,000,019 | ---- | C] () -- C:\WINDOWS\geo.ini [2007/05/31 13:40:59 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll [2007/05/30 20:38:27 | 000,000,165 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI [2007/05/12 10:41:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys [2007/04/22 21:13:37 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL [2007/04/22 20:37:15 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll [2007/04/22 20:37:14 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll [2007/04/22 20:37:14 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll [2007/04/22 20:37:14 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll [2007/04/22 20:37:14 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll [2007/03/22 20:32:59 | 000,006,932 | ---- | C] () -- C:\WINDOWS\System32\glscan.sys [2007/03/22 20:32:54 | 000,076,260 | ---- | C] () -- C:\WINDOWS\System32\drivers\udnt.sys [2007/02/26 13:07:31 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/02/25 22:18:13 | 000,007,688 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2007/02/25 22:18:04 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2007/02/19 16:01:11 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll [2007/02/19 16:01:11 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll [2007/02/19 12:32:33 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini [2006/12/18 12:03:07 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini [2006/12/18 10:06:29 | 000,001,289 | ---- | C] () -- C:\WINDOWS\VFO.INI [2006/11/06 17:49:36 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini [2006/11/06 13:25:15 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Amy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/10/19 10:04:22 | 000,000,202 | ---- | C] () -- C:\WINDOWS\ppdrv.ini [2006/10/19 10:02:04 | 000,000,775 | ---- | C] () -- C:\WINDOWS\OPLIMIT.INI [2006/10/19 09:59:10 | 000,000,198 | ---- | C] () -- C:\WINDOWS\KPCMS.INI [2006/09/10 16:24:50 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL [2006/05/13 14:07:31 | 000,000,519 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI [2006/01/11 18:19:29 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2005/12/23 23:47:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/12/19 21:39:52 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Amy\Local Settings\Application Data\fusioncache.dat [2005/12/02 08:30:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/12/01 18:11:14 | 000,000,138 | ---- | C] () -- C:\WINDOWS\qawin32.INI [2005/12/01 17:07:21 | 000,000,504 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/12/01 16:39:58 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2005/12/01 10:13:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005/07/29 13:38:24 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll [1999/01/22 00:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== LOP Check ========== [2009/05/06 15:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2010/04/02 10:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CitrixLogs [2009/08/12 14:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES [2007/01/03 10:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle [2006/12/17 18:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio [2009/10/15 16:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2008/11/03 21:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate [2007/05/30 20:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolidDocuments [2009/08/12 16:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10 [2010/07/09 18:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2007/10/05 09:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO [2008/01/16 09:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\Amazon [2006/06/01 20:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\Argali [2007/04/28 06:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\Costco Photo Viewer US [2010/03/13 14:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\Facebook [2008/09/23 11:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\FileZilla [2009/12/07 13:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\GARMIN [2009/08/24 16:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\Image Zone Express [2007/11/11 21:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\MSNInstaller [2007/02/15 19:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\OfficeUpdate12 [2009/10/15 18:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\ScanSoft [2007/05/30 21:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\SolidDocuments [2009/01/17 13:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amy\Application Data\uTorrent [2010/12/13 09:45:15 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job [2010/12/13 09:50:09 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{12EF49A8-3980-49E6-87E5-ACB6B01832EF}.job ========== Purity Check ========== < End of report > Extras.txt log-- OTL Extras logfile created on: 12/13/2010 6:37:28 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Amy\Desktop\malwaredec10 Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free Paging file location(s): C:\pagefile.sys 1512 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.05 Gb Total Space | 39.93 Gb Free Space | 26.79% Space Free | Partition Type: NTFS Computer Name: AMYHOMENOVIS | User Name: Amy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- File not found "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Pinnacle\Studio 10\programs\studio.exe" = C:\Program Files\Pinnacle\Studio 10\programs\studio.exe:*:Enabled:Studio program file -- (Pinnacle Systems) "C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled: -- ( ) "C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG) "C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager -- (Intuit, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{107254A0-0ADF-11D4-9397-00D0B7020B38}" = "{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin "{18AEB406-A211-415B-8A71-BDE6CBDD734C}" = OLYMPUS Studio 2 "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1C00A3F1-6DA0-49F8-94E4-01AB6FC01033}" = Nero 7 Essentials "{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 15 "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater "{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software "{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}" = OLYMPUS Master 2 "{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10 "{459E93B6-150E-45d5-8D4B-45C66FC035FE}" = getPlus+® Download Manager for Corel "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant "{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2 "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox "{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential "{6A012D9C-2E2E-405A-B87C-E909F5297C3F}" = Studio 10 Bonus DVD "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status "{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{922D9CCA-4317-425F-9AA5-94829DF8BA6D}" = Motorola Software Update "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009 "{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0 "{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8 "{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext "{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11 "{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0 "{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update "{BE21C981-68F2-4C09-8445-0AFBBC1EAAA7}" = Motorola Phone Tools "{BE365801-FB4B-49D7-87D2-9477EE371F1C}" = D1300_Help "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C13F11D1-00BA-44DF-B626-35E1C03F85E5}" = D1300 "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter "{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}" = Brother MFL-Pro Suite "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack "{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software "{DAFCC5EF-E4D0-47EF-8E4B-168B3644A1E3}" = Garmin City Navigator North America NT 2009 Update "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch "{E2FB9D3B-9EAF-45AF-AE8B-2EE37FD57BCC}" = Motorola Phone Tools "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002 "{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard "{FDC8065B-80DE-4466-B90B-2581F6D77DFF}" = Image Plugin "1A6754C019F3AE544C346226BB63AC9BC7DACCDE" = Windows Driver Package - OLYMPUS IMAGING CORP. (OlyUsbCam) OlyUsbCam (12/28/2006 1.0.0.0) "2CFDDBA03CBE225A1FA2032FE06674F0AF0549D0" = Windows Driver Package - OLYMPUS IMAGING CORP. (OlyFirCam) OlyFirCam (06/28/2007 2.2.0.0) "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Type Manager 4.0" = Adobe Type Manager 4.0 "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.2 "CAL" = Canon Camera Access Library "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "Canon PC1200/iC D700" = Canon PC1200/iC D700 "CCleaner" = CCleaner "Coupon Printer for Windows2.0" = Coupon Printer for Windows "CSCLIB" = Canon Camera Support Core Library "DVD Shrink_is1" = DVD Shrink 3.2 "DVDFab Decrypter_is1" = DVDFab Decrypter 2.9.8.3 "DVDFab HD Decrypter_is1" = DVDFab HD Decrypter 3.1.4.0 "EOS Utility" = Canon Utilities EOS Utility "geotrainer_is1" = Geographie Trainer "HP Imaging Device Functions" = HP Imaging Device Functions 7.