Help with Win32 Cryptor virus [Closed], Win32 Cryptor virus |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
|
|
|
  |
 Nov 6 2009, 04:44 PM
Post
#1
|
|
|
New Member  Posts: 5 OS: windows XP  |
Hi,
I am hoping someone can help. I have the cryptor virus and can't figure out how to get rid of it. I ran combofix after I uninstalled free AVG anitvirus b/c it wouldn't work unless i did. I also ran the OTL but I have no idea what to do now. Is it fixed with combofix or is there something else i need to do? my computer is running super slow and it redirects me to other web pages when I click on a particular one. Thanks!!!! |
 |
 
|
|
Nov 6 2009, 05:44 PM
Post
#2
|
|
 GeekU Teacher  Posts: 35,115 From: Dublin OS: XP |
hi
Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.  Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:  Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply. |
|
|
|
|
Nov 6 2009, 09:55 PM
Post
#3
|
|
|
New Member Posts: 5 OS: windows XP |
Hi,
Well, I'm not sure these are the right logs...I ran the combofix & OTl....ugh! Here's what I have saved.....not sure if this is correct. OTL Extras logfile created on: 11/6/2009 2:40:50 PM - Run 1 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Kimmie\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1014.07 Mb Total Physical Memory | 471.52 Mb Available Physical Memory | 46.50% Memory free 2.38 Gb Paging File | 2.00 Gb Available in Paging File | 83.69% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 51.21 Gb Total Space | 6.71 Gb Free Space | 13.11% Space Free | Partition Type: NTFS Drive D: | 18.61 Gb Total Space | 14.23 Gb Free Space | 76.47% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KIM Current User Name: Kimmie Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1 .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found .txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE" = C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe" = C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager -- (Intuit, Inc.) "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{001AB29C-5468-4972-8D24-2EBDB2B12133}" = Camera Window DVC "{001EB665-D9EC-415E-9E13-AD2125B2B992}" = RAW Image Task 2.1 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update "{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data "{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime "{097346E0-6A51-11D1-AD16-00A0C95E0503}(SBC)" = Visual IP InSight(SBC) "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE "{11A53AF3-CAA5-4C29-887E-CCA7CEE2689B}" = Neat Mobile Scanner Driver "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy "{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare "{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy "{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12 "{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1 "{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (NR2007) "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer "{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support "{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon "{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer "{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1 "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module "{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon "{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects "{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery "{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}" = Canon PhotoRecord "{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc "{68D27126-BF6A-457D-8DD0-5F35E8D41310}" = MovieEdit Task "{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "{69D2AB07-7677-4B06-AD69-97DB81D0E326}" = Neat Mobile Scanner (Silver) Driver "{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a "{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}" = Camera Window DS "{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini "{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer "{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1 "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78B50D1D-642C-4B89-BCC7-352EAE3614D7}" = iPod for Windows 2005-02-07 "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics "{7BD1EAE4-2E08-4087-8600-44B0ACB0C887}" = NeatWorks Core Files "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting "{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections "{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1 "{856C155E-4A74-4041-B026-04F96FFD1BCD}" = ZIP Reader 8.00.0018 "{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network "{89EB3ED7-225A-412E-B048-623D502C000F}" = Camera Window MC "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English) "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext "{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies "{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine "{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter "{96172E04-BB14-45F6-A77B-8EE7A421B903}" = SAPI Wrapper "{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}" = TTS Wrapper "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009 "{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks "{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan "{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant "{9F70BF98-003C-491D-81FC-FF9792206AF0}" = iTunes "{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A38048C6-89D1-44EC-BC95-E95DD4A19B5E}" = QuarkXPress 7.2 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A4A42670-82B9-4A58-8955-20271DBBF29F}" = Neat ADF Scanner Driver "{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio "{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup "{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX "{C23F7EB0-F535-473D-BC73-59B6CD8B98B2}" = Neat Mobile Scanner 2008 Driver "{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD4D567E-44D7-4CDA-977D-C918D88FA3D9}_is1" = MemTurbo 4 "{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE325D55-FCAF-4273-BB79-069BB8747270}" = TomTom HOME "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU "{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player "{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component "{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help "{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2 "{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery "{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series "{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic "4-Card Keno" = 4-Card Keno 4 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2 "Advanced Registry Optimizer_is1" = Advanced Registry Optimizer "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem "Coupon Printer for Windows4.0" = Coupon Printer for Windows "CutePDF Writer Installation" = CutePDF Writer 2.7 "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver "Dell Game Console" = Dell Game Console "Google Desktop" = Google Desktop "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 12.0 "HP Photo & Imaging" = HP Image Zone 4.7 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0 "HPExtendedCapabilities" = HP Customer Participation Program 12.0 "HPOCR" = OCR Software by I.R.I.S. 12.0 "ie7" = Windows Internet Explorer 7 "InstallShield_{001AB29C-5468-4972-8D24-2EBDB2B12133}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX "InstallShield_{001EB665-D9EC-415E-9E13-AD2125B2B992}" = Canon RAW Image Task for ZoomBrowser EX "InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1 "InstallShield_{68D27126-BF6A-457D-8DD0-5F35E8D41310}" = Canon MovieEdit Task for ZoomBrowser EX "InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "InstallShield_{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}" = Canon Camera Window DS for ZoomBrowser EX "InstallShield_{78B50D1D-642C-4B89-BCC7-352EAE3614D7}" = iPod for Windows 2005-02-07 "InstallShield_{89EB3ED7-225A-412E-B048-623D502C000F}" = Canon Camera Window MC 5 for ZoomBrowser EX "InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library "LifeFocus - Version 7 " = LifeFocus - Version 7 "Macromedia Shockwave Player" = Macromedia Shockwave Player "MagicPDF_is1" = MagicPDF 2.0 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "NeatWorks" = NeatWorks "PROSet" = Intel® PRO Network Connections Drivers "RealPlayer 6.0" = RealPlayer Basic "Shop for HP Supplies" = Shop for HP Supplies "Spyware Doctor" = Spyware Doctor 7.0 "StreetPlugin" = Learn2 Player (Uninstall Only) "ViewpointMediaPlayer" = Viewpoint Media Player "WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell "WildTangent CDA" = WildTangent Web Driver "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "Yahoo! Toolbar" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GoToMeeting" = GoToMeeting 4.1.0.366 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/5/2009 1:01:18 PM | Computer Name = KIM | Source = Application Error | ID = 1000 Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module duzirasa.dll, version 0.0.0.0, fault address 0x0000d770. Error - 11/5/2009 4:52:55 PM | Computer Name = KIM | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 7.0.6000.16915, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 11/5/2009 4:52:55 PM | Computer Name = KIM | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 7.0.6000.16915, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 11/6/2009 5:28:24 PM | Computer Name = KIM | Source = Application Error | ID = 1000 Description = Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module jukabama.dll, version 0.0.0.0, fault address 0x0000336d. Error - 11/6/2009 5:28:26 PM | Computer Name = KIM | Source = Application Error | ID = 1000 Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module jukabama.dll, version 0.0.0.0, fault address 0x0000d770. Error - 11/6/2009 5:28:58 PM | Computer Name = KIM | Source = Winlogon | ID = 1015 Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000005. The machine must now be restarted. Error - 11/6/2009 5:32:48 PM | Computer Name = KIM | Source = Application Error | ID = 1004 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module duzirasa.dll, version 0.0.0.0, fault address 0x0000d770. Error - 11/6/2009 5:33:06 PM | Computer Name = KIM | Source = Application Error | ID = 1004 Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module duzirasa.dll, version 0.0.0.0, fault address 0x0000d770. Error - 11/6/2009 5:33:12 PM | Computer Name = KIM | Source = Application Error | ID = 1004 Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module duzirasa.dll, version 0.0.0.0, fault address 0x0000d770. Error - 11/6/2009 5:33:20 PM | Computer Name = KIM | Source = Application Error | ID = 1004 Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module jukabama.dll, version 0.0.0.0, fault address 0x0000d770. [ System Events ] Error - 11/5/2009 1:08:16 PM | Computer Name = KIM | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 11/5/2009 1:08:23 PM | Computer Name = KIM | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 11/5/2009 1:08:26 PM | Computer Name = KIM | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 11/5/2009 1:11:38 PM | Computer Name = KIM | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 11/5/2009 4:21:54 PM | Computer Name = KIM | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'jukabama.dll' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. Error - 11/6/2009 11:31:28 AM | Computer Name = KIM | Source = Service Control Manager | ID = 7034 Description = The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s). Error - 11/6/2009 11:32:33 AM | Computer Name = KIM | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: %%1056 Error - 11/6/2009 11:32:33 AM | Computer Name = KIM | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: %%1056 Error - 11/6/2009 12:21:13 PM | Computer Name = KIM | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 11/6/2009 5:33:57 PM | Computer Name = KIM | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} < End of report > OTL logfile created on: 11/6/2009 2:40:50 PM - Run 1 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Kimmie\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1014.07 Mb Total Physical Memory | 471.52 Mb Available Physical Memory | 46.50% Memory free 2.38 Gb Paging File | 2.00 Gb Available in Paging File | 83.69% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 51.21 Gb Total Space | 6.71 Gb Free Space | 13.11% Space Free | Partition Type: NTFS Drive D: | 18.61 Gb Total Space | 14.23 Gb Free Space | 76.47% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KIM Current User Name: Kimmie Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Kimmie\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools) PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit) PRC - C:\Program Files\NeatWorks\exec\NeatWorksDatabaseController.exe (The Neat Company) PRC - C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard) PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) PRC - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe (Hewlett-Packard Co.) PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) PRC - C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (Hewlett-Packard Co.