dirkfreeman
Members-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by dirkfreeman
-
All is updated. I can't thank you enough for your help and time.i will donate what I can to the cause. I want to know if I can delete all the programs I downloaded during this clean: GMER, DDS, TDS KILLER, COMBO FIX AND RE-ENABLE emulator drives via fogger ...etc.
-
As per your request: ESET LOG: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=dc8cdfe15f900e478e39163bb1e0ce2f # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-07-04 02:02:50 # local_time=2011-07-03 10:02:50 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1024 16777215 100 0 22138482 22138482 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=51097 # found=0 # cleaned=0 # scan_time=1342 BIT DEFENDER LOG: QuickScan Beta 32-bit v0.9.9.96 ------------------------------- Scan date: Sun Jul 03 22:06:18 2011 Machine ID: B463FF49 No infection found. ------------------- Processes --------- brother Industries Ltd brss01a.exe 1532 C:\WINDOWS\system32\BRSS01A.EXE brother Industries Ltd brsvc01a 1496 C:\WINDOWS\system32\BRSVC01A.EXE Brother MFL Pro 1096 C:\WINDOWS\system32\Brmfrmps.exe Brother MFL Pro 2108 C:\WINDOWS\system32\BrmfRsmg.exe Dragon NaturallySpeaking 1152 C:\Program Files\Common Files\Nuance\dgnsvc.exe Intuit Update Service 1276 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe Java Platform SE 6 U26 1616 C:\Program Files\Java\jre6\bin\jqs.exe Java Platform SE Auto Updater 2 0 500 C:\Program Files\Common Files\Java\Java Update\jusched.exe Microsoft® Windows® Operating System 3036 C:\WINDOWS\system32\wscntfy.exe OpenOffice.org 3.1 908 C:\Program Files\OpenOffice.org 3\program\soffice.bin OpenOffice.org 3.1 128 C:\Program Files\OpenOffice.org 3\program\soffice.exe PaperPort 168 C:\Program Files\Scansoft\PaperPort\pptd40nt.exe Software Manager 512 C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe SupportSoft Repair Service 1448 C:\Program Files\VERIZONDM\bin\tgsrvc.exe SupportSoft sprtcmd 476 C:\Program Files\VERIZONDM\bin\sprtcmd.exe SupportSoft sprtsvc 1644 C:\Program Files\VERIZONDM\bin\sprtsvc.exe (verified) Microsoft® Windows® Operating System 1880 C:\WINDOWS\explorer.exe (verified) Microsoft® Windows® Operating System 3068 C:\WINDOWS\system32\alg.exe (verified) Microsoft® Windows® Operating System 688 C:\WINDOWS\system32\csrss.exe (verified) Microsoft® Windows® Operating System 1712 C:\WINDOWS\system32\ctfmon.exe (verified) Microsoft® Windows® Operating System 768 C:\WINDOWS\system32\lsass.exe (verified) Microsoft® Windows® Operating System 756 C:\WINDOWS\system32\services.exe (verified) Microsoft® Windows® Operating System 640 C:\WINDOWS\system32\smss.exe (verified) Microsoft® Windows® Operating System 1524 C:\WINDOWS\system32\spoolsv.exe (verified) Microsoft® Windows® Operating System 1320 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 940 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1012 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1952 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1028 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1124 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1236 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 712 C:\WINDOWS\system32\winlogon.exe (verified) Windows® Internet Explorer 2188 C:\Program Files\Internet Explorer\iexplore.exe (verified) Windows® Internet Explorer 1844 C:\Program Files\Internet Explorer\iexplore.exe (verified) Windows® Internet Explorer 3584 C:\Program Files\Internet Explorer\iexplore.exe Network activity ---------------- Process iexplore.exe (2188) connected on port 80 (HTTP) --> 66.235.142.58 Process iexplore.exe (2188) connected on port 80 (HTTP) --> 91.199.104.31 Process iexplore.exe (2188) connected on port 443 (HTTP over SSL) --> 72.14.204.95 Process iexplore.exe (2188) connected on port 80 (HTTP) --> 72.14.204.96 Process iexplore.exe (2188) connected on port 80 (HTTP) --> 69.171.228.14 Process iexplore.exe (2188) connected on port 80 (HTTP) --> 74.125.226.97 Process iexplore.exe (2188) connected on port 80 (HTTP) --> 74.125.226.153 Process iexplore.exe (2188) connected on port 80 (HTTP) --> 204.2.199.33 Process iexplore.exe (2188) connected on port 80 (HTTP) --> 204.2.199.33 Process iexplore.exe (2188) connected on port 80 (HTTP) --> 204.2.199.26 Process iexplore.exe (2188) connected on port 80 (HTTP) --> 204.2.199.33 Process iexplore.exe (2188) connected on port 443 (HTTP over SSL) --> 72.14.204.96 Process iexplore.exe (3584) connected on port 80 (HTTP) --> 74.125.226.97 Process iexplore.exe (3584) connected on port 80 (HTTP) --> 69.171.228.12 Process iexplore.exe (3584) connected on port 80 (HTTP) --> 63.118.252.56 Process iexplore.exe (3584) connected on port 80 (HTTP) --> 63.118.252.56 Process iexplore.exe (3584) connected on port 80 (HTTP) --> 204.2.199.33 Process iexplore.exe (3584) connected on port 80 (HTTP) --> 204.2.199.33 Process svchost.exe (1028) listens on ports: 135 (RPC) Autoruns and critical files --------------------------- Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe BrStDvPt.exe C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe IndexSearch.exe C:\Program Files\Scansoft\PaperPort\IndexSearch.exe Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll Java Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\logon.scr Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll Microsoft® Windows® Operating System c:\windows\system32\userinit.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll PaperPort C:\Program Files\Scansoft\PaperPort\pptd40nt.exe quickstart.exe C:\Program Files\OpenOffice.org 3\program\quickstart.exe Software Manager C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe SSEreg C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe SupportSoft sprtcmd C:\Program Files\VERIZONDM\bin\sprtcmd.exe (verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe (verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cmd.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll (verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll Browser plugins --------------- AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll Google Update C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll Java Deployment Toolkit 6.0.260.3 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll Java Platform SE 6 U26 c:\program files\java\jre6\bin\jp2ssv.dll Java Platform SE 6 U26 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll Java Platform SE 6 U26 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll Messenger C:\Program Files\Messenger\msmsgs.exe Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (verified) Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll Scan ---- MD5: 6bf7676296d5359afc135a5397000053 C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll MD5: 69169586efad19f53c2012ffd8fdcf45 C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe MD5: c06865c7be558b4c39ba4a6b1acfc3f2 C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe MD5: 203a74767eb81f96a5166b1933db46d0 c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll MD5: ff575e76da89a3cede920bb71ee2f3c7 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll MD5: 47c1de0a890613ffcff1d67648eedf90 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe MD5: 7bdb4e00e1cb174b56e5b2c31dde68a7 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe MD5: 