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0 "HPExtendedCapabilities" = HP Customer Participation Program 7.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer "Kaspersky Online Scanner" = Kaspersky Online Scanner "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PhotoStitch" = Canon Utilities PhotoStitch "PrimoPDF3.1" = PrimoPDF "proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5 "PROSet" = Intel® PRO Network Connections Drivers "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX "ST6UNST #1" = Outlook Express Quick Backup "Unlocker" = Unlocker 1.8.5 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "WIC" = Windows Imaging Component "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMCSetup" = Windows Media Connect "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/12/2010 6:21:04 PM | Computer Name = AMYHOMENOVIS | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 12/12/2010 6:21:04 PM | Computer Name = AMYHOMENOVIS | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 12/12/2010 6:21:04 PM | Computer Name = AMYHOMENOVIS | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 12/12/2010 6:21:04 PM | Computer Name = AMYHOMENOVIS | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 12/12/2010 9:22:54 PM | Computer Name = AMYHOMENOVIS | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/13/2010 6:43:55 PM | Computer Name = AMYHOMENOVIS | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 12/13/2010 6:43:55 PM | Computer Name = AMYHOMENOVIS | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 12/13/2010 6:43:55 PM | Computer Name = AMYHOMENOVIS | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 12/13/2010 6:43:55 PM | Computer Name = AMYHOMENOVIS | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 12/13/2010 6:47:40 PM | Computer Name = AMYHOMENOVIS | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks Pro 2009": Trying to process a record 114 : Portland - Checking for List Review edlist without actually being in a write transacti [ System Events ] Error - 12/10/2010 11:58:49 AM | Computer Name = AMYHOMENOVIS | Source = Service Control Manager | ID = 7031 Description = The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error - 12/10/2010 12:02:37 PM | Computer Name = AMYHOMENOVIS | Source = PlugPlayManager | ID = 11 Description = The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal. Error - 12/10/2010 4:02:49 PM | Computer Name = AMYHOMENOVIS | Source = Print | ID = 23 Description = Printer Lexmark Z52 Color Jetprinter failed to initialize because a suitable Lexmark Z52 Color Jetprinter driver could not be found. Error - 12/10/2010 4:02:56 PM | Computer Name = AMYHOMENOVIS | Source = Service Control Manager | ID = 7000 Description = The UDNT service failed to start due to the following error: %%20 Error - 12/11/2010 8:38:41 AM | Computer Name = AMYHOMENOVIS | Source = Print | ID = 23 Description = Printer Lexmark Z52 Color Jetprinter failed to initialize because a suitable Lexmark Z52 Color Jetprinter driver could not be found. Error - 12/11/2010 8:38:56 AM | Computer Name = AMYHOMENOVIS | Source = Service Control Manager | ID = 7000 Description = The UDNT service failed to start due to the following error: %%20 Error - 12/12/2010 8:41:58 AM | Computer Name = AMYHOMENOVIS | Source = Print | ID = 23 Description = Printer Lexmark Z52 Color Jetprinter failed to initialize because a suitable Lexmark Z52 Color Jetprinter driver could not be found. Error - 12/12/2010 8:42:21 AM | Computer Name = AMYHOMENOVIS | Source = Service Control Manager | ID = 7000 Description = The UDNT service failed to start due to the following error: %%20 Error - 12/13/2010 10:45:14 AM | Computer Name = AMYHOMENOVIS | Source = Print | ID = 23 Description = Printer Lexmark Z52 Color Jetprinter failed to initialize because a suitable Lexmark Z52 Color Jetprinter driver could not be found. Error - 12/13/2010 10:45:20 AM | Computer Name = AMYHOMENOVIS | Source = Service Control Manager | ID = 7000 Description = The UDNT service failed to start due to the following error: %%20 < End of report > Thanks
  9. Well--what I meant is that the majority of my searches were being redirected (unless I clicked on 'cached') and then no virus or malware has been found on my computer.
  10. Thanks--it just seems strange that it happens and then nothing can be found.
  11. I'm not sure--I haven't been searching for much lately and I can't remember what I searched for before that gave me the redirects. Did you see any sort of problem in any of my logs?