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Kimmie\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\serwvdrv.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\umdmxfrm.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (sdauxservice) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools) SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit) SRV - (NeatWorksDatabaseController) -- C:\Program Files\NeatWorks\exec\NeatWorksDatabaseController.exe (The Neat Company) SRV - (MSSQL$NR2007) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (HPSLPSVC) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.) SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.) SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.) SRV - (FontCache3.0.0.0) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard) SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard) SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (ehRecvr) -- C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) SRV - (ehSched) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation) SRV - (McrdSvc) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (NetSvc) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- File not found DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (GearAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP) DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP) DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP) DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation) DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions) DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions) DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions) DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (E100B) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation) DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.) DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fptb-mdp IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/02 13:03:24 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/07 02:11:16 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/11/03 18:04:08 | 00,000,000 | ---D | M] O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [potimovot] C:\WINDOWS\System32\ninezoni.DLL File not found O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [viruwavemi] File not found O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) O4 - Startup: C:\Documents and Settings\Kimmie\Start Menu\Programs\Startup\MemTurbo.lnk = C:\Program Files\MemTurbo 4\MemTurbo.exe (SammSoft (www.sammsoft.com)) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Yahoo! Dictionary - C:\Program Files\Yahoo!\Common [2009/06/22 12:55:17 | 00,000,000 | ---D | M] O8 - Extra context menu item: Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/06/22 12:55:17 | 00,000,000 | ---D | M] O9 - Extra Button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (Yahoo! Inc.) O9 - Extra 'Tools' menuitem : Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (Yahoo! Inc.) O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (Yahoo! Inc.) O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (Yahoo! Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites) O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Ranges: me ([*] in Trusted sites) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab (Windows Live Safety Center Base Module) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1168219935578 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1168219926500 (MUWebControl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.6.0/jin...indows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai.net/7/19/7125/4058/ftp...ies/Coupons.cab (Reg Error: Key error.) O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class) O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class) O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (YAddBook Class) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (PhotosCtrl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\windows\system32\ninezoni.dll) - C:\WINDOWS\System32\ninezoni.dll File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/16 01:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/11/06 14:39:56 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kimmie\Desktop\OTL.exe [2009/11/06 13:39:32 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009/11/06 13:37:41 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/11/06 13:37:41 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/11/06 13:37:41 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/11/06 13:37:41 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/11/06 08:23:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/11/06 08:11:46 | 00,000,000 | ---D | C] -- C:\Qoobox [2009/11/06 07:48:28 | 00,000,000 | ---D | C] -- C:\Rooter$ [2009/11/06 07:46:12 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Kimmie\Desktop\Rooter.exe [2009/11/03 18:18:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kimmie\Application Data\HPAppData [2009/11/03 18:17:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG [2009/11/03 18:13:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kimmie\Application Data\HP [2009/11/03 18:02:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant [2009/11/03 17:55:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\hpoj6500e709 [2009/11/03 17:52:01 | 00,118,272 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpf3l082.dll [2009/11/03 17:52:00 | 00,271,704 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll [2009/11/03 17:50:45 | 00,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll [2009/11/03 17:50:44 | 00,364,544 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll [2009/11/03 17:50:44 | 00,294,912 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst11.dll [2009/11/03 17:50:43 | 00,966,656 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpwtiop4.dll [2009/11/03 17:50:42 | 00,741,376 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpwwiax5.dll [2009/11/03 17:09:08 | 00,000,000 | ---D | C] -- C:\$AVG [2009/11/03 17:08:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar [2009/11/03 17:07:30 | 00,000,000 | ---D | C] -- C:\Program Files\AVG [2009/11/03 17:06:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel [2009/11/03 16:10:09 | 00,000,000 | ---D | C] -- C:\SafetyCenter [2009/11/02 13:04:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kimmie\Desktop\dave [2009/10/27 22:28:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kimmie\Application Data\HpUpdate [2009/10/27 22:28:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard [2009/10/27 21:45:23 | 01,636,304 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll [2009/10/27 21:45:23 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll [2009/10/27 21:33:50 | 00,229,304 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys [2009/10/27 21:33:48 | 00,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2009/10/27 21:33:48 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys [2009/10/27 21:33:35 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys [2009/10/27 21:33:18 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor [2009/10/27 21:33:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2009/10/27 21:33:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kimmie\Application Data\PC Tools [2009/10/27 21:33:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools [2009/10/27 21:33:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/10/27 16:34:49 | 02,292,736 | ---- | C] (Sammsoft ) -- C:\Documents and Settings\Kimmie\Desktop\arolicense.exe [2009/10/27 07:55:45 | 04,165,792 | ---- | C] (Sammsoft ) -- C:\Documents and Settings\Kimmie\Desktop\AROTrial_mt.exe [2009/10/27 07:25:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kimmie\Application Data\Sammsoft [2009/10/27 07:25:03 | 00,000,000 | ---D | C] -- C:\Program Files\MemTurbo 4 [2009/10/27 07:24:59 | 00,000,000 | ---D | C] -- C:\Program Files\Advanced Registry Optimizer [2009/10/27 06:56:18 | 00,000,000 | ---D | C] -- C:\Program Files\uqxrqw [2009/10/15 02:10:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB970892_ENU [2009/10/12 19:23:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kimmie\My Documents\Loan Modification [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\Documents and Settings\Kimmie\My Documents\*.tmp files -> C:\Documents and Settings\Kimmie\My Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/11/06 14:39:49 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kimmie\Desktop\OTL.exe [2009/11/06 14:26:09 | 00,000,688 | ---- | M] () -- C:\Documents and Settings\Kimmie\Start Menu\Programs\Startup\MemTurbo.lnk [2009/11/06 14:25:59 | 00,000,327 | ---- | M] () -- C:\WINDOWS\system.ini [2009/11/06 14:25:39 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/11/06 14:07:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/06 14:07:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/11/06 14:07:08 | 10,634,07616 | -HS- | M] () -- C:\hiberfil.sys [2009/11/06 14:05:59 | 06,029,312 | ---- | M] () -- C:\Documents and Settings\Kimmie\ntuser.dat [2009/11/06 14:05:34 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Kimmie\ntuser.ini [2009/11/06 13:39:55 | 00,000,279 | RHS- | M] () -- C:\boot.ini [2009/11/06 13:29:06 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\zahulumu [2009/11/06 10:53:52 | 00,267,264 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009/11/06 08:07:30 | 03,562,655 | R--- | M] () -- C:\Documents and Settings\Kimmie\Desktop\ComboFix.exe [2009/11/06 07:47:52 | 00,732,912 | ---- | M] () -- C:\Documents and Settings\Kimmie\My Documents\Please Help get rid of WIN32-Cryptor Virus! [Solved].mht [2009/11/06 07:46:04 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Kimmie\Desktop\Rooter.exe [2009/11/05 21:09:37 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\MAGIK [2009/11/05 21:04:23 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\Kimmie\Desktop\Microsoft Office Excel 2003.lnk [2009/11/05 18:00:23 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{348098C7-1C2D-4CFC-9631-3033F207AD26}.job [2009/11/05 13:16:48 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Kimmie\Desktop\Microsoft Office Word 2003.lnk [2009/11/05 09:24:08 | 00,002,407 