13e7cfe8e269ed15e7fc9c3ebbcb7e2b C:\Program Files\Common Files\Java\Java Update\jusched.exe MD5: bb45013a0e6ec0f39be4ef663ff2e993 C:\Program Files\Common Files\Nuance\dgnsvc.exe MD5: 0f445b821549f9ff471bba56c69953d4 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll MD5: 5696576e4e717efc67fcb62953800064 C:\Program Files\Internet Explorer\ieproxy.dll MD5: 91aa17d860c4903fa8d0d8c009a449f5 C:\Program Files\internet explorer\xpshims.dll MD5: e7d55e121ff1951cb86c7e0dc6a33877 c:\program files\java\jre6\bin\jp2ssv.dll MD5: 9dba73c2f1e76ec4cb837e67c5743596 C:\Program Files\Java\jre6\bin\jqs.exe MD5: 1040bd9bf3ddab7cda2346f8375480a2 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll MD5: 2c003d049cd5e45bb88b6f8583561035 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe MD5: 5eb6f21d95e728c61bcfc89f899d6bb0 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll MD5: 4e3216231cba873f1d88cc3a755cc4af C:\Program Files\Mozilla Firefox\plugins\npnul32.dll MD5: 8b07628e389e72b83473383914333ad6 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll MD5: 32e0d290a7709d494a45cc25cccbd5fc C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe MD5: fea2267ea2ee9b2875a3aa7413b5abaf C:\Program Files\OpenOffice.org 3\Basis\program\aggmi.dll MD5: b54f59cc209e7fdb72ccd7cf15f59a42 C:\Program Files\OpenOffice.org 3\Basis\program\avmediami.dll MD5: ec777d00c045b81b7250e3813de693bf C:\Program Files\OpenOffice.org 3\Basis\program\basegfxmi.dll MD5: ffb765e1575f0208547045dbf0f1df81 C:\Program Files\OpenOffice.org 3\Basis\program\behelper.uno.dll MD5: 7a3c82f69940d0c3fb1d7298855fc3ed C:\Program Files\OpenOffice.org 3\Basis\program\canvastoolsmi.dll MD5: 86d0238ae1612cfd76e50074dc78b0d6 C:\Program Files\OpenOffice.org 3\Basis\program\comphelp4MSC.dll MD5: 4900a882544e957dfacc04bc094f7a28 C:\Program Files\OpenOffice.org 3\Basis\program\configmgr2.uno.dll MD5: 35b1cc132624824118608fbf63526e07 C:\Program Files\OpenOffice.org 3\Basis\program\cppcanvasmi.dll MD5: 7e93d070a3ce9695d02089b1fe6df40e C:\Program Files\OpenOffice.org 3\Basis\program\drawinglayermi.dll MD5: 7f4e486b53d3be35f73ae1f148f7a490 C:\Program Files\OpenOffice.org 3\Basis\program\emsermi.dll MD5: e7b469225bebbead7e5a8a31ed0cbcf1 C:\Program Files\OpenOffice.org 3\Basis\program\fwemi.dll MD5: a4da893881141a04d09ff24cbb844f3d C:\Program Files\OpenOffice.org 3\Basis\program\fwimi.dll MD5: 2288aad3c3203aac7ddc548c07fded0e C:\Program Files\OpenOffice.org 3\Basis\program\fwkmi.dll MD5: 78d0a9c927aafdb202828f2189c2e3ec C:\Program Files\OpenOffice.org 3\Basis\program\fwlmi.dll MD5: 46195ef986e6c6c78861269b11cecb1a C:\Program Files\OpenOffice.org 3\Basis\program\gomi.dll MD5: 80c94a37496133cea74db36da68d4c49 C:\Program Files\OpenOffice.org 3\Basis\program\i18nisolang1MSC.dll MD5: 8900803d62cab939fa29942a104af1fb C:\Program Files\OpenOffice.org 3\Basis\program\i18nutilMSC.dll MD5: 763ee029dac8afeef236f8ea0f02454d C:\Program Files\OpenOffice.org 3\Basis\program\icudt40.dll MD5: 88e26cca39355d8a11044236beaa2298 C:\Program Files\OpenOffice.org 3\Basis\program\icuuc40.dll MD5: 8d89de6fdf53f79f7303b5c179ef5cc2 C:\Program Files\OpenOffice.org 3\Basis\program\jmi_g.dll MD5: 93c81bd83dfd0c42249132368c9ef6d0 C:\Program Files\OpenOffice.org 3\Basis\program\lngmi.dll MD5: 1e13bf8039d8d41e25875abfeb8664fe C:\Program Files\OpenOffice.org 3\Basis\program\localebe1.uno.dll MD5: 68fbf735ff797330b8c266f85c0af029 C:\Program Files\OpenOffice.org 3\Basis\program\oleautobridge.uno.dll MD5: fdb278ec2321d2927e820833dd2db1e4 C:\Program Files\OpenOffice.org 3\Basis\program\oooimprovementmi.dll MD5: a3996ffaa613c9475d927815971f6f27 C:\Program Files\OpenOffice.org 3\Basis\program\sax.uno.dll MD5: 080361413a529cbf4bca29458f3645a4 C:\Program Files\OpenOffice.org 3\Basis\program\saxmi.dll MD5: 3e44dc6abf600dc72abd28952c0dde6b C:\Program Files\OpenOffice.org 3\Basis\program\sbmi.dll MD5: 55201820b7b08c06ef26960494f91c63 C:\Program Files\OpenOffice.org 3\Basis\program\sfxmi.dll MD5: 3ef2a4bd267ac889cf90d0ec80cc9a11 C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll MD5: 2c6df80a7c4c651f1fa2e34e3aff9261 C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\stlport_vc7145.dll MD5: 9327591ff176e68321d183915abb95b1 C:\Program Files\OpenOffice.org 3\Basis\program\sofficeapp.dll MD5: 58a1ed9bba5e34542ff83b3ddd7098d7 C:\Program Files\OpenOffice.org 3\Basis\program\sotmi.dll MD5: 719ed0c342b6d08eda06e81e5ec06d0e C:\Program Files\OpenOffice.org 3\Basis\program\svlmi.dll MD5: a227b5445ea515f76a41f7866ee6f5b0 C:\Program Files\OpenOffice.org 3\Basis\program\svtmi.dll MD5: e5de55fbf1341b415b1d38fc46bd9ae0 C:\Program Files\OpenOffice.org 3\Basis\program\svxmi.dll MD5: b337985df8c817f5dd25e0eef53d0802 C:\Program Files\OpenOffice.org 3\Basis\program\sysmgr1.uno.dll MD5: b6e37ca1a90bdb216b4283a03bd8d949 C:\Program Files\OpenOffice.org 3\Basis\program\tkmi.dll MD5: 4d973b73e7106e3b0b643735d0fa018e C:\Program Files\OpenOffice.org 3\Basis\program\tlmi.dll MD5: eb7f4ec6229c5dd414a0125ccf49d1bd C:\Program Files\OpenOffice.org 3\Basis\program\ucb1.dll MD5: f47e9129c15aa428ddf8da09d975a140 C:\Program Files\OpenOffice.org 3\Basis\program\ucbhelper4MSC.dll MD5: bc4832b2695effb1a7b7b238ccf21387 C:\Program Files\OpenOffice.org 3\Basis\program\ucpfile1.dll MD5: a4fded4d1eb782c46dd6cdc5121967e4 C:\Program Files\OpenOffice.org 3\Basis\program\utlmi.dll MD5: 7190caabbee93cfd43fb1ed2dcc7e426 C:\Program Files\OpenOffice.org 3\Basis\program\vclmi.dll MD5: c82951d8d50299bedc8484f7bd0ac601 C:\Program Files\OpenOffice.org 3\Basis\program\vos3MSC.dll MD5: cb9c5d21318a7c8eace7faf49886ebed C:\Program Files\OpenOffice.org 3\Basis\program\xcrmi.dll MD5: ba1461b25dbc3071378db4291a985823 C:\Program Files\OpenOffice.org 3\Basis\program\xomi.dll MD5: 2da8a753e4e32904596d00464022569a C:\Program Files\OpenOffice.org 3\program\libxml2.dll MD5: c047c9c6cd8e134afdfdb374e80547e5 C:\Program Files\OpenOffice.org 3\program\quickstart.exe MD5: 873867a02f0e83f18cf871e776b651dc C:\Program Files\OpenOffice.org 3\program\soffice.bin MD5: 83170b8e03213093b065a9638e146499 C:\Program Files\OpenOffice.org 3\program\soffice.exe MD5: 57a659edd410fa41f2d6578880ba17b1 C:\Program Files\OpenOffice.org 3\URE\bin\bootstrap.uno.dll MD5: 235923af735f5c8ea83243ff56c9c140 C:\Program Files\OpenOffice.org 3\URE\bin\cppu3.dll MD5: 8e0ce415dcd35c9f2f559487ca8c93d1 C:\Program Files\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll MD5: cedecce16e90fbff125d2b233309d840 C:\Program Files\OpenOffice.org 3\URE\bin\jvmaccess3MSC.dll MD5: 09acbb8557860bb035eb76f44caa9d46 C:\Program Files\OpenOffice.org 3\URE\bin\jvmfwk3.dll MD5: d3f67e5aed36efcaee13cc904356331b C:\Program Files\OpenOffice.org 3\URE\bin\msci_uno.dll MD5: a567008bcff6fc8803681fd6e05db495 C:\Program Files\OpenOffice.org 3\URE\bin\purpenvhelper3MSC.dll MD5: ecf245a31e257c67061e015de8a4b4b9 C:\Program Files\OpenOffice.org 3\URE\bin\reg3.dll MD5: cad486325fea180409e208db996bfc34 C:\Program Files\OpenOffice.org 3\URE\bin\sal3.dll MD5: 016a255656be11af080fd44517381129 C:\Program Files\OpenOffice.org 3\URE\bin\salhelper3MSC.dll MD5: 2c6df80a7c4c651f1fa2e34e3aff9261 C:\Program Files\OpenOffice.org 3\URE\bin\stlport_vc7145.dll MD5: 95c6bd7cc13895581c4de415e87640e6 C:\Program Files\OpenOffice.org 3\URE\bin\stocservices.uno.dll MD5: 8f101652dcba15c2c056c7e960a18d6c C:\Program Files\OpenOffice.org 3\URE\bin\store3.dll MD5: e6d7a8a58ff3d59f721543619a8cff87 C:\Program Files\OpenOffice.org 