ericneedhelp

Kahdah, I uninstalled all the applications and updated Java. I set up a manual restore point. I assumed that's what you meant by by resetting the restore point for Vista. If I'm all set, I'll gladly stop pestering you. I can't say how much I appreciate your talents and help. I will definitely be making a donation. Thank you, Eric

I haven't gotten anymore popups. I ran a scan with Trend Micro and came up with a virus. The log is below. "Virus Scan","2010/03/25","MACCHINAMIA-PC" "Time","Event","Source Type","Virus Name","File Name","First Action","Second Action" "20:03","Manual Scan","File","TROJ_JAVA.AP","AppletX.class (C:\Users\egaylord\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\e91bd1e-5e5dcce4)","Quarantine Fail","" "20:03","Manual Scan","File","---","C:\Users\egaylord\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\e91bd1e-5e5dcce4","Quarantine Success","" What do you make of it? It says it was quarantined. Should I still have concerns? Thanks, Eric

OTL logfile created on: 3/24/2010 6:15:48 PM - Run 2 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\egaylord\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 136.74 Gb Total Space | 94.94 Gb Free Space | 69.43% Space Free | Partition Type: NTFS Drive D: | 9.77 Gb Total Space | 5.05 Gb Free Space | 51.75% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MACCHINAMIA-PC Current User Name: egaylord Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\egaylord\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe (ParetoLogic Inc.) PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.) PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) PRC - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software ) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) PRC - C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe (InstallShield Software Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\egaylord\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ZeppelinService) -- C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe (ParetoLogic Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (GoogleDesktopManager-061008-081103) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe (Trend Micro Inc.) SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe (Trend Micro Inc.) SRV - (Tmntsrv) -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe (Trend Micro Inc.) SRV - (PcCtlCom) -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe (Trend Micro Inc.) SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) ========== Driver Services (SafeList) ========== DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (tmxpflt) -- C:\Windows\System32\drivers\tmxpflt.sys (Trend Micro Inc.) DRV - (tmpreflt) -- C:\Windows\System32\drivers\tmpreflt.sys (Trend Micro Inc.) DRV - (vsapint) -- C:\Windows\System32\drivers\vsapint.sys (Trend Micro Inc.) DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (iaNvStor) Intel® -- C:\Windows\system32\drivers\ianvstor.sys (Intel Corporation) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.) DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.) DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.) DRV - (tmcfw) -- C:\Windows\System32\drivers\TM_CFW.sys (Trend Micro Inc.) DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 03:02:02 | 000,000,000 | ---D | M] [2009/08/25 00:30:37 | 000,000,000 | ---D | M] -- C:\Users\egaylord\AppData\Roaming\Mozilla\Extensions [2009/08/25 00:30:37 | 000,000,000 | ---D | M] -- C:\Users\egaylord\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.) O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC) O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\egaylord\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\INetHTTPFilter.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\INetHTTPFilter.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\INetHTTPFilter.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\INetHTTPFilter.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: marquetteassociates.com ([mx] https in Trusted sites) O15 - HKCU\..Trusted Domains: marquetteassociates.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\egaylord\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\egaylord\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010/03/23 21:29:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/03/23 21:29:27 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/03/23 21:28:06 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\egaylord\Desktop\mbam-setup.exe [2010/03/23 18:25:07 | 001,286,643 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Users\egaylord\Desktop\317377_intl_i386_zip.exe [2010/03/22 20:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/03/22 18:18:39 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Connect.dll [2010/03/22 18:17:22 | 000,000,000 | --SD | C] -- C:\ComboFix [2010/03/22 18:17:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010/03/20 23:49:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010/03/20 23:49:28 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010/03/20 23:49:28 | 000,000,000 | ---D | C] -- C:\Users\egaylord\AppData\Local\temp [2010/03/20 23:34:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010/03/20 23:34:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010/03/20 23:34:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/03/20 23:33:36 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/03/20 17:26:26 | 000,000,000 | ---D | C] -- C:\Avenger [2010/03/20 