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk [2009/11/04 14:05:24 | 00,001,496 | ---- | M] () -- C:\Documents and Settings\Kimmie\Desktop\Calculator.lnk [2009/11/04 14:05:23 | 00,001,404 | ---- | M] () -- C:\Documents and Settings\Kimmie\Desktop\Media Center.lnk [2009/11/04 11:29:27 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Kimmie\My Documents\Five Crowns letter.doc [2009/11/03 18:15:04 | 00,186,295 | ---- | M] () -- C:\WINDOWS\hpwins23.dat [2009/11/03 18:12:27 | 00,001,072 | ---- | M] () -- C:\WINDOWS\win.ini [2009/11/03 18:07:49 | 00,000,215 | ---- | M] () -- C:\WINDOWS\wininit.ini [2009/11/03 18:04:39 | 00,001,818 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2009/11/03 18:01:45 | 00,001,028 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk [2009/11/03 18:00:44 | 00,001,940 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk [2009/11/03 16:38:47 | 00,594,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/11/03 16:38:47 | 00,492,386 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/11/03 16:38:47 | 00,090,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/11/02 23:40:04 | 00,000,268 | ---- | M] () -- C:\WINDOWS\tasks\Advanced Registry Optimizer.job [2009/10/30 17:01:55 | 00,001,692 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf [2009/10/30 16:57:44 | 00,023,754 | ---- | M] () -- C:\Documents and Settings\Kimmie\My Documents\hp printer order summary.pdf [2009/10/27 22:11:36 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Kimmie\My Documents\HKEY.doc [2009/10/27 21:45:13 | 00,001,647 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk [2009/10/27 21:44:14 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Kimmie\My Documents\Detect and delete other Antivirus System Pro alert files.doc [2009/10/27 21:43:43 | 00,501,760 | ---- | M] () -- C:\Documents and Settings\Kimmie\My Documents\How to delete registry entries.doc [2009/10/27 21:16:21 | 00,048,128 | ---- | M] () -- C:\Documents and Settings\Kimmie\My Documents\Remove Antivirus System Pro.doc [2009/10/27 21:00:44 | 00,001,728 | ---- | M] () -- C:\Documents and Settings\Kimmie\Desktop\Check PC For Errors.lnk [2009/10/27 16:34:49 | 02,292,736 | ---- | M] (Sammsoft ) -- C:\Documents and Settings\Kimmie\Desktop\arolicense.exe [2009/10/27 07:59:05 | 04,165,792 | ---- | M] (Sammsoft ) -- C:\Documents and Settings\Kimmie\Desktop\AROTrial_mt.exe [2009/10/27 07:42:09 | 04,280,624 | -H-- | M] () -- C:\Documents and Settings\Kimmie\Local Settings\Application Data\IconCache.db [2009/10/26 14:29:29 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Kimmie\My Documents\hardship letter.doc [2009/10/25 16:25:27 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe [2009/10/23 22:52:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/10/20 11:05:52 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2009/10/15 02:18:06 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/10/12 09:42:48 | 04,607,932 | ---- | M] () -- C:\Documents and Settings\Kimmie\Desktop\03 The Great Defector.m4a [2009/10/08 10:31:44 | 01,636,304 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll [2009/10/08 10:31:44 | 00,165,840 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\Documents and Settings\Kimmie\My Documents\*.tmp files -> C:\Documents and Settings\Kimmie\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/11/06 13:39:55 | 00,000,209 | ---- | C] () -- C:\Boot.bak [2009/11/06 13:39:48 | 00,260,272 | ---- | C] () -- C:\cmldr [2009/11/06 13:37:41 | 00,267,264 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009/11/06 13:37:41 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009/11/06 13:37:41 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009/11/06 13:37:41 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2009/11/06 13:37:41 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009/11/06 08:07:29 | 03,562,655 | R--- | C] () -- C:\Documents and Settings\Kimmie\Desktop\ComboFix.exe [2009/11/06 07:47:50 | 00,732,912 | ---- | C] () -- C:\Documents and Settings\Kimmie\My Documents\Please Help get rid of WIN32-Cryptor Virus! [Solved].mht [2009/11/05 09:13:19 | 10,634,07616 | -HS- | C] () -- C:\hiberfil.sys [2009/11/04 11:24:14 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Kimmie\My Documents\Five Crowns letter.doc [2009/11/03 18:01:45 | 00,001,028 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk [2009/11/03 18:00:44 | 00,001,940 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk [2009/11/03 17:52:19 | 00,186,295 | ---- | C] () -- C:\WINDOWS\hpwins23.dat [2009/11/03 17:52:19 | 00,001,847 | ---- | C] () -- C:\WINDOWS\hpwmdl23.dat [2009/10/30 16:57:41 | 00,023,754 | ---- | C] () -- C:\Documents and Settings\Kimmie\My Documents\hp printer order summary.pdf [2009/10/27 22:38:10 | 00,000,268 | ---- | C] () -- C:\WINDOWS\tasks\Advanced Registry Optimizer.job [2009/10/27 22:11:35 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Kimmie\My Documents\HKEY.doc [2009/10/27 21:45:13 | 00,001,647 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk [2009/10/27 21:44:14 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Kimmie\My Documents\Detect and delete other Antivirus System Pro alert files.doc [2009/10/27 21:43:42 | 00,501,760 | ---- | C] () -- C:\Documents and Settings\Kimmie\My Documents\How to delete registry entries.doc [2009/10/27 21:33:50 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat [2009/10/27 21:33:48 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat [2009/10/27 21:33:48 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat [2009/10/27 21:33:35 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat [2009/10/27 21:16:20 | 00,048,128 | ---- | C] () -- C:\Documents and Settings\Kimmie\My Documents\Remove Antivirus System Pro.doc [2009/10/27 07:25:10 | 00,001,728 | ---- | C] () -- C:\Documents and Settings\Kimmie\Desktop\Check PC For Errors.lnk [2009/10/27 07:25:04 | 00,000,688 | ---- | C] () -- C:\Documents and Settings\Kimmie\Start Menu\Programs\Startup\MemTurbo.lnk [2009/10/14 07:36:17 | 04,607,932 | ---- | C] () -- C:\Documents and Settings\Kimmie\Desktop\03 The Great Defector.m4a [2009/10/13 07:06:20 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Kimmie\My Documents\hardship letter.doc [2009/08/18 14:56:48 | 00,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini [2009/08/06 07:55:02 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\tubakile.dll [2009/08/05 19:54:31 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\wopoliro.dll [2009/02/28 15:43:03 | 00,005,478 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2009/01/03 17:42:05 | 00,000,250 | ---- | C] () -- C:\WINDOWS\LF.INI [2008/09/16 20:45:08 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll [2008/08/27 21:33:32 | 00,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2008/06/10 11:17:46 | 00,000,080 | RHS- | C] () -- C:\WINDOWS\System32\4BAB9AB566.dll [2008/03/26 16:28:42 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Kimmie\Local Settings\Application Data\PUTTY.RND [2007/08/28 19:23:49 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll [2007/08/28 18:59:37 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2007/03/05 13:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2007/01/06 18:21:15 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Kimmie\Application Data\PFP120JPR.{PB [2007/01/06 18:21:15 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Kimmie\Application Data\PFP120JCM.{PB [2006/08/12 20:53:21 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\Kimmie\Application Data\G-Force Prefs (WindowsMediaPlayer).txt [2006/07/19 17:57:13 | 00,003,403 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/05/14 19:45:46 | 00,010,240 | ---- | C] () -- C:\Documents and Settings\Kimmie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/05/06 21:00:48 | 00,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006/05/06 21:00:48 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\66B59AAB4B.sys [2006/04/30 13:37:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2006/04/30 12:28:11 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/04/29 10:45:49 | 00,062,744 | ---- | C] () -- C:\Documents and Settings\Kimmie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2006/04/26 19:24:09 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Kimmie\Application Data\desktop.ini [2006/04/26 19:24:08 | 04,280,624 | -H-- | C] () -- C:\Documents and Settings\Kimmie\Local Settings\Application Data\IconCache.db [2006/04/26 19:24:08 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Kimmie\Local Settings\Application Data\fusioncache.dat [2006/04/21 09:58:21 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/04/21 09:54:51 | 00,000,215 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006/04/21 09:48:38 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll [2006/04/21 09:18:26 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2005/11/10 05:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005/08/26 11:43:12 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg(2).dll [2005/08/16 01:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/08/16 01:33:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2005/08/16 01:18:43 | 00,001,072 | ---- | C] () -- C:\WINDOWS\win.ini [2005/08/16 01:18:41 | 00,000,327 | ---- | C] () -- C:\WINDOWS\system.ini [2005/08/05 11:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2003/07/14 11:30:28 | 00,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll [2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2009/11/06 13:45:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar [2008/06/10 10:06:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software [2007/08/31 15:32:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2009/08/18 14:56:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES [2008/06/10 11:19:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited [2009/08/06 13:22:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2009/08/18 15:18:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10 [2009/11/03 16:40:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/08/06 13:22:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Neat Company [2006/04/21 09:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2006/04/29 10:05:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks [2008/08/21 13:17:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\Corel [2006/05/06 21:01:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\Corel Photo Album [2008/05/22 21:11:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\FileZilla [2009/02/03 15:58:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\Inkscape [2006/05/29 15:28:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\Leadertech [2009/02/20 12:44:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\Quark [2007/12/02 19:06:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\RegClean [2009/10/27 07:25:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\Sammsoft [2009/08/06 13:22:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kimmie\Application Data\ScanSoft [2009/11/02 23:40:04 | 00,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\Advanced Registry Optimizer.job [2004/08/10 02:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/11/06 14:07:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [2009/11/05 18:00:23 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{348098C7-1C2D-4CFC-9631-3033F207AD26}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 < End of report > |
|
|
|
|
Nov 7 2009, 01:45 PM
Post
#4
|
|
|
GeekU Teacher Posts: 35,115 From: Dublin OS: XP |
that's not the combofix log, it should be located in C:\
do you have that ? |
|
|
|
|
Nov 7 2009, 10:05 PM
Post
#5
|
|
|
New Member Posts: 5 OS: windows XP |
Found it....thanks!