3\URE\bin\unsafe_uno_uno.dll MD5: 31c2d848b2ed60740c9cf11ea3b2f882 C:\Program Files\OpenOffice.org 3\URE\bin\uwinapi.dll MD5: 1bf96a5ed033719387c50008b70d0d80 C:\Program Files\Scansoft\PaperPort\blicectr.dll MD5: b5bc9306c84bad6200ca5699f5602dc5 C:\Program Files\Scansoft\PaperPort\IndexSearch.exe MD5: ccdc00f353963e9e7dd839817b89d593 C:\Program Files\Scansoft\PaperPort\pptd40nt.exe MD5: a21f3188eeedf6f32283875c5edc5905 C:\Program Files\VERIZONDM\bin\DMMonitor.dll MD5: 5c5209b04b1942a534259c2ab7bb1eea C:\Program Files\VERIZONDM\bin\LIBEAY32.dll MD5: 0153701206d2cf9a43f88b40af1fbc22 C:\Program Files\VERIZONDM\bin\sprtcmd.exe MD5: eb48c000d2a5c614bee4d87365bd3ad8 C:\Program Files\VERIZONDM\bin\sprtevent.dll MD5: 251e22a5d9baac9e1153707eef2ef62e C:\Program Files\VERIZONDM\bin\sprtfod.dll MD5: 157c29532ab783f16648a7d4df5cb826 C:\Program Files\VERIZONDM\bin\sprtmessage.dll MD5: 92982bc49fa1e45ebd64a4605ae57790 C:\Program Files\VERIZONDM\bin\sprtsched.dll MD5: 9be42e99bbd5461f1f94fe39fee2e6f5 C:\Program Files\VERIZONDM\bin\sprtsvc.exe MD5: a95fd607292f05218feb8d580fb4cc8e C:\Program Files\VERIZONDM\bin\sprtsync.dll MD5: 18e84c774815d9f6f6931f46ca00b1bf C:\Program Files\VERIZONDM\bin\sprttrigger.dll MD5: dd8be1269dca19ebdbef65b63bfc705c C:\Program Files\VERIZONDM\bin\sprtui.dll MD5: 2f7959c5faa11e0f53fa3d321c9074d0 C:\Program Files\VERIZONDM\bin\sprtupdate.dll MD5: 428e44ae3c2021f79c7a4e5eca44bc49 C:\Program Files\VERIZONDM\bin\SupportSoft.Agent.Sprocket.dll MD5: f8654c20b9d108f91f312d0db857e8e7 C:\Program Files\VERIZONDM\bin\SupportSoft.Agent.Sprocket.SupportMessage.dll MD5: c4e3bbcba4e10a34e31c26a0cf933e32 C:\Program Files\VERIZONDM\bin\tgsrvc.exe MD5: da40953da8bdfcd6a8a91510487a5420 C:\Program Files\WinRAR\rarext.dll MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL MD5: bd1e2bb8c96105353078ad23ff5489d0 C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll MD5: 937fbd23997a91af923d5e89286126bd C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll MD5: 16f96c1496cbd0965285ab19a9271d02 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MD5: 9631b15db7c43c267636ff43c3075e07 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll MD5: f054572a92573ca32d5f3aa8c15d2bac C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MD5: 090f0c209849df6bf42c4bc3a212ed24 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll MD5: 0c06a80dffa51e0eb9c5ce3df703bc46 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll MD5: 375fd11c25f5e43e0d1620fd6114baba C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll MD5: a71a91c57d2832c5d6d3f1917830bee8 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll MD5: d773437cf8acad89d87a830b663fd225 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll MD5: ce652d887de875b24be66901c8c05f62 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll MD5: 46010014bf216f2d0a26fc0c6b00a5a6 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core.XmlSerializers\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.XmlSerializers.dll MD5: 35c9d92bb72710eafa46eac707215a52 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core.XmlSerializers\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.XmlSerializers.dll MD5: 7edf1a41e9c31dce28bd71d6142534cc C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll MD5: 68a84e7d86995088127f30e5d118c4e2 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll MD5: 24291b61ab7a21cdeb3fac7a03995bbe C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll MD5: e43c3d10e560dbeacfbc12bf888703a7 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll MD5: a7dc5fdbce0cc006859b00a3df42fdb3 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll MD5: d5b14e13bdaabe2398994b2f262f17cf C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll MD5: 55c9b75102b54fa486a0bc5462e95fe4 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MD5: d6f5d2245d53b5f5d3939137a7ec97ec C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MD5: e247301b09b5cffa332a00f1b7bb55f7 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MD5: 712fa98f6794152b349fd74a702f40f7 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MD5: 34dcf0e4754f8fa599e33aa444742481 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll MD5: 58ed45bfb06ec7c6b7d151b77247e4b3 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll MD5: 8da93d9a662e4ba18802bc6c2ccacd66 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll MD5: 5ac46a3a31bc58e512c4cafd87327922 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll MD5: 04de2774c2a6602da45e9e76d46bc071 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll MD5: 333244713f41c02de8502061c0a11622 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll MD5: 7e1174e9a3d17855680e144aa5d130a1 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll MD5: b334fca2f0878c2af77826211dbe55bb C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll MD5: b89cb7f3f1a1e2807e708f5435deb13d C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll MD5: c1c4025b5f5311ac8bcc318b0c244d58 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MD5: 179cc375c81b39902825abfe3a7cd49d C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MD5: 2849f13593d2712ccb97ffbdd3c1232e C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MD5: ec02948f86aca3c0967f44ba2c6e11c4 C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll MD5: 50d2943d426ba91771ad87fdec802ac3 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MD5: 4bbb50ee0660ad59380e27ea00f318c9 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MD5: fca78dceff0809b060b01710d07cc16e C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MD5: 86601f6a08c75a16d4d0509cb31ee318 C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MD5: d3bc53216811710e24046c80c3907785 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll MD5: 9cae2153cc9ea8308c637549633d281e C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll MD5: fa93bc3b3867980b4021e6894f39bd42 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll MD5: d234ce89c6bf195b4c7ea2a883c228df C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll MD5: 23dc75d158d484177ffe99e23264f89f C:\WINDOWS\Downloaded Program Files\qsax.dll MD5: 860fad57b4668a9f5f350a9d5444ae89 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll MD5: 9a2d686c89acc36e3aa7cde3d1c45c1a C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll MD5: 989caeaa4ada032d649395a3311ff98b C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll MD5: 67bf0c8bda19a0e61bf2de5b499049e4 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll MD5: 9b2e14f4d66a59306584566a705f8cdd C:\WINDOWS\system32\bitsprx2.dll MD5: 97ae3a4180cab360f44f7f03e5e0f409 C:\WINDOWS\system32\bitsprx4.dll MD5: fa9391fffcf5dbe4f5f36f08b79dd546 C:\WINDOWS\system32\BREVIF.dll MD5: dae4da7f864433218e277de3e6c96227 C:\WINDOWS\system32\BRMFBIDI.dll MD5: bb192385661daf7f3d48b586f6e1d166 C:\WINDOWS\system32\Brmfrmps.exe MD5: eae7a53581a0aca26fddaa40caf7bd62 C:\WINDOWS\system32\BrmfRsmg.exe MD5: 4dfe784a28796e225ec0c1fbc2c144eb C:\WINDOWS\system32\BrmfUSB.DLL MD5: 45f85466fefaac85c7439ca378e42185 C:\WINDOWS\system32\BrRSi03b.dll MD5: 049453a4389a906904d4c4eb903bd0de C:\WINDOWS\system32\BRSCNRSM.dll MD5: c62f76344cd3a3a6314055b4929e529d C:\WINDOWS\system32\BrSerIf.DLL MD5: 9e646cd378d4d0c996baf9bcb18237c7 C:\WINDOWS\system32\BRSS01A.EXE MD5: d3facb34fff5db91adb70987838f8ba7 C:\WINDOWS\system32\BRSVC01A.EXE MD5: 