  12. That scan told me that there were no infections found. Have you seen anything out of the ordinary? TDSSKiller log--- 2010/12/10 19:16:59.0906 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40 2010/12/10 19:16:59.0906 ================================================================================ 2010/12/10 19:16:59.0906 SystemInfo: 2010/12/10 19:16:59.0906 2010/12/10 19:16:59.0906 OS Version: 5.1.2600 ServicePack: 3.0 2010/12/10 19:16:59.0906 Product type: Workstation 2010/12/10 19:16:59.0906 ComputerName: AMYHOMENOVIS 2010/12/10 19:16:59.0906 UserName: Amy 2010/12/10 19:16:59.0906 Windows directory: C:\WINDOWS 2010/12/10 19:16:59.0906 System windows directory: C:\WINDOWS 2010/12/10 19:16:59.0906 Processor architecture: Intel x86 2010/12/10 19:16:59.0906 Number of processors: 2 2010/12/10 19:16:59.0906 Page size: 0x1000 2010/12/10 19:16:59.0906 Boot type: Normal boot 2010/12/10 19:16:59.0906 ================================================================================ 2010/12/10 19:17:00.0328 Initialize success 2010/12/10 19:17:11.0656 ================================================================================ 2010/12/10 19:17:11.0656 Scan started 2010/12/10 19:17:11.0656 Mode: Manual; 2010/12/10 19:17:11.0656 ================================================================================ 2010/12/10 19:17:14.0531 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/12/10 19:17:15.0171 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/12/10 19:17:15.0843 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/12/10 19:17:16.0437 AEC671X (a61d71ad98e82ca5a3d444e7aade1571) C:\WINDOWS\System32\drivers\AEC671X.SYS 2010/12/10 19:17:16.0843 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/12/10 19:17:18.0296 ASAPIW2k (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\ASAPIW2k.sys 2010/12/10 19:17:18.0562 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\drivers\ASC.SYS 2010/12/10 19:17:19.0312 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/12/10 19:17:19.0609 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/12/10 19:17:20.0125 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/12/10 19:17:20.0390 ATMhelpr (3ef1db7f168851914517d4ed36b57c04) C:\WINDOWS\system32\drivers\ATMhelpr.sys 2010/12/10 19:17:20.0640 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/12/10 19:17:20.0875 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/12/10 19:17:21.0203 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys 2010/12/10 19:17:21.0500 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\WINDOWS\system32\Drivers\BrSerIf.sys 2010/12/10 19:17:21.0796 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\WINDOWS\system32\Drivers\BrUsbSer.sys 2010/12/10 19:17:22.0203 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/12/10 19:17:22.0515 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2010/12/10 19:17:23.0000 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/12/10 19:17:23.0296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/12/10 19:17:23.0578 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/12/10 19:17:24.0437 CO_Mon (6be1d6403727bdd8a2b2568dbe6bfb8b) C:\WINDOWS\system32\Drivers\CO_Mon.sys 2010/12/10 19:17:25.0421 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/12/10 19:17:25.0921 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/12/10 19:17:26.0437 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/12/10 19:17:26.0750 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/12/10 19:17:27.0031 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/12/10 19:17:27.0359 DMX3191 (4898050118b195dc157456da87a95046) C:\WINDOWS\System32\drivers\DMX3191.SYS 2010/12/10 19:17:27.0890 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/12/10 19:17:28.0203 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2010/12/10 19:17:28.0593 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/12/10 19:17:28.0875 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/12/10 19:17:29.0140 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/12/10 19:17:29.0390 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/12/10 19:17:29.0671 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/12/10 19:17:29.0953 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/12/10 19:17:30.0218 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/12/10 19:17:30.0500 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/12/10 19:17:30.0796 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys 2010/12/10 19:17:31.0125 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/12/10 19:17:31.0390 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/12/10 19:17:31.0984 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/12/10 19:17:32.0781 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/12/10 19:17:33.0406 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2010/12/10 19:17:34.0140 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/12/10 19:17:35.0859 IntcAzAudAddService (1a5b97b5bffde5742f4209f734c4faf0) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2010/12/10 19:17:36.0343 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/12/10 19:17:36.0609 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/12/10 19:17:36.0890 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/12/10 19:17:37.0171 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/12/10 19:17:37.0468 