Here it is... ComboFix 09-11-05.05 - Kimmie 11/06/2009 13:49.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.615 [GMT -8:00] Running from: c:\documents and settings\Kimmie\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Kimmie\My Documents\ZbThumbnail.info c:\program files\WinBudget c:\windows\COUPON~1.OCX c:\windows\CouponPrinter.ocx c:\windows\kb913800.exe c:\windows\patch.exe c:\windows\system32\BSTIEPrintCtl1.dll c:\windows\system32\ninezoni.dll c:\windows\system32\razifazi.dll c:\windows\Tasks\ealkrysq.job . ((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 ))))))))))))))))))))))))))))))) . 2009-11-06 15:48 . 2009-11-06 21:44 -------- dc----w- C:\Rooter$ 2009-11-06 08:29 . 2009-11-06 08:28 496944 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll 2009-11-06 08:29 . 2009-11-06 08:28 570672 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll 2009-11-06 08:29 . 2009-11-06 08:28 296240 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlsock10.dll 2009-11-06 08:29 . 2009-11-06 08:28 1152304 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbtool10.dll 2009-11-06 08:29 . 2009-11-06 08:28 787760 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblgen10.dll 2009-11-06 08:29 . 2009-11-06 08:28 423216 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe 2009-11-06 08:29 . 2009-11-06 08:28 205576 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe 2009-11-06 08:29 . 2009-11-06 08:28 1085704 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe 2009-11-06 08:29 . 2009-11-06 08:28 763184 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblib10.dll 2009-11-06 08:29 . 2009-11-06 08:28 398640 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbcon10.dll 2009-11-04 02:18 . 2009-11-06 21:43 -------- dc----w- c:\documents and settings\Kimmie\Application Data\HPAppData 2009-11-04 02:17 . 2009-11-04 02:17 -------- dc----w- c:\documents and settings\All Users\Application Data\WEBREG 2009-11-04 02:13 . 2009-11-04 02:13 -------- dc----w- c:\documents and settings\Kimmie\Application Data\HP 2009-11-04 02:13 . 2009-11-04 02:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\HP 2009-11-04 02:02 . 2009-11-04 02:02 -------- dc----w- c:\documents and settings\All Users\Application Data\HP Product Assistant 2009-11-04 01:55 . 2009-11-04 01:55 -------- dc----w- c:\windows\hpoj6500e709 2009-11-04 01:52 . 2009-11-04 02:15 186295 -c--a-w- c:\windows\hpwins23.dat 2009-11-04 01:52 . 2008-10-25 09:30 1847 -c----w- c:\windows\hpwmdl23.dat 2009-11-04 01:52 . 2008-08-12 18:58 118272 -c--a-w- c:\windows\system32\hpf3l082.dll 2009-11-04 01:52 . 2008-08-22 12:24 271704 -c--a-r- c:\windows\system32\hpzids01.dll 2009-11-04 01:50 . 2007-07-09 18:13 309760 -c--a-r- c:\windows\system32\difxapi.dll 2009-11-04 01:50 . 2007-07-09 18:13 364544 -c--a-r- c:\windows\system32\hppldcoi.dll 2009-11-04 01:50 . 2007-07-06 18:48 294912 -c--a-r- c:\windows\system32\hpovst11.dll 2009-11-04 01:50 . 2008-10-06 19:11 966656 -c--a-r- c:\windows\system32\hpwtiop4.dll 2009-11-04 01:50 . 2008-10-06 19:11 741376 -c--a-r- c:\windows\system32\hpwwiax5.dll 2009-11-04 01:09 . 2009-11-04 01:11 -------- dc----w- C:\$AVG 2009-11-04 01:08 . 2009-11-06 21:45 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-11-04 01:07 . 2009-11-04 01:07 -------- dc----w- c:\program files\AVG 2009-11-04 01:06 . 2009-11-04 02:11 -------- dc----w- c:\windows\SxsCaPendDel 2009-11-04 00:10 . 2009-11-05 05:24 -------- dc----w- C:\SafetyCenter 2009-10-28 06:28 . 2009-11-04 07:19 -------- dc----w- c:\documents and settings\Kimmie\Application Data\HpUpdate 2009-10-28 06:28 . 2009-10-28 06:28 -------- dc----w- c:\windows\Hewlett-Packard 2009-10-28 05:45 . 2009-10-08 18:31 165840 -c--a-w- c:\windows\PCTBDRes.dll 2009-10-28 05:45 . 2009-10-08 18:31 1636304 -c--a-w- c:\windows\PCTBDCore.dll 2009-10-28 05:33 . 2009-09-24 15:55 229304 -c--a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-10-28 05:33 . 2009-10-06 23:31 87784 -c--a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-10-28 05:33 . 2009-09-23 23:10 207280 -c--a-w- c:\windows\system32\drivers\PCTCore.sys 2009-10-28 05:33 . 2009-09-03 16:45 70408 -c--a-w- c:\windows\system32\drivers\pctplsg.sys 2009-10-28 05:33 . 2009-10-28 06:23 -------- dc----w- c:\program files\Spyware Doctor 2009-10-28 05:33 . 2009-10-28 05:33 -------- d-----w- c:\program files\Common Files\PC Tools 2009-10-28 05:33 . 2009-10-28 05:33 -------- dc----w- c:\documents and settings\Kimmie\Application Data\PC Tools 2009-10-28 05:33 . 2009-10-28 05:33 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-10-28 05:33 . 2009-11-04 00:40 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-27 15:25 . 2009-10-27 15:25 -------- dc----w- c:\documents and settings\Kimmie\Application Data\Sammsoft 2009-10-27 15:25 . 2009-10-27 15:25 -------- dc----w- c:\program files\MemTurbo 4 2009-10-27 15:24 . 2009-10-28 05:00 -------- dc----w- c:\program files\Advanced Registry Optimizer 2009-10-27 14:56 . 2009-11-04 00:36 -------- dc----w- c:\program files\uqxrqw 2009-10-15 10:10 . 2009-10-15 10:10 -------- dc----w- c:\windows\SQL9_KB970892_ENU . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-06 08:28 . 2009-08-24 05:18 263472 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll 2009-11-04 22:01 . 2009-08-18 23:35 3027 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys 2009-11-04 02:03 . 2009-02-28 23:54 -------- dc----w- c:\documents and settings\All Users\Application Data\HP 2009-11-04 02:00 . 2009-02-28 23:43 -------- dc----w- c:\program files\HP 2009-11-04 01:55 . 2009-02-28 23:51 -------- d-----w- c:\program files\Common Files\HP 2009-10-28 06:28 . 2009-02-28 23:49 -------- dc----w- c:\program files\Hewlett-Packard 2009-10-28 05:45 . 2009-10-28 05:45 0 -c--a-w- c:\windows\is-19FQ3.tmp 2009-10-15 10:11 . 2009-08-04 21:17 -------- d-----w- c:\program files\Microsoft SQL Server 2009-10-01 15:54 . 2009-03-07 07:01 62744 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-01 15:52 . 2006-04-29 19:06 -------- d-----w- c:\program files\Dl_cats 2009-09-16 10:20 . 2009-10-28 05:33 7383 -c--a-w- c:\windows\system32\drivers\pctcore.cat 2009-09-15 13:20 . 2009-10-28 05:33 7383 -c--a-w- c:\windows\system32\drivers\pctplsg.cat 2009-09-15 09:12 . 2009-10-28 05:33 7412 -c--a-w- c:\windows\system32\drivers\PCTAppEvent.cat 2009-09-15 08:01 . 2009-10-28 05:33 7387 -c--a-w- c:\windows\system32\drivers\pctgntdi.cat 2009-09-13 22:29 . 2009-08-18 22:58 -------- dc----w- c:\documents and settings\All Users\Application Data\Intuit 2009-09-11 14:18 . 2005-08-16 09:18 136192 -c--a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2005-08-16 09:18 58880 -c--a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36 . 2005-08-16 09:18 832512 -c--a-w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2005-08-16 09:18 78336 -c--a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2005-08-16 09:18 17408 -c----w- c:\windows\system32\corpol.dll 2009-08-26 08:00 . 2005-08-16 09:19 247326 -c--a-w- c:\windows\system32\strmdll.dll 2009-08-24 05:18 . 2009-08-24 05:18 2151728 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll 2009-08-24 05:18 . 2009-08-24 05:18 34056 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Interop.QBInstanceFinder.dll 2009-08-24 05:18 . 2009-08-24 05:18 192512 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll 2009-08-24 05:18 . 2009-08-24 05:18 850736 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\dblgen11.dll 2009-08-24 05:11 . 2009-08-24 05:12 869640 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\qbpatch.exe 2009-08-24 05:10 . 