0caa2dd732cf7840baa6b6e2e2cc08dc C:\WINDOWS\system32\BrWia03b.dll MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\system32\CRYPT32.dll MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll MD5: 5d3fde8fb2801a2041d1b965372c4928 C:\WINDOWS\system32\DNSAPI.dll MD5: f6af59d6eee5e1c304f7f73706ad11d8 C:\WINDOWS\system32\drivers\Ambfilt.sys MD5: 4ba311473e0d8557827e6f2fe33a8095 C:\WINDOWS\System32\Drivers\Brfilt.sys MD5: 791ef93168dcf057715493d607e37983 C:\WINDOWS\System32\Drivers\BrSerWdm.sys MD5: 37e2d0b12ddf536cd64af6eb3b580ef8 C:\WINDOWS\System32\Drivers\BrUsbMdm.sys MD5: 1c5f014048e5b2748c1a8ad297c50b6f C:\WINDOWS\System32\Drivers\BrUsbScn.sys MD5: 9369957485fa01f1b45318779207df6e C:\WINDOWS\system32\DRIVERS\igxpmp32.sys MD5: 566c5fd480fdbce3ba5cf9fbcffaea9a C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys MD5: 080cf8720a306a64f7a09d1226491791 C:\WINDOWS\system32\DRIVERS\l1e51x86.sys MD5: a7da20ab18a1bdae28b0f349e57da0d1 C:\WINDOWS\system32\DRIVERS\mf.sys MD5: 9fa7207d1b1adead88ae8eed9cdbbaa5 C:\WINDOWS\system32\drivers\Monfilt.sys MD5: 0cacdcbbc8e6f11e2865c47bfc509848 C:\WINDOWS\system32\drivers\RtkHDAud.sys MD5: 2d6bf6c02111f9cf9faf8acfb933dd78 C:\WINDOWS\system32\DRIVERS\tap0901.sys MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll MD5: ccca70e2161e433897ff47d86643fd1b C:\WINDOWS\system32\iepeers.dll MD5: 3fa1eb246c0d87714ffe745e25297624 C:\WINDOWS\system32\igfxdev.dll MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\system32\logon.scr MD5: 5aace82bcdb40634290930f93be745b7 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MD5: 15a9294b81d0ff0e4ac75276c13fd04b C:\WINDOWS\system32\mdimon.dll MD5: 389cff2900a585559fa5ae44b1263696 C:\WINDOWS\system32\msfeeds.dll MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll MD5: c7e39ea41233e9f5b86c8da3a9f1e4a8 C:\WINDOWS\system32\mspmsnsv.dll MD5: 832e4dd8964ab7acc880b2837cb1ed20 C:\WINDOWS\System32\mswsock.dll MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll MD5: f1dac7969c1337af790bd1d981aa780c C:\WINDOWS\system32\qmgrprxy.dll MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll MD5: f0a0ebf086597e645bc14b0d98f8ba58 C:\WINDOWS\system32\ScrRun.dll MD5: 62bdf8e945f23bee485bb3cb4ed19cb7 C:\WINDOWS\system32\SHDOCVW.dll MD5: 685bb43be752845307e58df45ae7dccd C:\WINDOWS\System32\spool\PRTPROCS\W32X86\BRMFPP1.DLL MD5: 063457262374b224226710d8db74c37c C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe MD5: 880f7ed2df24db14af96c6d797958796 C:\WINDOWS\system32\wbem\wbemdisp.dll MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exe MD5: 6472932f2b6084ea1fb3f7f9493ac640 C:\WINDOWS\system32\wshom.ocx MD5: 7facb452456ef5c053af3ee4b228fe0d C:\WINDOWS\System32\XPOB2RES.DLL MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll MD5: bd38d1ebe24a46bd3eda059560afba12 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll No file uploaded. Scan finished - communication took 2 sec Total traffic - 0.01 MB sent, 0.81 KB recvd Scanned 621 files and modules - 14 seconds ==============================================================================
-
Btw, I rebooted and ran msconfig-all is well. No more rrors and whatever registry items that were in the start up menu looks to have been eliminated.
-
Here are the following reports you requested: COMBO FIX: ComboFix 11-07-02.03 - Administrator 07/03/2011 15:11:40.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.989.681 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\Templates\d0h8oedl0y462n0bmu7xyw4 c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll . . ((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 ))))))))))))))))))))))))))))))) . . 2011-06-27 00:27 . 2011-06-27 00:28 -------- d-----w- c:\windows\system32\NtmsData 2011-06-27 00:25 . 2011-06-27 00:25 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-06-25 18:45 . 2011-06-25 18:45 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe 2011-06-25 18:45 . 2011-06-25 18:45 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll 2011-06-13 02:44 . 2011-06-13 02:44 -------- d-----w- c:\program files\Common Files\Java 2011-06-12 21:17 . 2011-06-12 21:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\IsolatedStorage 2011-06-12 21:08 . 2011-06-12 21:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Intuit 2011-06-12 21:06 . 2011-06-12 21:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit 2011-06-12 21:03 . 2011-06-12 21:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\IsolatedStorage 2011-06-12 20:59 . 2011-06-12 20:59 -------- d-----w- c:\windows\system32\XPSViewer 2011-06-12 20:59 . 2011-06-12 20:59 -------- d-----w- c:\program files\MSBuild 2011-06-12 20:59 . 2011-06-12 20:59 -------- d-----w- c:\program files\Reference Assemblies 2011-06-12 20:59 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2011-06-12 20:58 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2011-06-12 20:58 . 2011-06-12 20:59 -------- d-----w- C:\089d1e8f7d1ba620e7 2011-06-12 20:58 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2011-06-12 20:58 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2011-06-12 20:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2011-06-12 20:58 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2011-06-12 20:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2011-06-12 20:58 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2011-06-12 20:58 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2011-06-12 20:52 . 2011-06-12 20:52 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0 2011-06-12 20:49 . 2011-06-12 20:51 -------- d-----w- c:\program files\Common Files\Intuit 2011-06-12 20:49 . 2011-06-12 21:03 -------- d-----w- c:\program files\TurboTax 2011-06-12 20:46 . 2011-06-12 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit 2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2011-06-05 23:07 . 2011-06-05 23:07 -------- d-----w- c:\windows\PIF 2011-06-05 19:51 . 2011-06-05 19:56 -------- d-----w- c:\program files\proXPN 2011-06-05 03:00 . 2011-06-05 03:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 13:11 . 2010-03-05 05:41 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 13:11 . 2010-03-05 05:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-04 08:52 . 2010-04-17 21:50 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-04 06:25 . 2010-03-04 16:47 73728 ----a-w- c:\windows\system32\javacpl.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-23 222496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SetDefPrt"="c:\program files\Brother\Brmfl03a\BrStDvPt.exe" [2003-07-10 45056] "PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108] "IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624] "VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-02-01 206120] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http:" [X] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [N/A] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NVR Client.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NVR Client.lnk backup=c:\windows\pss\NVR Client.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-04-29 09:10 173592 ----a-r- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-04-29 09:10 141336 ----a-r- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-04-29 09:10 142872 ----a-r- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2003-11-01 03:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-05-21 06:01 17881600 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WBMKEYBD] 2008-01-03 20:03 145920 ----a-w- c:\windows\WBMKbdap.