17:20:49 | 000,000,000 | ---D | C] -- C:\Users\egaylord\Desktop\avenger [2010/03/19 20:54:54 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\egaylord\Desktop\OTL.exe [2010/03/19 18:11:22 | 000,000,000 | ---D | C] -- C:\Users\egaylord\Desktop\Other [2010/03/18 21:03:52 | 000,000,000 | ---D | C] -- C:\Users\egaylord\Desktop\RootRepeal [2010/03/18 19:39:57 | 000,472,064 | ---- | C] ( ) -- C:\Users\egaylord\Desktop\RootRepl.exe [2010/03/18 17:33:57 | 000,000,000 | ---D | C] -- C:\Users\egaylord\Desktop\the_one [2010/03/17 22:56:29 | 000,000,000 | ---D | C] -- C:\Users\egaylord\Desktop\tdsskiller [2010/03/17 02:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic Anti-Virus PLUS [2010/03/17 02:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic [2010/03/17 02:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic [2010/03/17 02:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic [2010/03/17 02:24:30 | 000,000,000 | ---D | C] -- C:\Users\egaylord\AppData\Local\Downloaded Installations [2010/03/17 02:09:33 | 050,682,256 | ---- | C] (Microsoft Corporation) -- C:\Users\egaylord\Desktop\mpam-fe.exe [2010/03/17 02:05:14 | 050,993,552 | ---- | C] (Microsoft Corporation) -- C:\Users\egaylord\Desktop\mpam-fex64.exe [2010/03/10 04:01:20 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2010/03/10 04:01:18 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll [2010/03/09 02:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter [2010/02/23 20:52:04 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2010/02/23 20:51:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010/02/23 20:51:27 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2010/02/23 20:51:27 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2010/02/23 20:51:25 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2010/02/23 20:51:25 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2010/02/23 20:51:25 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2010/02/23 20:51:25 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2010/02/23 20:51:25 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2010/02/23 20:51:25 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2010/02/23 20:51:24 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll [2010/02/23 20:51:21 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2010/02/23 20:51:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010/02/23 20:51:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll ========== Files - Modified Within 30 Days ========== [2010/03/24 18:16:25 | 005,297,184 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat [2010/03/24 18:15:54 | 002,359,296 | -HS- | M] () -- C:\Users\egaylord\NTUSER.DAT [2010/03/24 18:09:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/03/23 23:08:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/03/23 23:08:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/03/23 21:29:31 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/03/23 21:28:14 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\egaylord\Desktop\mbam-setup.exe [2010/03/23 18:25:22 | 001,286,643 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Users\egaylord\Desktop\317377_intl_i386_zip.exe [2010/03/22 18:18:39 | 001,645,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Connect.dll [2010/03/22 18:18:38 | 000,000,743 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010/03/21 11:16:03 | 001,045,258 | ---- | M] () -- C:\Users\egaylord\Desktop\False Posistive.zip.zip [2010/03/20 23:46:15 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010/03/20 23:32:47 | 003,895,855 | R--- | M] () -- C:\Users\egaylord\Desktop\ComboFix.exe [2010/03/20 22:43:08 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job [2010/03/20 17:31:53 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/03/20 17:31:53 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/03/20 17:31:53 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/03/20 17:26:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/03/20 17:26:37 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys [2010/03/20 17:26:09 | 000,066,824 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx [2010/03/20 17:25:13 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010/03/20 17:24:58 | 000,524,288 | -HS- | M] () -- C:\Users\egaylord\NTUSER.DAT{1101a4f1-6a93-11dd-9308-001e4ce808ae}.TMContainer00000000000000000001.regtrans-ms [2010/03/20 17:24:58 | 000,065,536 | -HS- | M] () -- C:\Users\egaylord\NTUSER.DAT{1101a4f1-6a93-11dd-9308-001e4ce808ae}.TM.blf [2010/03/20 17:24:49 | 001,990,859 | -H-- | M] () -- C:\Users\egaylord\AppData\Local\IconCache.db [2010/03/20 17:20:22 | 000,724,952 | ---- | M] () -- C:\Users\egaylord\Desktop\avenger.zip [2010/03/19 21:40:25 | 000,293,376 | ---- | M] () -- C:\Users\egaylord\Desktop\cn1t0e9d.exe [2010/03/19 20:55:09 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\egaylord\Desktop\OTL.exe [2010/03/19 20:21:41 | 000,227,840 | ---- | M] () -- C:\Users\egaylord\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/03/19 20:18:32 | 000,001,356 | ---- | M] () -- C:\Users\egaylord\AppData\Local\d3d9caps.dat [2010/03/18 22:12:10 | 000,000,000 | ---- | M] () -- C:\Users\egaylord\Desktop\settings.dat [2010/03/18 21:00:50 | 000,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat [2010/03/18 21:00:21 | 000,464,491 | ---- | M] () -- C:\Users\egaylord\Desktop\RootRepeal.zip [2010/03/17 23:22:25 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job [2010/03/17 22:55:49 | 000,155,752 | ---- | M] () -- C:\Users\egaylord\Desktop\tdsskiller.zip [2010/03/17 21:40:50 | 000,015,069 | ---- | M] () -- C:\Users\egaylord\Desktop\need.docx [2010/03/17 02:36:22 | 000,000,000 | ---- | M] () -- C:\rollback.ini [2010/03/17 02:09:36 | 050,682,256 | ---- | M] (Microsoft Corporation) -- C:\Users\egaylord\Desktop\mpam-fe.exe [2010/03/17 02:05:19 | 050,993,552 | ---- | M] (Microsoft Corporation) -- C:\Users\egaylord\Desktop\mpam-fex64.exe [2010/03/16 20:21:40 | 000,009,805 | ---- | M] () -- C:\Users\egaylord\Documents\list2.xlsx [2010/03/15 10:33:04 | 000,146,042 | ---- | M] () -- C:\Users\egaylord\Desktop\St. Louis.jpg [2010/03/13 17:18:52 | 002,901,504 | ---- | M] () -- C:\Users\egaylord\Desktop\M.Gocheva-CV-EN-2010.doc [2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\Windows\PEV.exe [2010/03/11 22:00:48 | 269,221,086 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/03/08 21:09:23 | 000,002,585 | ---- | M] () -- C:\Users\egaylord\Desktop\Microsoft Office Excel 2007.lnk [2010/03/04 19:34:29 | 000,000,162 | -H-- | M] () -- C:\Users\egaylord\Desktop\~$itar pedals.docx [2010/02/25 00:52:50 | 000,074,912 | ---- | M] () -- C:\Users\egaylord\AppData\Local\GDIPFONTCACHEV1.DAT [2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010/02/24 04:24:25 | 000,313,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2010/03/23 21:29:31 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/03/23 18:25:52 | 001,181,109 | ---- | C] () -- C:\Users\egaylord\Desktop\Windows6.0-KB939677-v2-x86.msu [2010/03/22 18:18:38 | 000,000,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010/03/21 11:13:03 | 001,045,258 | ---- | C] () -- C:\Users\egaylord\Desktop\False Posistive.zip.zip [2010/03/20 23:34:24 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe [2010/03/20 23:34:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010/03/20 23:34:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010/03/20 23:34:24 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010/03/20 23:34:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010/03/20 23:32:40 | 003,895,855 | R--- | C] () -- C:\Users\egaylord\Desktop\ComboFix.exe [2010/03/20 17:19:34 | 000,724,952 | ---- | C] () -- C:\Users\egaylord\Desktop\avenger.zip [2010/03/19 21:38:43 | 000,293,376 | ---- | C] () -- C:\Users\egaylord\Desktop\cn1t0e9d.exe [2010/03/19 20:29:23 | 2137,042,944 | -HS- | C] () -- C:\hiberfil.sys [2010/03/18 22:12:10 | 000,000,000 | ---- | C] () -- C:\Users\egaylord\Desktop\settings.dat [2010/03/18 21:00:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat [2010/03/18 21:00:10 | 000,464,491 | ---- | C] () -- C:\Users\egaylord\Desktop\RootRepeal.zip [2010/03/17 22:55:38 | 000,155,752 | ---- | C] () -- C:\Users\egaylord\Desktop\tdsskiller.zip [2010/03/17 21:40:49 | 000,015,069 | ---- | C] () -- C:\Users\egaylord\Desktop\need.docx [2010/03/17 02:40:10 | 000,000,448 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job [2010/03/17 02:37:46 | 005,295,392 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat [2010/03/17 02:37:46 | 000,066,824 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx [2010/03/17 02:36:22 | 000,000,000 | ---- | C] () -- C:\rollback.ini [2010/03/17 02:29:50 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version2.job [2010/03/15 10:32:17 | 000,146,042 | ---- | C] () -- C:\Users\egaylord\Desktop\St. Louis.jpg [2010/03/13 17:18:50 | 002,901,504 | ---- | C] () -- C:\Users\egaylord\Desktop\M.Gocheva-CV-EN-2010.doc [2010/03/09 02:09:16 | 000,380,928 | ---- | C] () -- C:\Windows\System32\ac3filter.acm [2010/03/04 19:34:29 | 000,000,162 | -H-- | C] () -- C:\Users\egaylord\Desktop\~$itar pedals.docx [2010/01/14 11:27:14 | 000,111,960 | ---- | C] () -- C:\Windows\System32\INetHTTPFilter.dll [2008/11/21 16:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008/11/21 16:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2008/11/21 16:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest [2008/11/21 16:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008/07/20 21:39:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2008/03/17 01:09:44 | 000,001,356 | ---- | C] () -- C:\Users\egaylord\AppData\Local\d3d9caps.dat [2008/01/30 23:28:49 | 000,227,840 | ---- | C] () -- C:\Users\egaylord\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/01/22 19:17:36 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2008/01/22 19:17:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll [2008/01/22 19:17:35 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2008/01/22 19:17:33 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll [2008/01/22 19:17:33 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2008/01/22 19:17:31 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007/07/25 17:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll [2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006/11/03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== Files - Unicode (All) ========== [2010/03/13 17:16:03 | 000,113,664 | ---- | M] ()(C:\Users\egaylord\Desktop\?.??????-?????????????-2010.doc) -- C:\Users\egaylord\Desktop\М.Гочева-Автобиография-2010.doc [2010/03/13 15:54:59 | 000,113,664 | ---- | C] ()(C:\Users\egaylord\Desktop\?.??????-?????????????-2010.doc) -- C:\Users\egaylord\Desktop\М.Гочева-Автобиография-2010.doc [2009/10/13 23:23:28 | 000,000,000 | ---D | M](C:\Users\egaylord\Desktop\CTAPOCE?) -- C:\Users\egaylord\Desktop\CTAPOCEЛ [2009/10/11 13:40:33 | 000,000,000 | ---D | C](C:\Users\egaylord\Desktop\CTAPOCE?) -- C:\Users\egaylord\Desktop\CTAPOCEЛ < End of report >