2009-08-24 05:12 499712 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcp71.dll 2009-08-24 05:10 . 2009-08-24 05:12 348160 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcr71.dll 2009-08-18 23:13 . 2006-04-29 18:45 62744 -c--a-w- c:\documents and settings\Kimmie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-06-10 19:46 . 2008-06-10 19:17 80 -csh--r- c:\windows\system32\4BAB9AB566.dll 2007-01-14 02:57 . 2006-05-07 05:00 88 -csh--r- c:\windows\system32\66B59AAB4B.sys 2007-06-17 05:00 . 2006-05-07 05:00 5852 -csha-w- c:\windows\system32\KGyGaAvL.sys 2009-08-06 15:55 . 2009-08-06 15:55 39424 -csha-w- c:\windows\system32\tubakile.dll 2009-08-06 03:54 . 2009-08-06 03:54 39424 -csha-w- c:\windows\system32\wopoliro.dll . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2005-06-10 15:44 . 2005-06-10 15:44 81920 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe 2004-06-16 13:03 . 2004-06-16 13:03 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe 2005-06-10 15:44 . 2005-06-10 15:44 249856 c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe 2004-12-13 20:30 . 2004-12-13 20:30 58992 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe 2005-10-05 08:12 . 2005-10-05 08:12 94208 c:\program files\Dell\Media Experience\bak\DMXLauncher.exe 2005-05-15 07:04 . 2005-05-15 07:04 332800 c:\program files\Dell Support\bak\DSAgnt.exe 2006-06-14 23:24 . 2006-06-14 23:24 278528 c:\program files\iTunes\bak\iTunesHelper.exe 2008-06-02 18:13 . 2008-06-02 18:13 267048 c:\program files\iTunes\iTunesHelper.exe 2006-04-21 17:44 . 2006-06-03 03:54 282624 c:\program files\QuickTime\bak\qttask.exe 2008-05-27 17:50 . 2008-05-27 17:50 413696 c:\program files\QuickTime\QTTask.exe 2005-08-16 09:37 . 2005-09-29 19:01 67584 c:\windows\ehome\bak\ehtray.exe 2006-04-21 17:18 . 2005-10-15 01:46 77824 c:\windows\system32\bak\hkcmd.exe 2006-04-21 17:18 . 2005-10-15 01:50 114688 c:\windows\system32\bak\igfxpers.exe 2006-04-21 17:18 . 2005-10-15 01:49 94208 c:\windows\system32\bak\igfxtray.exe 2006-04-21 17:54 . 2005-09-08 10:20 122940 c:\windows\system32\DLA\bak\DLACTRLW.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-18 1838592] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "potimovot"="c:\windows\system32\ninezoni.dll" [N/A] "combofix"="c:\combofix\CF32458.exe" [2009-11-06 389120] "viruwavemi"="jukabama.dll" [N/A] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760] c:\documents and settings\Kimmie\Start Menu\Programs\Startup\ MemTurbo.lnk - c:\program files\MemTurbo 4\MemTurbo.exe [2009-10-27 3121760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-7-16 984352] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Symantec Core LC"=3 (0x3) "SiteAdvisor Service"=2 (0x2) "ose"=3 (0x3) "Norton Ghost"=3 (0x3) "McRedirector"=2 (0x2) "iPod Service"=3 (0x3) "IDriverT"=3 (0x3) "ccSetMgr"=2 (0x2) "ccPwdSvc"=3 (0x3) "ccEvtMgr"=2 (0x2) "NetSvc"=3 (0x3) "MpfService"=2 (0x2) "McSysmon"=2 (0x2) "McShield"=2 (0x2) "mcpromgr"=2 (0x2) "McODS"=2 (0x2) "McNASvc"=2 (0x2) "mcmscsvc"=2 (0x2) "mcmispupdmgr"=3 (0x3) "McAfee HackerWatch Service"=2 (0x2) "GoToAssist"=3 (0x3) "GEARSecurity"=2 (0x2) "Emproxy"=3 (0x3) "dlcc_device"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"= "c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"= "c:\\WINDOWS\\explorer.exe"= "c:\\WINDOWS\\system32\\winlogon.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\WINDOWS\\system32\\logonui.exe"= "c:\\WINDOWS\\system32\\lsass.exe"= R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/27/2009 9:33 PM 207280] R2 NeatWorksDatabaseController;NeatWorks Database Controller;c:\program files\NeatWorks\exec\NeatWorksDatabaseController.exe [6/10/2009 2:45 PM 351384] R2 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/27/2009 9:33 PM 358600] S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 2:27 AM 29262680] --- Other Services/Drivers In Memory --- *NewlyCreated* - MBR *Deregistered* - mbr [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Neat ADF Scanner 2008] reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f . Contents of the 'Scheduled Tasks' folder 2009-11-03 c:\windows\Tasks\Advanced Registry Optimizer.job - c:\program files\Advanced Registry Optimizer\ARO.exe [2009-10-27 18:50] 2009-10-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 00:57] 2009-11-06 c:\windows\Tasks\User_Feed_Synchronization-{348098C7-1C2D-4CFC-9631-3033F207AD26}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 02:36] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?fr=fptb-mdp uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Yahoo! Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm Trusted Zone: musicmatch.com\online Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Greenies/Coupons.cab DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab . - - - - ORPHANS REMOVED - - - - BHO-{7d1c52e1-ccd8-4b11-968f-d425b9f4fdd0} - rehenano.dll BHO-{A73890FC-177F-4198-AE3D-C64F7D9E69D8} - (no file) WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) SharedTaskScheduler-{f661d776-5237-4791-ad04-3decac38c50b} - (no file) SharedTaskScheduler-{b922948f-1072-44ef-b90f-8b0abf88c443} - (no file) SharedTaskScheduler-{d6e0dca6-c282-4bae-84de-4c4eec8447d2} - c:\windows\system32\ninezoni.dll SSODL-zadimusig-{f661d776-5237-4791-ad04-3decac38c50b} - (no file) SSODL-zihapugow-{b922948f-1072-44ef-b90f-8b0abf88c443} - (no file) SSODL-yumifutah-{d6e0dca6-c282-4bae-84de-4c4eec8447d2} - c:\windows\system32\ninezoni.dll Notify-avgrsstarter - avgrsstx.dll AddRemove-FoxyTunesForFirefox - f:\portableapps\FirefoxPortable3\App\firefox\firefox.exe AddRemove-SBC Yahoo! Applications - c:\program files\SBC Yahoo!\UninstallManager.exe AddRemove-SBC Yahoo! Dial Connection Manager - c:\windows\..\Program Files\SBC Yahoo!\Connection Manager\uninst.exe AddRemove-SBC Yahoo! UMUninstaller - c:\program files\SBC Yahoo!\umuninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-06 14:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\fxssvc.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqgalry.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Completion time: 2009-11-06 14:33 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-06 22:33 Pre-Run: 5,298,941,952 bytes free Post-Run: 7,229,599,744 bytes free - - End Of File - - 41EA4E32964C3172F7613030939DCFF4 |
|
|
|
|
Nov 8 2009, 05:43 AM
Post
#6
|
|
|
GeekU Teacher Posts: 35,115 From: Dublin OS: XP |
hi
1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: QUOTE Folder:: c:\program files\uqxrqw File:: c:\windows\system32\tubakile.dll c:\windows\system32\wopoliro.dll AWF:: c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe c:\program files\Common Files\Symantec Shared\bak\ccApp.exe c:\program files\Dell\Media Experience\bak\DMXLauncher.exe c:\program files\Dell Support\bak\DSAgnt.exe c:\program files\iTunes\bak\iTunesHelper.exe c:\program files\QuickTime\bak\qttask.exe c:\windows\ehome\bak\ehtray.exe c:\windows\system32\bak\hkcmd.exe c:\windows\system32\bak\igfxpers.exe c:\windows\system32\bak\igfxtray.exe c:\windows\system32\DLA\bak\DLACTRLW.EXE KillAll:: Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\explorer.exe"=- "c:\\WINDOWS\\system32\\winlogon.exe"=- "c:\\WINDOWS\\system32\\logonui.exe"=- "c:\\WINDOWS\\system32\\lsass.exe"=- DDS:: DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Greenies/Coupons.cab DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab Save this as CFScript.txt, in the same location as ComboFix.exe  Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. |
|
|
|
|
Nov 8 2009, 10:59 AM
Post
#7
|
|
|
New Member Posts: 5 OS: windows XP |
Hi, here it is...