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Aventura Technologies\\Aventura NVR Client\\NVRClient.exe"= . R2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [7/23/2010 2:19 PM 296808] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 5:54 AM 206120] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 5:54 AM 185640] R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [4/17/2010 1:29 AM 2944] R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [4/17/2010 1:29 AM 61952] R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [4/17/2010 1:29 AM 11008] R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [4/17/2010 1:29 AM 10368] S0 cerc6;cerc6; [x] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/5/2010 7:14 PM 136176] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/5/2010 1:02 AM 1684736] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/5/2010 7:14 PM 136176] . Contents of the 'Scheduled Tasks' folder . 2011-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-05 23:14] . 2011-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-05 23:14] . . ------- Supplementary Scan ------- . uStart Page = hxxp://optonline.net/ uInternet Connection Wizard,ShellNext = hxxp://optonline.net/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.1.1 68.237.161.12 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kfpy7dlp.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642709&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e0ca069&i=23&tp=ab&nt=1&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-03 15:13 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-527237240-1390067357-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,0f,46,10,e4,a5,88,49,b4,12,17,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,d5,22,4d,21,fc,94,4c,8b,5a,6b,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*] "value"="?\06\00\05\13$$?" . Completion time: 2011-07-03 15:14:14 ComboFix-quarantined-files.txt 2011-07-03 19:14 . Pre-Run: 984,045,727,744 bytes free Post-Run: 985,107,812,352 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 8A30635FDA7B0729DF9C00DDFA3B16D7 TDSKILLER LOG: 2011/06/30 11:32:33.0882 0536 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16 2011/06/30 11:32:34.0163 0536 ================================================================================ 2011/06/30 11:32:34.0163 0536 SystemInfo: 2011/06/30 11:32:34.0163 0536 2011/06/30 11:32:34.0163 0536 OS Version: 5.1.2600 ServicePack: 3.0 2011/06/30 11:32:34.0163 0536 Product type: Workstation 2011/06/30 11:32:34.0163 0536 ComputerName: XP-FA5E24C5E69A 2011/06/30 11:32:34.0163 0536 UserName: Administrator 2011/06/30 11:32:34.0163 0536 Windows directory: C:\WINDOWS 2011/06/30 11:32:34.0163 0536 System windows directory: C:\WINDOWS 2011/06/30 11:32:34.0163 0536 Processor architecture: Intel x86 2011/06/30 11:32:34.0163 0536 Number of processors: 2 2011/06/30 11:32:34.0163 0536 Page size: 0x1000 2011/06/30 11:32:34.0163 0536 Boot type: Normal boot 2011/06/30 11:32:34.0163 0536 ================================================================================ 2011/06/30 11:32:35.0741 0536 Initialize success 2011/06/30 11:32:42.0522 4024 ================================================================================ 2011/06/30 11:32:42.0522 4024 Scan started 2011/06/30 11:32:42.0522 4024 Mode: Manual; 2011/06/30 11:32:42.0522 4024 ================================================================================ 2011/06/30 11:32:42.0976 4024 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/06/30 11:32:43.0022 4024 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/06/30 11:32:43.0085 4024 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/06/30 11:32:43.0147 4024 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/06/30 11:32:43.0288 4024 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys 2011/06/30 11:32:43.0460 4024 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/06/30 11:32:43.0476 4024 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/06/30 11:32:43.0507 4024 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/06/30 11:32:43.0538 4024 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/06/30 11:32:43.0601 4024 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 2011/06/30 11:32:43.0632 4024 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 2011/06/30 11:32:43.0663 4024 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 2011/06/30 11:32:43.0694 4024 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 2011/06/30 11:32:43.0741 4024 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 2011/06/30 11:32:43.0757 4024 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 2011/06/30 11:32:43.0788 4024 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 2011/06/30 11:32:43.0835 4024 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 2011/06/30 11:32:43.0851 4024 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/06/30 11:32:43.0897 4024 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys 2011/06/30 11:32:43.0929 4024 BrSerWDM (791ef93168dcf057715493d607e37983) C:\WINDOWS\system32\Drivers\BrSerWdm.sys 2011/06/30 11:32:43.0944 4024 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys 2011/06/30 11:32:43.0976 4024 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys 2011/06/30 11:32:44.0007 4024 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/06/30 11:32:44.0022 4024 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/06/30 11:32:44.0054 4024 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/06/30 11:32:44.0101 4024 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/06/30 11:32:44.0194 4024 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/06/30 11:32:44.0226 4024 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/06/30 11:32:44.0241 4024 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/06/30 11:32:44.0257 4024 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/06/30 11:32:44.0288 4024 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/06/30 11:32:44.0351 4024 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/06/30 11:32:44.0382 4024 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/06/30 11:32:44.0413 4024 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/06/30 11:32:44.0444 4024 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/06/30 11:32:44.0460 4024 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/06/30 11:32:44.0491 4024 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/06/30 11:32:44.0507 4024 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/06/30 11:32:44.0522 4024 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/06/30 11:32:44.0538 4024 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/06/30 11:32:44.0569 4024 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/06/30 11:32:44.0601 4024 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/06/30 11:32:44.0694 4024 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/06/30 11:32:44.0726 4024 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/06/30 11:32:44.0866 4024 ialm (9369957485fa01f1b45318779207df6e) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2011/06/30 11:32:44.0944 4024 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/06/30 11:32:45.0085 