I found a chat where someone suggested the InstallShield error meant the file might be corrupted. I downloaded the program again, and was able to run it. Below is my quick scan log. It came out clean. Malwarebytes' Anti-Malware 1.44 Database version: 3907 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 3/23/2010 9:41:15 PM mbam-log-2010-03-23 (21-41-15).txt Scan type: Quick Scan Objects scanned: 110416 Time elapsed: 5 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

That Hotfix from microsoft didn't work for me. I unzipped it and when I tried to run it, it told me the update was not appropriate for my machine. I posted my question to the InstallShield forum, so I guess I'll just wait and see if I get a response for now.

ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=fc6d779d89732c4c9810e33cdfa1676b # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-03-23 02:49:00 # local_time=2010-03-22 09:49:00 (-0600, Central Daylight Time) # country="United States" # lang=9 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 67367531 67367531 0 0 # compatibility_mode=5892 16776573 100 100 0 105914327 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=137043 # found=0 # cleaned=0 # scan_time=5741

I can't run it. Before I started this topic, I had uninstalled it since it wasn't picking up the virus. I downloaded the free version again on an uninfected computer and transfered the file via flash drive to my PC with a different name for MBAM Setup. However, I have not been able to install it. It continues to say "The InstallShield Engine (ikernel.exe) could not be installed. The system cannot find the file specified." I assumed that the virus disabled my ability to use my installation wizard. It still doesn't work. I can download the full version if my computer is now safe enough to use the online payment. What do you suggest? Thanks

C:\Qoobox\Quarantine\c\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk.vir -> c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ( 743 bytes ) C:\Qoobox\Quarantine\c\windows\system32\Connect.dll.vir -> c:\windows\system32\Connect.dll ( 1645568 bytes ) C:\Qoobox\Quarantine\c\windows\system32\Connect.dll.vir -> c:\windows\system32\Connect.dll ( 1645568 bytes )

I submitted the zipped folder.

ComboFix 10-03-20.01 - egaylord 03/20/2010 23:36:19.1.2 - x86 Microsoft

Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Driver "pkhjeal" disabled successfully. Driver "pkhjeal" deleted successfully. File "C:\Windows\System32\drivers\pkhjeal.sys" deleted successfully. Completed script processing. ******************* Finished! Terminate.