I am also at start up getting a win 32 system error that says: jukabama.dll and ninezoni.dll cannot be found.... Thanks for all your help! ComboFix 09-11-05.05 - Kimmie 11/08/2009 8:33.3.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.568 [GMT -8:00] Running from: c:\documents and settings\Kimmie\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Kimmie\Desktop\CFScript.txt FILE :: "c:\windows\system32\tubakile.dll" "c:\windows\system32\wopoliro.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\uqxrqw c:\windows\system32\tubakile.dll c:\windows\system32\wopoliro.dll . ((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 ))))))))))))))))))))))))))))))) . 2009-11-06 15:48 . 2009-11-06 21:44 -------- dc----w- C:\Rooter$ 2009-11-06 08:29 . 2009-11-06 08:28 496944 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll 2009-11-06 08:29 . 2009-11-06 08:28 570672 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll 2009-11-06 08:29 . 2009-11-06 08:28 296240 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlsock10.dll 2009-11-06 08:29 . 2009-11-06 08:28 1152304 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbtool10.dll 2009-11-06 08:29 . 2009-11-06 08:28 787760 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblgen10.dll 2009-11-06 08:29 . 2009-11-06 08:28 423216 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe 2009-11-06 08:29 . 2009-11-06 08:28 205576 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe 2009-11-06 08:29 . 2009-11-06 08:28 1085704 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe 2009-11-06 08:29 . 2009-11-06 08:28 763184 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblib10.dll 2009-11-06 08:29 . 2009-11-06 08:28 398640 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbcon10.dll 2009-11-04 02:18 . 2009-11-08 16:29 -------- dc----w- c:\documents and settings\Kimmie\Application Data\HPAppData 2009-11-04 02:17 . 2009-11-04 02:17 -------- dc----w- c:\documents and settings\All Users\Application Data\WEBREG 2009-11-04 02:13 . 2009-11-04 02:13 -------- dc----w- c:\documents and settings\Kimmie\Application Data\HP 2009-11-04 02:13 . 2009-11-04 02:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\HP 2009-11-04 02:02 . 2009-11-04 02:02 -------- dc----w- c:\documents and settings\All Users\Application Data\HP Product Assistant 2009-11-04 01:55 . 2009-11-04 01:55 -------- dc----w- c:\windows\hpoj6500e709 2009-11-04 01:52 . 2009-11-04 02:15 186295 -c--a-w- c:\windows\hpwins23.dat 2009-11-04 01:52 . 2008-10-25 09:30 1847 -c----w- c:\windows\hpwmdl23.dat 2009-11-04 01:52 . 2008-08-12 18:58 118272 -c--a-w- c:\windows\system32\hpf3l082.dll 2009-11-04 01:52 . 2008-08-22 12:24 271704 -c--a-r- c:\windows\system32\hpzids01.dll 2009-11-04 01:50 . 2007-07-09 18:13 309760 -c--a-r- c:\windows\system32\difxapi.dll 2009-11-04 01:50 . 2007-07-09 18:13 364544 -c--a-r- c:\windows\system32\hppldcoi.dll 2009-11-04 01:50 . 2007-07-06 18:48 294912 -c--a-r- c:\windows\system32\hpovst11.dll 2009-11-04 01:50 . 2008-10-06 19:11 966656 -c--a-r- c:\windows\system32\hpwtiop4.dll 2009-11-04 01:50 . 2008-10-06 19:11 741376 -c--a-r- c:\windows\system32\hpwwiax5.dll 2009-11-04 01:09 . 2009-11-04 01:11 -------- dc----w- C:\$AVG 2009-11-04 01:08 . 2009-11-08 16:15 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-11-04 01:07 . 2009-11-04 01:07 -------- dc----w- c:\program files\AVG 2009-11-04 01:06 . 2009-11-04 02:11 -------- dc----w- c:\windows\SxsCaPendDel 2009-11-04 00:10 . 2009-11-05 05:24 -------- dc----w- C:\SafetyCenter 2009-10-28 06:28 . 2009-11-04 07:19 -------- dc----w- c:\documents and settings\Kimmie\Application Data\HpUpdate 2009-10-28 06:28 . 2009-10-28 06:28 -------- dc----w- c:\windows\Hewlett-Packard 2009-10-28 05:45 . 2009-10-08 18:31 165840 -c--a-w- c:\windows\PCTBDRes.dll 2009-10-28 05:45 . 2009-10-08 18:31 1636304 -c--a-w- c:\windows\PCTBDCore.dll 2009-10-28 05:33 . 2009-09-24 15:55 229304 -c--a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-10-28 05:33 . 2009-10-06 23:31 87784 -c--a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-10-28 05:33 . 2009-09-23 23:10 207280 -c--a-w- c:\windows\system32\drivers\PCTCore.sys 2009-10-28 05:33 . 2009-09-03 16:45 70408 -c--a-w- c:\windows\system32\drivers\pctplsg.sys 2009-10-28 05:33 . 2009-10-28 06:23 -------- dc----w- c:\program files\Spyware Doctor 2009-10-28 05:33 . 2009-10-28 05:33 -------- d-----w- c:\program files\Common Files\PC Tools 2009-10-28 05:33 . 2009-10-28 05:33 -------- dc----w- c:\documents and settings\Kimmie\Application Data\PC Tools 2009-10-28 05:33 . 2009-10-28 05:33 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-10-28 05:33 . 2009-11-04 00:40 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-27 15:25 . 2009-10-27 15:25 -------- dc----w- c:\documents and settings\Kimmie\Application Data\Sammsoft 2009-10-27 15:25 . 2009-10-27 15:25 -------- dc----w- c:\program files\MemTurbo 4 2009-10-27 15:24 . 2009-10-28 05:00 -------- dc----w- c:\program files\Advanced Registry Optimizer 2009-10-15 10:10 . 2009-10-15 10:10 -------- dc----w- c:\windows\SQL9_KB970892_ENU . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-08 16:47 . 2006-04-21 17:46 -------- d-----w- c:\program files\Dell Support 2009-11-08 16:47 . 2006-04-21 17:47 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-11-06 08:28 . 2009-08-24 05:18 263472 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll 2009-11-04 22:01 . 2009-08-18 23:35 3027 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys 2009-11-04 02:03 . 2009-02-28 23:54 -------- dc----w- c:\documents and settings\All Users\Application Data\HP 2009-11-04 02:00 . 2009-02-28 23:43 -------- dc----w- c:\program files\HP 2009-11-04 01:55 . 2009-02-28 23:51 -------- d-----w- c:\program files\Common Files\HP 2009-10-28 06:28 . 2009-02-28 23:49 -------- dc----w- c:\program files\Hewlett-Packard 2009-10-28 05:45 . 2009-10-28 05:45 0 -c--a-w- c:\windows\is-19FQ3.tmp 2009-10-15 10:11 . 2009-08-04 21:17 -------- d-----w- c:\program files\Microsoft SQL Server 2009-10-01 15:54 . 2009-03-07 07:01 62744 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-01 15:52 . 2006-04-29 19:06 -------- d-----w- c:\program files\Dl_cats 2009-09-16 10:20 . 2009-10-28 05:33 7383 -c--a-w- c:\windows\system32\drivers\pctcore.cat 2009-09-15 13:20 . 2009-10-28 05:33 7383 -c--a-w- c:\windows\system32\drivers\pctplsg.cat 2009-09-15 09:12 . 2009-10-28 05:33 7412 -c--a-w- c:\windows\system32\drivers\PCTAppEvent.cat 2009-09-15 08:01 . 2009-10-28 05:33 7387 -c--a-w- c:\windows\system32\drivers\pctgntdi.cat 2009-09-13 22:29 . 2009-08-18 22:58 -------- dc----w- c:\documents and settings\All Users\Application Data\Intuit 2009-09-11 14:18 . 2005-08-16 09:18 136192 -c--a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2005-08-16 09:18 58880 -c--a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36 . 2005-08-16 09:18 832512 -c----w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2005-08-16 09:18 78336 -c--a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2005-08-16 09:18 17408 -c----w- c:\windows\system32\corpol.dll 2009-08-26 08:00 . 2005-08-16 09:19 247326 -c--a-w- c:\windows\system32\strmdll.dll 2009-08-24 05:18 . 2009-08-24 05:18 2151728 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll 2009-08-24 05:18 . 2009-08-24 05:18 34056 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Interop.QBInstanceFinder.dll 2009-08-24 05:18 . 2009-08-24 05:18 192512 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll 2009-08-24 05:18 . 2009-08-24 05:18 850736 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\dblgen11.dll 2009-08-24 05:11 . 2009-08-24 05:12 869640 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\qbpatch.exe 2009-08-24 05:10 . 2009-08-24 05:12 499712 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcp71.dll 2009-08-24 05:10 . 2009-08-24 05:12 348160 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcr71.dll 2009-08-18 23:13 . 2006-04-29 18:45 62744 -c--a-w- c:\documents and settings\Kimmie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-06-10 19:46 . 2008-06-10 19:17 80 -csh--r- c:\windows\system32\4BAB9AB566.dll 2007-01-14 02:57 . 2006-05-07 05:00 88 -csh--r- c:\windows\system32\66B59AAB4B.sys 2007-06-17 05:00 . 2006-05-07 05:00 5852 -csha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2005-06-10 15:44 . 2005-06-10 15:44 81920 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe 2004-06-16 13:03 . 2004-06-16 13:03 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe 2006-06-14 23:24 . 2006-06-14 23:24 278528 c:\program files\iTunes\bak\iTunesHelper.exe 2008-06-02 18:13 . 2008-06-02 18:13 267048 c:\program files\iTunes\iTunesHelper.exe 2006-04-21 17:44 . 2006-06-03 03:54 282624 c:\program files\QuickTime\bak\qttask.exe 2008-05-27 17:50 . 2008-05-27 17:50 413696 c:\program files\QuickTime\QTTask.