4024 IntcAzAudAddService (0cacdcbbc8e6f11e2865c47bfc509848) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/06/30 11:32:45.0147 4024 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/06/30 11:32:45.0179 4024 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/06/30 11:32:45.0226 4024 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/06/30 11:32:45.0241 4024 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/06/30 11:32:45.0257 4024 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/06/30 11:32:45.0272 4024 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/06/30 11:32:45.0304 4024 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/06/30 11:32:45.0366 4024 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/06/30 11:32:45.0444 4024 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/06/30 11:32:45.0460 4024 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/06/30 11:32:45.0476 4024 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/06/30 11:32:45.0507 4024 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys 2011/06/30 11:32:45.0522 4024 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/06/30 11:32:45.0554 4024 L1e (080cf8720a306a64f7a09d1226491791) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys 2011/06/30 11:32:45.0647 4024 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys 2011/06/30 11:32:45.0694 4024 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/06/30 11:32:45.0726 4024 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/06/30 11:32:45.0757 4024 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys 2011/06/30 11:32:45.0804 4024 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/06/30 11:32:45.0866 4024 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/06/30 11:32:45.0882 4024 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/06/30 11:32:45.0929 4024 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/06/30 11:32:45.0960 4024 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/06/30 11:32:45.0991 4024 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/06/30 11:32:46.0007 4024 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/06/30 11:32:46.0022 4024 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/06/30 11:32:46.0038 4024 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/06/30 11:32:46.0069 4024 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/06/30 11:32:46.0116 4024 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 2011/06/30 11:32:46.0132 4024 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/06/30 11:32:46.0163 4024 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/06/30 11:32:46.0179 4024 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/06/30 11:32:46.0194 4024 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/06/30 11:32:46.0226 4024 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/06/30 11:32:46.0241 4024 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/06/30 11:32:46.0257 4024 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/06/30 11:32:46.0272 4024 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/06/30 11:32:46.0304 4024 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/06/30 11:32:46.0319 4024 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/06/30 11:32:46.0335 4024 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/06/30 11:32:46.0413 4024 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/06/30 11:32:46.0429 4024 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/06/30 11:32:46.0460 4024 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/06/30 11:32:46.0476 4024 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/06/30 11:32:46.0491 4024 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/06/30 11:32:46.0538 4024 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/06/30 11:32:46.0554 4024 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/06/30 11:32:46.0585 4024 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/06/30 11:32:46.0679 4024 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/06/30 11:32:46.0694 4024 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/06/30 11:32:46.0694 4024 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/06/30 11:32:46.0757 4024 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/06/30 11:32:46.0772 4024 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/06/30 11:32:46.0788 4024 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/06/30 11:32:46.0804 4024 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/06/30 11:32:46.0819 4024 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/06/30 11:32:46.0866 4024 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/06/30 11:32:46.0897 4024 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/06/30 11:32:46.0929 4024 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/06/30 11:32:46.0944 4024 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/06/30 11:32:46.0991 4024 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/06/30 11:32:47.0007 4024 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/06/30 11:32:47.0022 4024 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/06/30 11:32:47.0038 4024 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/06/30 11:32:47.0116 4024 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/06/30 11:32:47.0179 4024 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/06/30 11:32:47.0194 4024 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/06/30 11:32:47.0226 4024 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/06/30 11:32:47.0226 4024 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/06/30 11:32:47.0272 4024 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/06/30 11:32:47.0304 4024 tap0901 (2d6bf6c02111f9cf9faf8acfb933dd78) C:\WINDOWS\system32\DRIVERS\tap0901.sys 2011/06/30 11:32:47.0351 4024 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/06/30 11:32:47.0382 4024 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/06/30 11:32:47.0429 4024 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/06/30 11:32:47.0460 4024 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/06/30 11:32:47.0522 4024 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/06/30 11:32:47.0569 4024 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/06/30 11:32:47.0616 4024 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/06/30 11:32:47.0616 4024 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/06/30 11:32:47.0663 4024 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/06/30 11:32:47.0679 4024 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/06/30 11:32:47.0694 4024 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/06/30 11:32:47.0741 4024 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/06/30 11:32:47.0772 4024 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/06/30 11:32:47.0772 4024 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/06/30 11:32:47.0804 4024 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/06/30 11:32:47.0819 4024 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/06/30 11:32:47.0851 4024 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/06/30 11:32:47.0897 4024 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 2011/06/30 11:32:48.0007 4024 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2 2011/06/30 11:32:48.0069 4024 Boot (0x1200) (192b67993229a7abe92f57033aa4b6f0) \Device\Harddisk0\DR0\Partition0 2011/06/30 11:32:48.0069 4024 Boot (0x1200) (098273aae235b0f723295aa62d612071) \Device\Harddisk1\DR2\Partition0 2011/06/30 11:32:48.0085 4024 ================================================================================ 2011/06/30 11:32:48.0085 4024 Scan finished 2011/06/30 11:32:48.0085 4024 ================================================================================ 2011/06/30 11:32:48.0085 3956 Detected object count: 0 2011/06/30 11:32:48.0085 3956 Actual detected object count: 0 SECURITY CHECKUP LOG: Results of screen317's Security Check version 0.99.17 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 26 Adobe Flash Player 10.3.181.14 Mozilla Firefox (3.6.18) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log```````````` Please advise when I can re-install my antivirus and go on the internet again. Thank you once again for your help
-
Sorry it's taken so long to get back to you. Been busy at work.Good news. I uninstalled AVG so I could run combo fix and when I rebooted I had access to all my start programs and all was back to normal. I did notice some registry issues, however when I went into the system configuration utility. I have it set to selective start up and I i received error messages that couldn't find a few files or couldn't run a few programs. They are indicated by some weird symbols as shown in attachment (I tried to upload image as screenshot but to no avail sorry about that) I did not run combo fix yet and I rescanned and no other malware or warnings came up. What do you think?
-
Sorry, I have been away for a few days. I will work on this and let you know. Thank you for your help
-
i had previously posted this and am hopeful someone can assist. I closed out a pop up box while on the net and my avg anti virus detected and removed TXJ.exe. I then rebooted and ran malwarebytes and removed a few hijack start menu files. I rescanned and log was clean. The problems i have now is that I cannot access any start menu programs, msconfig, java, add or remove programs, security center, updates...etc. When i try to access them I get this error message: c:\WINDOWS\system32\rundll32.exe Application not found. Also upon trying to open internet explorer or firefox or avg or any program from shortcut I get the dialog box that asks what program i would like to open this with. I instead right click and run as and i get this error message: c:\Program Files\Java\jre6\lib\deploy\jqs\ff\..\..\..\..\bin\jqsntify.exe application not found. I click on ok and I am still able to access the internet and these programs though. It seems that there is still something blocking access to start programs. I would greatly appreciate any help or advice. I have the malaware and dds logs posted below: First malaware log when infection occurred: Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 6844 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/12/2011 8:47:12 PM mbam-log-2011-06-12 (20-47-12).txt Scan type: Full scan (C:\|E:\|) Objects scanned: 193842 Time elapsed: 23 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 6 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrator\Local Settings\Application Data\txj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrator\Local Settings\Application Data\txj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrator\Local Settings\Application Data\txj.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\administrator\application data\Sun\Java\deployment\cache\6.0\34\36abd0a2-416fe826 (Trojan.FakeAlert) -> Quarantined and deleted successfully. LATEST MALAWARE LOG: Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 6905 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/20/2011 8:35:13 PM mbam-log-2011-06-20 (20-35-13).txt Scan type: Full scan (C:\|) Objects scanned: 193958 Time elapsed: 21 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS LOG: DDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Run by Administrator at 20:46:24 on 2011-06-20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.989.370 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Common Files\Nuance\dgnsvc.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\VERIZONDM\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\VERIZONDM\bin\tgsrvc.exe C:\WINDOWS\system32\BRMFRSMG.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\avgchsvx.exe C:\Program Files\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://optonline.net/ uInternet Connection Wizard,ShellNext = hxxp://optonline.net/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [iSUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe -scheduler uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10q_Plugin.exe -update plugin mRun: [setDefPrt] c:\program files\brother\brmfl03a\BrStDvPt.exe mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe mRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exe mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking11\Ereg.ini mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nvrcli~1.lnk - c:\program files\aventura technologies\aventura nvr client\NVRClient.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartui.lnk - c:\program files\scansoft\paperport\smartui\SmartUI.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: intuit.com\ttlc DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267722277484 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 68.237.161.12 TCP: Interfaces\{48258758-5B42-4AFC-8698-C531BC10BDC7} : DhcpNameServer = 192.168.1.1 68.237.161.12 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\kfpy7dlp.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642709&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520] R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216] R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2010-4-17 2944] R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2010-4-17 61952] R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2010-4-17 11008] R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2010-4-17 10368] S0 cerc6;cerc6; [x] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-5 136176] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-3-5 1684736] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-5 136176] . =============== Created Last 30 ================ . 2011-06-12 21:08:35 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Intuit 2011-06-12 21:06:57 -------- d-----w- c:\documents and settings\administrator\application data\Intuit 2011-06-12 21:03:56 -------- d-----w- c:\documents and settings\administrator\local settings\application data\IsolatedStorage 2011-06-12 20:59:33 -------- d-----w- c:\windows\system32\XPSViewer 2011-06-12 20:59:07 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll 2011-06-12 20:58:18 117760 ------w- c:\windows\system32\prntvpt.dll 2011-06-12 20:58:17 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2011-06-12 20:58:17 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2011-06-12 20:58:17 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2011-06-12 20:58:17 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2011-06-12 20:58:17 575488 ------w- c:\windows\system32\xpsshhdr.dll 2011-06-12 20:58:17 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2011-06-12 20:58:17 1676288 ------w- c:\windows\system32\xpssvcs.dll 2011-06-12 20:58:17 -------- d-----w- C:\089d1e8f7d1ba620e7 2011-06-12 20:52:07 -------- d-----w- c:\program files\common files\AnswerWorks 5.0 2011-06-12 20:49:51 -------- d-----w- c:\program files\common files\Intuit 2011-06-12 20:49:29 -------- d-----w- c:\program files\TurboTax 2011-06-12 20:46:31 -------- d-----w- c:\documents and settings\all users\application data\Intuit 2011-06-05 23:07:57 -------- d--h--w- c:\windows\PIF 2011-06-05 19:51:00 -------- d-----w- c:\program files\proXPN 2011-06-05 03:00:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ==================== Find3M ==================== . 2011-05-04 08:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-04 06:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys 2011-04-05 04:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys . ============= FINISH: 20:46:32.69 =============== ark.zip dds attach.zip
-
I was on a site and clicked on something and a pop up box came up saying something about a windows security warning and do i want to fix this. Normally I would just shut down firefox, but i clicked on cancel and my AVG detected some virus. I quarantined then ran a scan."6/12/2011, 7:58:46 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process TXJ.EXE was quarantined." I next updated and ran malaware bytes and it picked up a few registry items which i removed. I re-scanned and nothing else came up.i cannot acces the internet or certain other programs unless i right click "open as" then access. I also cannot access any start menu programs or delete any. I guess the virus has blocked the start up menu. These are the MALWAREBYTES logs before and after. I also posted the dds logs as well as attached the ARK and ATTACH logs. Any help would be greatly appreciated. Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 6844 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/12/2011 8:47:12 PM mbam-log-2011-06-12 (20-47-12).txt Scan type: Full scan (C:\|E:\|) Objects scanned: 193842 Time elapsed: 23 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 6 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrator\Local Settings\Application Data\txj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrator\Local Settings\Application Data\txj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrator\Local Settings\Application Data\txj.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\administrator\application data\Sun\Java\deployment\cache\6.0\34\36abd0a2-416fe826 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 6844 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/12/2011 8:57:20 PM mbam-log-2011-06-12 (20-57-20).txt Scan type: Quick scan Objects scanned: 1 Time elapsed: 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) DDS LOG: DDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Run by Administrator at 14:36:18 on 2011-06-18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.989.378 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Common Files\Nuance\dgnsvc.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\VERIZONDM\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\VERIZONDM\bin\tgsrvc.exe C:\WINDOWS\system32\BRMFRSMG.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\OpenOffice.org 3\program\swriter.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\avgchsvx.exe C:\Program Files\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\Mozilla Firefox\firefox.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://optonline.net/ uInternet Connection Wizard,ShellNext = hxxp://optonline.net/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [iSUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe -scheduler mRun: [setDefPrt] c:\program files\brother\brmfl03a\BrStDvPt.exe mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe mRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exe mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking11\Ereg.ini mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nvrcli~1.lnk - c:\program files\aventura technologies\aventura nvr client\NVRClient.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartui.lnk - c:\program files\scansoft\paperport\smartui\SmartUI.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: intuit.com\ttlc DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267722277484 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 68.237.161.12 TCP: Interfaces\{48258758-5B42-4AFC-8698-C531BC10BDC7} : DhcpNameServer = 192.168.1.1 68.237.161.12 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\kfpy7dlp.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2642709&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520] R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216] R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2010-4-17 2944] R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2010-4-17 61952] R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2010-4-17 11008] R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2010-4-17 10368] S0 cerc6;cerc6; [x] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-5 136176] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-3-5 1684736] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-5 136176] . =============== Created Last 30 ================ . 2011-06-12 21:08:35 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Intuit 2011-06-12 21:06:57 -------- d-----w- c:\documents and settings\administrator\application data\Intuit 2011-06-12 21:03:56 -------- d-----w- c:\documents and settings\administrator\local settings\application data\IsolatedStorage 2011-06-12 20:59:33 -------- d-----w- c:\windows\system32\XPSViewer 2011-06-12 20:59:07 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll 2011-06-12 20:58:18 117760 ------w- c:\windows\system32\prntvpt.dll 2011-06-12 20:58:17 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2011-06-12 20:58:17 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2011-06-12 20:58:17 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2011-06-12 20:58:17 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2011-06-12 20:58:17 575488 ------w- c:\windows\system32\xpsshhdr.dll 2011-06-12 20:58:17 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2011-06-12 20:58:17 1676288 ------w- c:\windows\system32\xpssvcs.dll 2011-06-12 20:58:17 -------- d-----w- C:\089d1e8f7d1ba620e7 2011-06-12 20:52:07 -------- d-----w- c:\program files\common files\AnswerWorks 5.0 2011-06-12 20:49:51 -------- d-----w- c:\program files\common files\Intuit 2011-06-12 20:49:29 -------- d-----w- c:\program files\TurboTax 2011-06-12 20:46:31 -------- d-----w- c:\documents and settings\all users\application data\Intuit 2011-06-05 23:07:57 -------- d--h--w- c:\windows\PIF 2011-06-05 20:28:51 -------- d-----w- c:\program files\PeerBlock 2011-06-05 19:51:00 -------- d-----w- c:\program files\proXPN 2011-06-05 19:36:41 -------- d-----w- c:\documents and settings\administrator\application data\Azureus 2011-06-05 19:36:19 -------- d-----w- c:\program files\Vuze 2011-06-05 03:00:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ==================== Find3M ==================== . 2011-05-04 08:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-04 06:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys 2011-04-05 04:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys . ============= FINISH: 14:36:38.33 =============== ark.zip attach log.zip