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/12/10 19:17:37.0781 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/12/10 19:17:38.0046 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/12/10 19:17:38.0312 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/12/10 19:17:38.0562 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/12/10 19:17:38.0875 KLIF (ade4545fe3dd94d2e44678c745477dab) C:\WINDOWS\system32\drivers\klif.sys 2010/12/10 19:17:39.0265 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/12/10 19:17:39.0609 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/12/10 19:17:40.0171 MarvinBus (269c14d512b74cc28d2812ff7d1eb066) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys 2010/12/10 19:17:40.0437 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys 2010/12/10 19:17:40.0687 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/12/10 19:17:40.0953 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/12/10 19:17:41.0234 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys 2010/12/10 19:17:41.0484 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/12/10 19:17:41.0796 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/12/10 19:17:42.0046 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/12/10 19:17:42.0640 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/12/10 19:17:43.0062 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/12/10 19:17:43.0453 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/12/10 19:17:43.0703 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/12/10 19:17:43.0984 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/12/10 19:17:44.0328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/12/10 19:17:44.0562 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/12/10 19:17:44.0812 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2010/12/10 19:17:45.0109 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/12/10 19:17:45.0406 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2010/12/10 19:17:45.0734 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/12/10 19:17:46.0031 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2010/12/10 19:17:46.0265 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/12/10 19:17:46.0531 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/12/10 19:17:46.0828 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/12/10 19:17:47.0093 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/12/10 19:17:47.0343 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/12/10 19:17:47.0656 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/12/10 19:17:47.0968 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/12/10 19:17:48.0406 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/12/10 19:17:48.0812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/12/10 19:17:49.0062 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/12/10 19:17:49.0328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/12/10 19:17:49.0609 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/12/10 19:17:49.0890 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/12/10 19:17:50.0156 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/12/10 19:17:50.0437 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/12/10 19:17:50.0968 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/12/10 19:17:51.0296 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys 2010/12/10 19:17:51.0578 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/12/10 19:17:53.0296 Point32 (3b6973d60bde757c53bb76842d31318e) C:\WINDOWS\system32\DRIVERS\point32.sys 2010/12/10 19:17:53.0625 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/12/10 19:17:53.0890 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/12/10 19:17:54.0156 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/12/10 19:17:54.0531 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/12/10 19:17:56.0031 RapidPortM3 (56cc08d938435f88abff1ecc12bdd5e3) C:\WINDOWS\system32\Drivers\CAPM3LP.SYS 2010/12/10 19:17:56.0312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/12/10 19:17:56.0562 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/12/10 19:17:56.0812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/12/10 19:17:57.0078 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/12/10 19:17:57.0390 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/12/10 19:17:57.0718 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/12/10 19:17:58.0046 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/12/10 19:17:58.0390 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/12/10 19:17:58.0703 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/12/10 19:17:59.0031 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/12/10 19:17:59.0281 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/12/10 19:17:59.0562 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/12/10 19:17:59.0828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/12/10 19:18:00.0312 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2010/12/10 19:18:00.0812 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/12/10 19:18:01.0078 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/12/10 19:18:01.0453 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/12/10 19:18:01.0781 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys 2010/12/10 19:18:02.0031 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2010/12/10 