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-18 1838592] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "potimovot"="c:\windows\system32\ninezoni.dll" [N/A] "combofix"="c:\combofix\CF22437.exe" [2009-11-08 389120] "viruwavemi"="jukabama.dll" [N/A] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760] c:\documents and settings\Kimmie\Start Menu\Programs\Startup\ MemTurbo.lnk - c:\program files\MemTurbo 4\MemTurbo.exe [2009-10-27 3121760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-7-16 984352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] avgrsstx.dll [BU] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Symantec Core LC"=3 (0x3) "SiteAdvisor Service"=2 (0x2) "ose"=3 (0x3) "Norton Ghost"=3 (0x3) "McRedirector"=2 (0x2) "iPod Service"=3 (0x3) "IDriverT"=3 (0x3) "ccSetMgr"=2 (0x2) "ccPwdSvc"=3 (0x3) "ccEvtMgr"=2 (0x2) "NetSvc"=3 (0x3) "MpfService"=2 (0x2) "McSysmon"=2 (0x2) "McShield"=2 (0x2) "mcpromgr"=2 (0x2) "McODS"=2 (0x2) "McNASvc"=2 (0x2) "mcmscsvc"=2 (0x2) "mcmispupdmgr"=3 (0x3) "McAfee HackerWatch Service"=2 (0x2) "GoToAssist"=3 (0x3) "GEARSecurity"=2 (0x2) "Emproxy"=3 (0x3) "dlcc_device"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"= "c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/27/2009 9:33 PM 207280] R2 NeatWorksDatabaseController;NeatWorks Database Controller;c:\program files\NeatWorks\exec\NeatWorksDatabaseController.exe [6/10/2009 2:45 PM 351384] R2 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/27/2009 9:33 PM 358600] S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 2:27 AM 29262680] --- Other Services/Drivers In Memory --- *Deregistered* - mbr [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Neat ADF Scanner 2008] reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f . Contents of the 'Scheduled Tasks' folder 2009-11-03 c:\windows\Tasks\Advanced Registry Optimizer.job - c:\program files\Advanced Registry Optimizer\ARO.exe [2009-10-27 18:50] 2009-10-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 00:57] 2009-11-08 c:\windows\Tasks\User_Feed_Synchronization-{348098C7-1C2D-4CFC-9631-3033F207AD26}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 02:36] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?fr=fptb-mdp uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Yahoo! Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm Trusted Zone: musicmatch.com\online Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Greenies/Coupons.cab DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-08 08:47 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\HP\Digital Imaging\bin\hpqgalry.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\fxssvc.exe c:\windows\ehome\mcrdsvc.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\windows\system32\dllhost.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Completion time: 2009-11-08 8:57 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-08 16:56 ComboFix2.txt 2009-11-06 22:33 Pre-Run: 6,929,616,896 bytes free Post-Run: 7,140,737,024 bytes free - - End Of File - - AC35F49B98689DC3D0617CD1ACD3ED3D |
|
|
|
|
Nov 9 2009, 06:06 AM
Post
#8
|
|
|
GeekU Teacher Posts: 35,115 From: Dublin OS: XP |
hi
1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: QUOTE File:: Folder:: Registry:: Driver:: AWF:: c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe c:\program files\iTunes\bak\iTunesHelper.exe c:\program files\QuickTime\bak\qttask.exe KillAll:: Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. |
|
|
|
|
Nov 9 2009, 11:09 AM
Post
#9
|
|
|
New Member Posts: 5 OS: windows XP |
Hi, here's the latest log...
 ComboFix 09-11-05.05 - Kimmie 11/09/2009 8:32.4.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.290 [GMT -8:00] Running from: c:\documents and settings\Kimmie\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Kimmie\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 ))))))))))))))))))))))))))))))) . 2009-11-09 00:16 . 2009-03-30 18:33 96104 -c--a-w- c:\windows\system32\drivers\avipbb.sys 2009-11-09 00:16 . 2009-02-13 20:29 22360 -c--a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-11-09 00:16 . 2009-02-13 20:17 45416 -c--a-w- c:\windows\system32\drivers\avgntdd.sys 2009-11-09 00:16 . 2009-11-09 00:16 -------- dc----w- c:\documents and settings\All Users\Application Data\Avira 2009-11-08 23:02 . 2009-11-08 21:39 15880 -c--a-w- c:\windows\system32\lsdelete.exe 2009-11-08 21:40 . 2009-09-23 12:55 64288 -c--a-w- c:\windows\system32\drivers\Lbd.sys 2009-11-08 21:40 . 2009-11-08 21:39 93360 -c--a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-08 21:38 . 2009-11-08 21:38 815760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2009-11-08 21:38 . 2009-11-08 21:38 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-11-08 21:38 . 2009-11-08 21:38 1638104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-11-08 21:38 . 2009-11-08 21:38 788368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-11-08 21:38 . 2009-11-08 21:38 1179232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-11-08 21:37 . 2009-11-08 21:37 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-11-08 21:37 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe 2009-11-08 21:13 . 2009-11-08 21:13 -------- dc----w- c:\documents and settings\Kimmie\Application Data\AVG8 2009-11-06 15:48 . 2009-11-06 21:44 -------- dc----w- C:\Rooter$ 2009-11-06 08:29 . 2009-11-06 08:28 496944 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll 2009-11-06 08:29 . 2009-11-06 08:28 570672 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll 2009-11-06 08:29 . 2009-11-06 08:28 296240 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlsock10.dll 2009-11-06 08:29 . 2009-11-06 08:28 1152304 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbtool10.dll 2009-11-06 08:29 . 2009-11-06 08:28 787760 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblgen10.dll 2009-11-06 08:29 . 2009-11-06 08:28 423216 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe 2009-11-06 08:29 . 2009-11-06 08:28 205576 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe 2009-11-06 08:29 . 2009-11-06 08:28 1085704 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe 2009-11-06 08:29 . 2009-11-06 08:28 763184 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblib10.dll 2009-11-06 08:29 . 2009-11-06 08:28 398640 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbcon10.dll 2009-11-04 02:18 . 2009-11-09 16:15 -------- dc----w- c:\documents and settings\Kimmie\Application Data\HPAppData 2009-11-04 02:17 . 2009-11-04 02:17 -------- dc----w- c:\documents and settings\All Users\Application Data\WEBREG 2009-11-04 02:13 . 2009-11-04 02:13 -------- dc----w- c:\documents and settings\Kimmie\Application Data\HP 2009-11-04 02:13 . 2009-11-04 02:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\HP 2009-11-04 02:02 . 2009-11-04 02:02 -------- dc----w- c:\documents and settings\All Users\Application Data\HP Product Assistant 2009-11-04 01:55 . 2009-11-04 01:55 -------- dc----w- c:\windows\hpoj6500e709 2009-11-04 01:52 . 2009-11-04 02:15 186295 -c--a-w- c:\windows\hpwins23.dat 2009-11-04 01:52 . 2008-10-25 09:30 1847 -c----w- c:\windows\hpwmdl23.dat 2009-11-04 01:52 . 2008-08-12 18:58 118272 -c--a-w- c:\windows\system32\hpf3l082.dll 2009-11-04 01:52 . 2008-08-22 12:24 271704 -c--a-r- c:\windows\system32\hpzids01.dll 2009-11-04 01:50 . 2007-07-09 18:13 309760 -c--a-r- c:\windows\system32\difxapi.dll 2009-11-04 01:50 . 2007-07-09 18:13 364544 -c--a-r- c:\windows\system32\hppldcoi.dll 2009-11-04 01:50 . 2007-07-06 18:48 294912 -c--a-r- c:\windows\system32\hpovst11.dll 2009-11-04 01:50 . 2008-10-06 19:11 966656 -c--a-r- c:\windows\system32\hpwtiop4.dll 2009-11-04 01:50 . 2008-10-06 19:11 741376 -c--a-r- c:\windows\system32\hpwwiax5.dll 2009-11-04 01:09 . 2009-11-04 01:11 -------- dc----w- C:\$AVG 2009-11-04 01:08 . 2009-11-08 16:15 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-11-04 01:07 . 2009-11-04 01:07 -------- dc----w- c:\program files\AVG 2009-11-04 01:06 . 2009-11-04 02:11 -------- dc----w- c:\windows\SxsCaPendDel 2009-11-04 00:10 . 2009-11-05 05:24 -------- dc----w- C:\SafetyCenter 2009-10-28 06:28 . 2009-11-04 07:19 -------- dc----w- c:\documents and settings\Kimmie\Application Data\HpUpdate 2009-10-28 06:28 . 2009-10-28 06:28 -------- dc----w- c:\windows\Hewlett-Packard 2009-10-28 05:45 . 2009-10-08 18:31 165840 -c--a-w- c:\windows\PCTBDRes.dll 2009-10-28 05:45 . 2009-10-08 18:31 1636304 -c--a-w- c:\windows\PCTBDCore.dll 2009-10-28 05:33 . 2009-09-24 15:55 229304 -c--a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-10-28 05:33 . 2009-10-06 23:31 87784 -c--a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-10-28 05:33 . 2009-09-23 23:10 207280 -c--a-w- c:\windows\system32\drivers\PCTCore.sys 2009-10-28 05:33 . 