Virus Total File pkhjeal.sys received on 2010.03.20 17:37:38 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 2/42 (4.77%) Loading server information... Your file is queued in position: 2. Estimated start time is between 49 and 70 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.50 2010.03.20 - AhnLab-V3 5.0.0.2 2010.03.20 - AntiVir 8.2.1.196 2010.03.19 - Antiy-AVL 2.0.3.7 2010.03.19 - Authentium 5.2.0.5 2010.03.19 - Avast 4.8.1351.0 2010.03.20 - Avast5 5.0.332.0 2010.03.20 - AVG 9.0.0.787 2010.03.20 - BitDefender 7.2 2010.03.20 - CAT-QuickHeal 10.00 2010.03.19 - ClamAV 0.96.0.0-git 2010.03.20 - Comodo 4331 2010.03.20 - DrWeb 5.0.1.12222 2010.03.20 - eSafe 7.0.17.0 2010.03.18 - eTrust-Vet 35.2.7376 2010.03.19 - F-Prot 4.5.1.85 2010.03.19 - F-Secure 9.0.15370.0 2010.03.20 - Fortinet 4.0.14.0 2010.03.20 - GData 19 2010.03.20 - Ikarus T3.1.1.80.0 2010.03.20 - Jiangmin 13.0.900 2010.03.20 - K7AntiVirus 7.10.1002 2010.03.19 - Kaspersky 7.0.0.125 2010.03.20 - McAfee 5926 2010.03.20 - McAfee+Artemis 5926 2010.03.20 - McAfee-GW-Edition 6.8.5 2010.03.20 Heuristic.BehavesLike.Win32.Rootkit.H Microsoft 1.5605 2010.03.20 - NOD32 4961 2010.03.20 - Norman 6.04.09 2010.03.20 - nProtect 2009.1.8.0 2010.03.20 - Panda 10.0.2.2 2010.03.20 - PCTools 7.0.3.5 2010.03.20 - Prevx 3.0 2010.03.20 - Rising 22.39.05.02 2010.03.20 - Sophos 4.51.0 2010.03.20 - Sunbelt 5991 2010.03.20 - Symantec 20091.2.0.41 2010.03.20 Suspicious.Insight TheHacker 6.5.2.0.241 2010.03.20 - TrendMicro 9.120.0.1004 2010.03.20 - VBA32 3.12.12.2 2010.03.19 - ViRobot 2010.3.19.2236 2010.03.20 - VirusBuster 5.0.27.0 2010.03.20 - Additional information File size: 34816 bytes MD5...: 60ac082b41e60906171335dfbf8c19c0 SHA1..: 26b0961cc7853afa4746fd0f6467dd2ea824640c SHA256: 2c96a4de3136452582421c98b242e16322d92be339cfeeffa4ad78ef98e72c04 ssdeep: 768:4g8LdAtuYio46ewQRkaJynKd+lvJHu/HdguHyt4CgDO5:4gmYiD6ewQFJ7+l F4HHyfl PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xa005 timedatestamp.....: 0x4a802350 (Mon Aug 10 13:40:32 2009) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x6758 0x6800 6.48 ddec351c17b489da4e02d3467286e7e8 .rdata 0x8000 0x2c4 0x400 2.37 47f9df68a510a65916dd81b35ad8c701 .data 0x9000 0x448 0x400 1.92 f52a217fb7cf59b892d5a30207f584d5 INIT 0xa000 0x96e 0xa00 5.35 171991e190f8a2a0bd78f85943a0ac26 .reloc 0xb000 0x896 0xa00 5.77 46a97c1914f16a92c2cd7d3f3ca62f13 ( 2 imports ) > ntoskrnl.exe: ObfReferenceObject, IoGetDeviceObjectPointer, RtlInitUnicodeString, IoDeleteDevice, IoDeleteSymbolicLink, IofCompleteRequest, ZwQuerySystemInformation, IoDeviceObjectType, IoDriverObjectType, PsGetVersion, MmSystemRangeStart, KeServiceDescriptorTable, PsLookupProcessByProcessId, MmGetSystemRoutineAddress, MmGetVirtualForPhysical, MmGetPhysicalAddress, MmIsAddressValid, wcscpy, wcslen, IoGetCurrentProcess, _except_handler3, IoCreateSymbolicLink, IoCreateDevice, KeDelayExecutionThread, KiDispatchInterrupt, KeWaitForSingleObject, KeSetAffinityThread, PsTerminateSystemThread, _wcsnicmp, RtlAnsiStringToUnicodeString, wcscat, ObReferenceObjectByHandle, ZwClose, ZwDuplicateObject, ObOpenObjectByPointer, ZwTerminateProcess, RtlVolumeDeviceToDosName, PsProcessType, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, strncat, ZwQueryValueKey, ZwOpenKey, KeSetEvent, KeInsertQueueDpc, KeSetTargetProcessorDpc, KeInitializeDpc, KeInitializeEvent, KeNumberProcessors, ExGetPreviousMode, KeGetCurrentThread, ObQueryNameString, PsGetCurrentThreadId, ObOpenObjectByName, RtlImageDirectoryEntryToData, ExDeletePagedLookasideList, ExFreeToPagedLookasideList, ExAllocateFromPagedLookasideList, PsIsThreadTerminating, ExInitializePagedLookasideList, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, MmUnlockPages, wcsncmp, IoFreeIrp, IoAllocateIrp, IoBuildSynchronousFsdRequest, _allmul, IoGetRelatedDeviceObject, IoFileObjectType, IoCreateFile, IoBuildDeviceIoControlRequest, wcscmp, IofCallDriver, DbgPrint, KeAddSystemServiceTable, KeTickCount, KeBugCheckEx, ExAllocatePoolWithTag, wcsncpy, wcsncat, ObfDereferenceObject, PsThreadType, ExFreePoolWithTag > HAL.dll: KeRaiseIrqlToDpcLevel, KfLowerIrql, KeStallExecutionProcessor, HalReturnToFirmware, KeGetCurrentIrql ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win32 Executable Generic (58.5%) Clipper DOS Executable (13.8%) Generic Win/DOS Executable (13.7%) DOS Executable Generic (13.7%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) packers (Kaspersky): PE_Patch sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned

Jotti FileFilename: pkhjeal.sys Status: Scan finished. 0 out of 20 scanners reported malware. Scan taken on: Sat 20 Mar 2010 18:33:52 (CET) Permalink

Kahdah, Rather than make several posts to show the whole GMER log, I attached the txt file. If this doesn't work for you, let me know, and I'll post it in chunks, or I'll post only pertinent sections as requested by you. Thank you very much for your help. -Eric ark.txt

OTL Extras logfile created on: 3/19/2010 8:57:48 PM - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\egaylord\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 136.74 Gb Total Space | 93.32 Gb Free Space | 68.24% Space Free | Partition Type: NTFS Drive D: | 9.77 Gb Total Space | 5.05 Gb Free Space | 51.75% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MACCHINAMIA-PC Current User Name: egaylord Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{027D42CF-1F92-4CC3-BFF1-BA2DE2CAC196}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1350E4A0-267C-4605-9626-AD051C0F4FE0}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe | "{282B57E6-34FA-498B-B651-9FFBA68A8D13}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | "{2FA1E93B-D881-4B27-A801-581CCEC8FF71}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe | "{50427C2F-1DAF-42A5-BD3E-6B2706A5F5AD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5F8AE4DD-F6B0-402A-8D03-2164F37011C7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{60D1694D-6901-4FFF-B322-3C1E4EDEC6A5}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{7DD2AEB8-CDA3-4A84-84FB-E25E4DB90814}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | "{80B6F9B3-4CFD-4E16-85E8-697F4FB6CF95}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{84C7F8CB-E4C6-4F1E-AB0A-F0AE491CB5DA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{8E3268DC-FFFB-4310-8FB6-FAB4CD64D683}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{90ADAE5A-C2A2-4FA4-B0D6-99291E266433}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | "{98B19B71-AB09-4D91-842B-28BCBAA72211}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9D252F8D-7BD8-410B-AD35-AE7D93402678}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe | "{B6CB46E6-08D2-493B-A93B-70C1E4B1B044}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C429CDCC-8538-4746-B087-3B40D3446EA0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{C6F0B452-6EB2-4CD1-BAE4-CB9B3AF23CA9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{D5885F45-8532-4C77-B5A8-ECB60B401541}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F6D22BBB-294B-4537-8C1C-82E67A46497A}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe | "{F80C48E0-742C-4C6E-A302-64484291DD7C}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0 "{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6 "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype