ComboFix 11-08-28.01 - Terri Ward 08/28/2011  17:16:52.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1330 [GMT -5:00]
Running from: c:\documents and settings\Terri Ward\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\TERRIW~1\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Terri Ward\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2011-07-28 to 2011-08-28  )))))))))))))))))))))))))))))))
.
.
2011-08-28 16:07 . 2011-08-28 16:07	28752	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D10EA1A1-5FF6-46DB-92A0-F117A7144F43}\MpKsl1814d59b.sys
2011-08-28 16:06 . 2011-08-12 00:44	7152464	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D10EA1A1-5FF6-46DB-92A0-F117A7144F43}\mpengine.dll
2011-08-26 15:51 . 2011-08-26 15:51	--------	d-----w-	c:\program files\Alex Feinman
2011-08-20 08:23 . 2011-08-12 00:44	7152464	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-18 17:25 . 2011-08-18 17:25	--------	d-----w-	c:\documents and settings\Terri Ward\Application Data\Malwarebytes
2011-08-18 17:25 . 2011-07-07 00:52	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-18 17:25 . 2011-08-18 17:25	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-18 17:25 . 2011-08-18 17:25	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-08-18 17:25 . 2011-07-07 00:52	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-18 17:14 . 2008-04-14 00:12	26624	----a-w-	c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-08-18 17:04 . 2011-08-18 17:04	--------	d-----w-	c:\program files\Foxit Software
2011-08-18 15:06 . 2011-08-18 15:06	--------	d-----w-	c:\program files\Windows Media Connect 2
2011-08-18 15:05 . 2011-08-18 15:06	--------	d-----w-	C:\0494835c04fb85231c7acc88db
2011-08-18 14:04 . 2010-10-19 20:51	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-08-18 14:02 . 2011-08-18 14:02	--------	d-----w-	c:\program files\Microsoft Security Client
2011-08-18 13:59 . 2011-08-18 13:59	--------	d-----w-	c:\windows\system32\drivers\NST
2011-08-18 13:59 . 2011-08-18 13:59	--------	d-----w-	c:\program files\Norton Safe Web Lite
2011-08-18 13:59 . 2011-08-18 13:59	--------	d-----w-	c:\documents and settings\All Users\Application Data\Norton
2011-08-18 13:59 . 2011-08-18 13:59	--------	d-----w-	c:\program files\NortonInstaller
2011-08-17 20:06 . 2011-08-17 20:06	--------	d-----w-	C:\_OTL
2011-08-10 23:08 . 2011-08-10 23:08	--------	d-----w-	c:\program files\ESET
2011-08-10 19:40 . 2011-08-10 20:22	--------	d-----w-	c:\windows\system32\Adobe
2011-08-10 16:01 . 2011-08-10 16:01	--------	d-----w-	c:\documents and settings\Terri Ward\Local Settings\Application Data\Mozilla
2011-08-09 20:45 . 2011-06-24 14:10	139656	------w-	c:\windows\system32\dllcache\rdpwd.sys
2011-08-09 20:45 . 2011-07-08 14:02	10496	------w-	c:\windows\system32\dllcache\ndistapi.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-18 14:45 . 2011-05-20 06:16	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2005-08-16 10:18	456320	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2005-08-16 10:18	10496	----a-w-	c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2005-08-16 10:37	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2005-08-16 10:18	916480	----a-w-	c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2005-08-16 10:18	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2005-08-16 10:18	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2005-08-16 10:18	385024	----a-w-	c:\windows\system32\html.iec
2011-06-20 17:44 . 2005-08-16 10:18	293376	----a-w-	c:\windows\system32\winsrv.dll
2011-06-18 17:15 . 2011-06-18 17:15	73728	----a-w-	c:\windows\system32\javacpl.cpl
2011-06-18 17:15 . 2011-04-09 00:46	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-06-02 14:02 . 2005-08-16 10:18	1858944	----a-w-	c:\windows\system32\win32k.sys
2011-08-21 02:15 . 2011-08-10 20:57	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot_2011-08-18_20.49.59   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-26 16:21 . 2011-08-26 16:21	16384              c:\windows\Temp\Perflib_Perfdata_ad8.dat
+ 2011-08-26 16:01 . 2011-08-26 16:01	16384              c:\windows\Temp\Perflib_Perfdata_9ac.dat
- 2010-09-15 20:57 . 2010-11-03 13:12	46080              c:\windows\system32\tzchange.exe
+ 2010-09-15 20:57 . 2011-07-08 13:49	46080              c:\windows\system32\tzchange.exe
+ 2011-08-18 15:06 . 2010-07-05 13:15	17272              c:\windows\system32\spmsg.dll
- 2006-10-19 02:47 . 2006-10-19 02:47	295936              c:\windows\system32\wmpeffects.dll
+ 2006-10-19 02:47 . 2008-06-24 23:12	295936              c:\windows\system32\wmpeffects.dll
+ 2005-08-16 10:19 . 2006-12-04 21:21	414720              c:\windows\system32\msscp.dll
+ 2011-08-26 15:51 . 2011-08-26 15:51	133632              c:\windows\Installer\8a47061.msi
+ 2005-08-16 10:19 . 2007-06-27 03:10	317440              c:\windows\inf\unregmp2.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2005-12-12 143360]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"MBMon"="CTMBHA.DLL" [2006-06-29 1355042]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 1118208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04b\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-04-08 231592]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUFTQUctSkVMVFotMjJGT04tQVlNUFUtMkFCSkwtTQ&inst=NzYtODgzMjA1MTI3LVhPMzYrMS1OMUQrMS1UQjkrMi1QTCs5LVgyMDEwKzItUUlYMSs0LUYxME0xMEQrMS1WSVArMS1GSSsxLUZMMTArMS1ERFQrMA&prod=94&ver=10.0.1392" [?]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-6 24576]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2011-4-23 819200]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-Downloader.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
.
R1 MpKsl1814d59b;MpKsl1814d59b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D10EA1A1-5FF6-46DB-92A0-F117A7144F43}\MpKsl1814d59b.sys [8/28/2011 11:07 AM 28752]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/18/2011 12:25 PM 366640]
R2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [8/18/2011 8:59 AM 130000]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [4/1/2011 12:11 AM 428640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/18/2011 12:25 PM 22712]
S1 MpKsla83e90a5;MpKsla83e90a5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38C38A3E-BF20-46BA-8C5D-3C3BAEA458F6}\MpKsla83e90a5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38C38A3E-BF20-46BA-8C5D-3C3BAEA458F6}\MpKsla83e90a5.sys [?]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/15/2011 3:59 AM 183560]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/18/2011 12:25 PM 41272]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL145C2AD4
*NewlyCreated* - MPKSL157CC754
*NewlyCreated* - MPKSL1814D59B
*Deregistered* - MpKsl145c2ad4
*Deregistered* - MpKsl157cc754
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
2011-08-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2011-08-28 c:\windows\Tasks\User_Feed_Synchronization-{C1124392-06BB-4822-85EA-76F1D12BA298}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.1.1
DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} - hxxp://cdn03.oovoo.com/oovoomelink/oovoome/webvc/ooVooWeb.dll
FF - ProfilePath - c:\documents and settings\Terri Ward\Application Data\Mozilla\Firefox\Profiles\sgi5i0lq.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-28 17:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
Completion time: 2011-08-28  17:22:27
ComboFix-quarantined-files.txt  2011-08-28 22:22
ComboFix2.txt  2011-08-18 20:53
ComboFix3.txt  2011-08-18 13:50
.
Pre-Run: 185,286,676,480 bytes free
Post-Run: 185,384,476,672 bytes free
.
- - End Of File - - FEF42286EA1152E9786ED6E8C8716EBB