19:18:02.0265 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/12/10 19:18:02.0546 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/12/10 19:18:03.0765 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/12/10 19:18:04.0140 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/12/10 19:18:04.0515 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/12/10 19:18:04.0843 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/12/10 19:18:05.0109 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/12/10 19:18:05.0625 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/12/10 19:18:05.0937 UDNT (fd15d929b3a24c20b3b5341cae1f0552) C:\WINDOWS\system32\drivers\UDNT.sys 2010/12/10 19:18:06.0562 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/12/10 19:18:06.0953 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/12/10 19:18:07.0203 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/12/10 19:18:07.0484 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/12/10 19:18:07.0750 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/12/10 19:18:08.0015 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/12/10 19:18:08.0265 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/12/10 19:18:08.0515 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/12/10 19:18:08.0781 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/12/10 19:18:09.0265 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/12/10 19:18:09.0546 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/12/10 19:18:09.0953 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2010/12/10 19:18:10.0578 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/12/10 19:18:10.0937 WISTechVIDCAP (797454446c66ecdca790677f223d1e20) C:\WINDOWS\system32\drivers\wisgostrm.sys 2010/12/10 19:18:11.0296 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2010/12/10 19:18:11.0578 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/12/10 19:18:11.0859 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/12/10 19:18:12.0187 ================================================================================ 2010/12/10 19:18:12.0187 Scan finished 2010/12/10 19:18:12.0187 ================================================================================
  13. Here is the combo-fix.txt log ComboFix 10-12-09.04 - Amy 12/10/2010 10:56:02.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2551.2040 [GMT -5:00] Running from: c:\documents and settings\Amy\Desktop\malwaredec10\Combo-Fix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Amy\Local Settings\Application Data\ClipCommonIde\eventPathMgmt.dll c:\windows\ST6UNST.000 c:\windows\system32\dumphive.exe c:\windows\system32\gotomon.log c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 ))))))))))))))))))))))))))))))) . 2010-12-02 23:21 . 2010-12-10 16:00 -------- d-----w- c:\documents and settings\Amy\Local Settings\Application Data\ClipCommonIde . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-29 22:42 . 2010-02-10 12:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-29 22:42 . 2010-02-10 12:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-18 16:23 . 2005-12-01 22:06 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2005-12-01 22:06 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2005-12-01 22:06 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2005-12-01 22:06 953856 ----a-w- c:\windows\system32\mfc40u.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-26 95632] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2005-11-10 15473664] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-05 630784] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-11-07 65536] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-26 54672] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] c:\documents and settings\All Users\Start Menu\Programs\Startup\ QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-14 984352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC] 2009-12-15 22:13 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Canon PC1200 iC D700 Status Window.LNK] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Canon PC1200 iC D700 Status Window.LNK backup=c:\windows\pss\Canon PC1200 iC D700 Status Window.LNKCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Amy^Start Menu^Programs^Startup^UMAX VistaAccess.lnk] path=c:\documents and settings\Amy\Start Menu\Programs\Startup\UMAX VistaAccess.lnk backup=c:\windows\pss\UMAX VistaAccess.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 23:43 69632 ----a-w- c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-02-19 06:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2005-09-20 15:36 114688 ----a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] 2005-09-20 15:35 94208 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0] 2001-07-25 15:00 241714 ----a-w- c:\program files\Microsoft Money\System\Activation.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-09-06 19:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-10-19 01:05 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPodService"=3 (0x3) "LexBceS"=2 (0x2) "Apple Mobile Device"=2 (0x2) "LightScribeService"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"= R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2/19/2007 4:03 PM 4064] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 3:42 PM 156968] R2 RapidPortM3;RapidPortM3;c:\windows\system32\drivers\CAPM3LP.SYS [3/21/2007 1:46 PM 22976] S1 AEC671X;AEC671X;c:\windows\system32\drivers\aec671x.sys [3/22/2007 8:32 PM 12128] S1 DMX3191;DMX3191;c:\windows\system32\drivers\dmx3191.sys [3/22/2007 8:32 PM 17700] S2 UDNT;UDNT;c:\windows\system32\drivers\udnt.sys [3/22/2007 8:32 PM 76260] S3 nosGetPlusHelper;getPlus® Installer;c:\windows\System32\svchost.exe -k nosGetPlusHelper [12/1/2005 5:07 PM 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-12-10 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07] 2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{12EF49A8-3980-49E6-87E5-ACB6B01832EF}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig?hl=en uInternet Connection Wizard,ShellNext = iexplore Trusted Zone: intuit.com\community Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe HKCU-Run-eventPathMgmt - c:\documents and settings\Amy\Local Settings\Application Data\ClipCommonIde\eventPathMgmt.dll HKLM-Run-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe HKU-Default-Run-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe MSConfigStartUp-InCD - c:\program files\Ahead\InCD\InCD.exe MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe MSConfigStartUp-PCLEUSBTip - c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe MSConfigStartUp-SpiralFrog - c:\program files\SpiralFrog\Spiralfrog.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-10 11:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(696) c:\program files\Citrix\GoToMyPC\G2WinLogon.dll . Completion time: 2010-12-10 11:05:56 ComboFix-quarantined-files.txt 2010-12-10 16:05 Pre-Run: 42,865,180,672 bytes free Post-Run: 43,120,619,520 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut [spybotsd] timeout.old=5 - - End Of File - - 98B4FB51F8FA0700E2997C3E192E2B7A It also gave me a log.txt file-- ComboFix 10-12-09.04 - Amy 12/10/2010 10:56:02.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2551.2040 [GMT -5:00] Running from: c:\documents and settings\Amy\Desktop\malwaredec10\Combo-Fix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Amy\Local Settings\Application Data\ClipCommonIde\eventPathMgmt.dll c:\windows\ST6UNST.000 c:\windows\system32\dumphive.exe c:\windows\system32\gotomon.log c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 ))))))))))))))))))))))))))))))) . 2010-12-02 23:21 . 2010-12-10 16:00 -------- d-----w- c:\documents and settings\Amy\Local Settings\Application Data\ClipCommonIde . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-29 22:42 . 2010-02-10 12:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-29 22:42 . 2010-02-10 12:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-18 16:23 . 2005-12-01 22:06 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2005-12-01 22:06 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2005-12-01 22:06 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2005-12-01 22:06 953856 ----a-w- c:\windows\system32\mfc40u.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-26 95632] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2005-11-10 15473664] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-05 630784] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-11-07 65536] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-26 54672] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] c:\documents and settings\All Users\Start Menu\Programs\Startup\ QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-14 984352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC] 2009-12-15 22:13 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Canon PC1200 iC D700 Status Window.LNK] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Canon PC1200 iC D700 Status Window.LNK backup=c:\windows\pss\Canon PC1200 iC D700 Status Window.LNKCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Amy^Start Menu^Programs^Startup^UMAX VistaAccess.lnk] path=c:\documents and settings\Amy\Start Menu\Programs\Startup\UMAX VistaAccess.lnk backup=c:\windows\pss\UMAX VistaAccess.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 23:43 69632 ----a-w- c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-02-19 06:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2005-09-20 15:36 114688 ----a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] 2005-09-20 15:35 94208 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0] 2001-07-25 15:00 241714 ----a-w- c:\program files\Microsoft Money\System\Activation.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-09-06 19:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-10-19 01:05 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPodService"=3 (0x3) "LexBceS"=2 (0x2) "Apple Mobile Device"=2 (0x2) "LightScribeService"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"= R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2/19/2007 4:03 PM 4064] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 3:42 PM 156968] R2 RapidPortM3;RapidPortM3;c:\windows\system32\drivers\CAPM3LP.SYS [3/21/2007 1:46 PM 22976] S1 AEC671X;AEC671X;c:\windows\system32\drivers\aec671x.sys [3/22/2007 8:32 PM 12128] S1 DMX3191;DMX3191;c:\windows\system32\drivers\dmx3191.sys [3/22/2007 8:32 PM 17700] S2 UDNT;UDNT;c:\windows\system32\drivers\udnt.sys [3/22/2007 8:32 PM 76260] S3 nosGetPlusHelper;getPlus® Installer;c:\windows\System32\svchost.exe -k nosGetPlusHelper [12/1/2005 5:07 PM 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-12-10 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07] 2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{12EF49A8-3980-49E6-87E5-ACB6B01832EF}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig?hl=en uInternet Connection Wizard,ShellNext = iexplore Trusted Zone: intuit.com\community Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe HKCU-Run-eventPathMgmt - c:\documents and settings\Amy\Local Settings\Application Data\ClipCommonIde\eventPathMgmt.dll HKLM-Run-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe HKU-Default-Run-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe MSConfigStartUp-InCD - c:\program files\Ahead\InCD\InCD.exe MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe MSConfigStartUp-PCLEUSBTip - c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe MSConfigStartUp-SpiralFrog - c:\program files\SpiralFrog\Spiralfrog.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-10 11:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(696) c:\program files\Citrix\GoToMyPC\G2WinLogon.dll . Completion time: 2010-12-10 11:05:56 ComboFix-quarantined-files.txt 2010-12-10 16:05 Pre-Run: 42,865,180,672 bytes free Post-Run: 43,120,619,520 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut [spybotsd] timeout.old=5 - - End Of File - - 98B4FB51F8FA0700E2997C3E192E2B7A Thanks--
  14. Thanks so much! I attempted to disable the teatimer-- I unchecked the boxes but it never did give me an option to apply -- only that the boxes were unchecked. I did run the "reset tea timer" and it gave me an error that "the process teatimer.exe not found" and "the process spybot.exe not found." and that they must be closed. After running that-- I just uninstalled Spybot to in the hopes that the teatimer issue was gone. The Malwarebytes scan came back with no issues. Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5282 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/9/2010 5:24:34 PM mbam-log-2010-12-09 (17-24-34).txt Scan type: Quick scan Objects scanned: 172425 Time elapsed: 11 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) The DDS log-- DDS (Ver_10-12-05.01) - NTFSx86 Run by Amy at 17:25:40.20 on Thu 12/09/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2551.1999 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\WINDOWS\system32\CAPM3RSK.EXE C:\OPLIMIT\ocrawr32.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3SWK.EXE svchost.exe C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Documents and Settings\Amy\Desktop\malwaredec10\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig?hl=en uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uWindows: load=c:\oplimit\ocraware.exe BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {259F616C-A300-44F5-B04A-ED001A26C85C} - No File BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [eventPathMgmt] rundll32.exe "c:\documents and settings\amy\local settings\application data\clipcommonide\eventPathMgmt.dll",appcrtSvcs BluetoothUserEnum mRun: [RTHDCPL] RTHDCPL.EXE mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg mRun: [intelliPoint] "c:\program files\microsoft intellipoint\point32.exe" mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe" mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe" mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe" mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime dRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll Trusted Zone: intuit.com\community DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/a/f/b/afba1967-2025-49da-8356-bc4132038945/VirtualEarth3D.cab DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.0.6.5.cab DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176312989750 DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://webcams.mtu.edu/webcam2/AxisCamControl.ocx DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Nestle/Coupons.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2007-2-19 4064] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968] R2 RapidPortM3;RapidPortM3;c:\windows\system32\drivers\CAPM3LP.SYS [2007-3-21 22976] S1 AEC671X;AEC671X;c:\windows\system32\drivers\aec671x.sys [2007-3-22 12128] S1 DMX3191;DMX3191;c:\windows\system32\drivers\dmx3191.sys [2007-3-22 17700] S2 UDNT;UDNT;c:\windows\system32\drivers\udnt.sys [2007-3-22 76260] S3 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-1-15 194320] S3 nosGetPlusHelper;getPlus® Installer;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2005-12-1 14336] =============== Created Last 30 ================ 2010-12-02 23:21:46 -------- d-----w- c:\docume~1\amy\locals~1\applic~1\ClipCommonIde 2010-11-10 01:41:00 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2010-11-10 01:41:00 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2010-11-10 01:41:00 239960 ----a-w- c:\windows\system32\xactengine3_7.dll 2010-11-10 01:38:35 -------- d-----w- c:\windows\Logs ==================== Find3M ==================== 2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll ============= FINISH: 17:31:41.06 =============== Thanks so much.
  15. I do own a small business but this is my home computer that is affected. Yes, I do access my quickbooks files on this computer as well as a backup of my business system (AVM) which is located 30 miles from here. I don't currently run MBAM on my business system as I have not decided on purchasing it yet. Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.