2009-09-03 16:45 70408 -c--a-w- c:\windows\system32\drivers\pctplsg.sys 2009-10-28 05:33 . 2009-10-28 06:23 -------- dc----w- c:\program files\Spyware Doctor 2009-10-28 05:33 . 2009-10-28 05:33 -------- d-----w- c:\program files\Common Files\PC Tools 2009-10-28 05:33 . 2009-10-28 05:33 -------- dc----w- c:\documents and settings\Kimmie\Application Data\PC Tools 2009-10-28 05:33 . 2009-10-28 05:33 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-10-28 05:33 . 2009-11-04 00:40 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-27 15:25 . 2009-10-27 15:25 -------- dc----w- c:\documents and settings\Kimmie\Application Data\Sammsoft 2009-10-27 15:24 . 2009-10-28 05:00 -------- dc----w- c:\program files\Advanced Registry Optimizer 2009-10-15 10:10 . 2009-10-15 10:10 -------- dc----w- c:\windows\SQL9_KB970892_ENU . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-08 21:36 . 2007-12-05 00:43 -------- d-----w- c:\program files\Lavasoft 2009-11-08 21:31 . 2008-11-19 03:31 -------- d-----w- c:\program files\Citrix 2009-11-08 16:47 . 2006-04-21 17:46 -------- d-----w- c:\program files\Dell Support 2009-11-08 16:47 . 2006-04-21 17:47 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-11-06 08:28 . 2009-08-24 05:18 263472 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll 2009-11-04 22:01 . 2009-08-18 23:35 3027 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys 2009-11-04 02:03 . 2009-02-28 23:54 -------- dc----w- c:\documents and settings\All Users\Application Data\HP 2009-11-04 02:00 . 2009-02-28 23:43 -------- dc----w- c:\program files\HP 2009-11-04 01:55 . 2009-02-28 23:51 -------- d-----w- c:\program files\Common Files\HP 2009-10-28 06:28 . 2009-02-28 23:49 -------- dc----w- c:\program files\Hewlett-Packard 2009-10-28 05:45 . 2009-10-28 05:45 0 -c--a-w- c:\windows\is-19FQ3.tmp 2009-10-15 10:11 . 2009-08-04 21:17 -------- d-----w- c:\program files\Microsoft SQL Server 2009-10-01 15:54 . 2009-03-07 07:01 62744 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-01 15:52 . 2006-04-29 19:06 -------- d-----w- c:\program files\Dl_cats 2009-09-16 10:20 . 2009-10-28 05:33 7383 -c--a-w- c:\windows\system32\drivers\pctcore.cat 2009-09-15 13:20 . 2009-10-28 05:33 7383 -c--a-w- c:\windows\system32\drivers\pctplsg.cat 2009-09-15 09:12 . 2009-10-28 05:33 7412 -c--a-w- c:\windows\system32\drivers\PCTAppEvent.cat 2009-09-15 08:01 . 2009-10-28 05:33 7387 -c--a-w- c:\windows\system32\drivers\pctgntdi.cat 2009-09-13 22:29 . 2009-08-18 22:58 -------- dc----w- c:\documents and settings\All Users\Application Data\Intuit 2009-09-11 14:18 . 2005-08-16 09:18 136192 -c--a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2005-08-16 09:18 58880 -c--a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36 . 2005-08-16 09:18 832512 -c----w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2005-08-16 09:18 78336 -c--a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2005-08-16 09:18 17408 -c----w- c:\windows\system32\corpol.dll 2009-08-26 08:00 . 2005-08-16 09:19 247326 -c--a-w- c:\windows\system32\strmdll.dll 2009-08-24 05:18 . 2009-08-24 05:18 2151728 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll 2009-08-24 05:18 . 2009-08-24 05:18 34056 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Interop.QBInstanceFinder.dll 2009-08-24 05:18 . 2009-08-24 05:18 192512 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll 2009-08-24 05:18 . 2009-08-24 05:18 850736 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\dblgen11.dll 2009-08-24 05:11 . 2009-08-24 05:12 869640 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\qbpatch.exe 2009-08-24 05:10 . 2009-08-24 05:12 499712 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcp71.dll 2009-08-24 05:10 . 2009-08-24 05:12 348160 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\msvcr71.dll 2009-08-18 23:13 . 2006-04-29 18:45 62744 -c--a-w- c:\documents and settings\Kimmie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-06-10 19:46 . 2008-06-10 19:17 80 -csh--r- c:\windows\system32\4BAB9AB566.dll 2007-01-14 02:57 . 2006-05-07 05:00 88 -csh--r- c:\windows\system32\66B59AAB4B.sys 2007-06-17 05:00 . 2006-05-07 05:00 5852 -csha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2005-06-10 15:44 . 2005-06-10 15:44 81920 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe 2004-06-16 13:03 . 2004-06-16 13:03 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe 2006-06-14 23:24 . 2006-06-14 23:24 278528 c:\program files\iTunes\bak\iTunesHelper.exe 2008-06-02 18:13 . 2008-06-02 18:13 267048 c:\program files\iTunes\iTunesHelper.exe 2006-04-21 17:44 . 2006-06-03 03:54 282624 c:\program files\QuickTime\bak\qttask.exe 2008-05-27 17:50 . 2008-05-27 17:50 413696 c:\program files\QuickTime\QTTask.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-18 1838592] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "potimovot"="c:\windows\system32\ninezoni.dll" [N/A] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "combofix"="c:\combofix\CF10311.exe" [2009-11-09 389120] "viruwavemi"="jukabama.dll" [N/A] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-7-16 984352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] avgrsstx.dll [BU] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Symantec Core LC"=3 (0x3) "SiteAdvisor Service"=2 (0x2) "ose"=3 (0x3) "Norton Ghost"=3 (0x3) "McRedirector"=2 (0x2) "iPod Service"=3 (0x3) "IDriverT"=3 (0x3) "ccSetMgr"=2 (0x2) "ccPwdSvc"=3 (0x3) "ccEvtMgr"=2 (0x2) "NetSvc"=3 (0x3) "MpfService"=2 (0x2) "McSysmon"=2 (0x2) "McShield"=2 (0x2) "mcpromgr"=2 (0x2) "McODS"=2 (0x2) "McNASvc"=2 (0x2) "mcmscsvc"=2 (0x2) "mcmispupdmgr"=3 (0x3) "McAfee HackerWatch Service"=2 (0x2) "GoToAssist"=3 (0x3) "GEARSecurity"=2 (0x2) "Emproxy"=3 (0x3) "dlcc_device"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"= "c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/8/2009 1:40 PM 64288] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/27/2009 9:33 PM 207280] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/8/2009 4:16 PM 108289] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 3:17 AM 1179232] R2 NeatWorksDatabaseController;NeatWorks Database Controller;c:\program files\NeatWorks\exec\NeatWorksDatabaseController.exe [6/10/2009 2:45 PM 351384] R2 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/27/2009 9:33 PM 358600] S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 2:27 AM 29262680] --- Other Services/Drivers In Memory --- *NewlyCreated* - SSMDRV *Deregistered* - mbr [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Neat ADF Scanner 2008] reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f . Contents of the 'Scheduled Tasks' folder 2009-11-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 21:38] 2009-11-03 c:\windows\Tasks\Advanced Registry Optimizer.job - c:\program files\Advanced Registry Optimizer\ARO.exe [2009-10-27 18:50] 2009-10-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 00:57] 2009-11-09 c:\windows\Tasks\User_Feed_Synchronization-{348098C7-1C2D-4CFC-9631-3033F207AD26}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 02:36] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?fr=fptb-mdp uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Yahoo! Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-09 08:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(4012) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\fxssvc.exe c:\windows\system32\dllhost.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqgalry.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Completion time: 2009-11-09 9:07 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-09 17:07 ComboFix2.txt 2009-11-08 16:57 ComboFix3.txt 2009-11-06 22:33 Pre-Run: 6,220,644,352 bytes free Post-Run: 7,036,747,776 bytes free - - End Of File - - 3B850309C73C23E47038C810F2763DD7 |
|
|
|
|
Nov 9 2009, 12:33 PM
Post
#10
|
|
|
GeekU Teacher Posts: 35,115 From: Dublin OS: XP |
hi
Please download OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Please download Dr.Web CureIt . Save it to your desktop:
NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on the X in the upper right corner. |
|
|
|
at the right, and the scan will start.|
Nov 16 2009, 12:07 PM
Post
#11
|
|
|
GeekU Teacher Posts: 35,115 From: Dublin OS: XP |
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
4 / 810 | 29th August 2005 - 09:38 AM albuy started - last by Daemon |
|||||
 |
16 / 858 | 9th August 2009 - 08:18 AM mountaineer26070 started - last by Essexboy |
|||||
|
45 / 2,866 | 27th August 2009 - 09:11 PM LaVondra started - last by emeraldnzl |
|||||
|
6 / 148 | 13th October 2009 - 10:12 AM captfalcon started - last by Rorschach112 |
|||||
|
Time is now: 21st November 2009 - 07:52 AM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising