Jump to content

lionvp

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

 Content Type 

Everything posted by lionvp

  1. lionvp
    Fred, I uninstalled the combofix program , installed the antivir program, and also re-activated the system restore. Whew! What a relief to get this finally taken care of. I would like to make a donation in appreciation for your expert help, and will use the link you have at the bottom of the page. Thanks again, and hopefully I won't need to bother you again!
  2. lionvp
    Fred, The XP SP3 and latest Java install/old Java removals went fine. Windows also updated a few times with numerous security updates. I also ran the latest Malwarebytes PRO program, with results below, and everything seems to be working fine. Let em know when I can delete the Combofix.exe program and install an anti-virus program. My first tennis match is scheduled for Friday night at 6:00pm.Hopefully, I will play well. Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 7042 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/7/2011 2:04:17 PM mbam-log-2011-07-07 (14-04-16).txt Scan type: Quick scan Objects scanned: 237578 Time elapsed: 7 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  3. lionvp
    Fred, here is the security check output. I just used the same program, securitycheck.exe, that was still on my desktop from a few days ago. I am only a 3.5 rated player, but getting ready for the local summer tournament this weekend. Results of screen317's Security Check version 0.99.17 Windows XP Service Pack 2 Out of date service pack!! Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 15 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Out of date Java installed! Adobe Flash Player 10.3.181.34 ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log````````````
  4. lionvp
    Fred, I have to leave work to play some tennis now, but I will check back first thing tomorrow morning. Thanks again for your expert help!
  5. lionvp
    QuickScan Beta 32-bit v0.9.9.96 ------------------------------- Scan date: Tue Jul 05 17:02:45 2011 Machine ID: 5C91CCC6 No infection found. ------------------- Processes --------- Canon Advanced Printing Technology 208 C:\WINDOWS\system32\CAPM1RSK.EXE Canon Advanced Printing Technology 3524 C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE Canon Advanced Printing Technology 3572 C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1SWK.EXE Canon My Printer 3440 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE eEBSvc.exe 1652 C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe Java Platform SE 6 U15 1864 C:\Program Files\Java\jre6\bin\jqs.exe Microsoft SQL Server 1892 C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe Microsoft® Windows® Operating System 3204 C:\WINDOWS\explorer.exe Microsoft® Windows® Operating System 2316 C:\WINDOWS\system32\alg.exe Microsoft® Windows® Operating System 672 C:\WINDOWS\system32\csrss.exe Microsoft® Windows® Operating System 3160 C:\WINDOWS\system32\ctfmon.exe Microsoft® Windows® Operating System 752 C:\WINDOWS\system32\lsass.exe Microsoft® Windows® Operating System 740 C:\WINDOWS\system32\services.exe Microsoft® Windows® Operating System 624 C:\WINDOWS\system32\smss.exe Microsoft® Windows® Operating System 656 C:\WINDOWS\system32\snmp.exe Microsoft® Windows® Operating System 1448 C:\WINDOWS\system32\spoolsv.exe Microsoft® Windows® Operating System 928 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System 996 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System 1036 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System 1092 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System 1212 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System 1256 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System 1620 C:\WINDOWS\system32\svchost.exe Microsoft® Windows® Operating System 696 C:\WINDOWS\system32\winlogon.exe QuickBooks for Windows 1952 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe Retrospect 544 C:\Program Files\Dantz\Retrospect\retrorun.exe Retrospect 644 C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe SupportSoft sprtsvc 804 C:\Program Files\Dell Support Center\bin\sprtsvc.exe (verified) Windows® Internet Explorer 10260 C:\Program Files\Internet Explorer\iexplore.exe (verified) Windows® Internet Explorer 10444 C:\Program Files\Internet Explorer\iexplore.exe Network activity ---------------- Process iexplore.exe (10260) connected on port 80 (HTTP) --> 207.152.124.59 Process iexplore.exe (10260) connected on port 80 (HTTP) --> 207.152.124.49 Process iexplore.exe (10260) connected on port 80 (HTTP) --> 209.85.225.96 Process iexplore.exe (10260) connected on port 80 (HTTP) --> 207.152.124.59 Process iexplore.exe (10260) connected on port 80 (HTTP) --> 207.152.124.59 Process iexplore.exe (10260) connected on port 80 (HTTP) --> 74.125.225.57 Process iexplore.exe (10260) connected on port 80 (HTTP) --> 74.125.225.14 Process iexplore.exe (10260) connected on port 443 (HTTP over SSL) --> 74.125.95.95 Process iexplore.exe (10260) connected on port 80 (HTTP) --> 207.152.124.59 Process iexplore.exe (10260) connected on port 443 (HTTP over SSL) --> 209.85.225.96 Process iexplore.exe (10260) connected on port 80 (HTTP) --> 207.152.124.59 Process iexplore.exe (10260) connected on port 80 (HTTP) --> 66.235.142.57 Process iexplore.exe (10260) connected on port 80 (HTTP) --> 69.171.228.14 Process iexplore.exe (10260) connected on port 80 (HTTP) --> 207.152.124.59 Process svchost.exe (996) listens on ports: 135 (RPC) Process QBCFMonitorService.exe (1952) listens on ports: 8019 Autoruns and critical files --------------------------- Canon Advanced Printing Technology C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE Canon My Printer C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE GoToMyPC C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll Microsoft® Windows® Operating System c:\windows\system32\userinit.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll QuickTime C:\Program Files\QuickTime\qttask.exe (verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll (verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll Browser plugins --------------- AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll Browser Address Error Redirector C:\Program Files\Dell\BAE\BAE.dll Easy-WebPrint c:\program files\canon\easy-webprint\toolband.dll Easy-WebPrint EWPBrowseLoader Module c:\program files\canon\easy-webprint\ewpbrowseloader.dll frozen.dll C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\ar55773n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll Google Toolbar for Internet Explorer C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll Google Update C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll googletoolbar-ff3.dll C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\ar55773n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll googletoolbar-ff4.dll C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\ar55773n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff4.dll GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll Java Deployment Toolkit 6.0.150.3 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll Java Platform SE 6 U15 C:\Program Files\Java\jre6\bin\jp2ssv.dll Java Platform SE 6 U15 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll Messenger C:\Program Files\Messenger\msmsgs.exe Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll Musicnotes C:\Program Files\Musicnotes\npmusicn.dll npsibelius.dll C:\Program Files\Musicnotes\npsibelius.dll NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll Picasa C:\Program Files\Picasa2\npPicasa2.dll Picasa C:\Program Files\Picasa2\npPicasa3.dll QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin.dll QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll QuickTime Plug-in 7.5 (861) C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll QuickTime Plug-in 7.5 (861) C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll QuickTime Plug-in 7.5 (861) C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll QuickTime Plug-in 7.5 (861) C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll QuickTime Plug-in 7.5 (861) C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll QuickTime Plug-in 7.5 (861) C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll QuickTime Plug-in 7.5 (861) C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll RealPlayer Download and Record Plugin C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll RealPlayer G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll RealPlayer G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll (verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll (verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll (verified) RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (verified) RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (verified) RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (verified) RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll Scan ---- MD5: 8c3de46457b62e82035bfb1cba29fd7d C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\ar55773n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll MD5: 182bc06b8cddb225f1d9444e0af88003 C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\ar55773n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll MD5: eb28fe2670c1670cd077c3976f6a68f7 C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\ar55773n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff4.dll MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll MD5: 64e5eee4ff6b9ef96ceb013cf20fa308 c:\program files\canon\easy-webprint\ewpbrowseloader.dll MD5: f61fffa032544a035f7b30075c3e12d6 c:\program files\canon\easy-webprint\toolband.dll MD5: b3540f5d4d772b87062e06b971951bd8 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE MD5: 0d6491da11562e7750e208cdb88a31c0 C:\Program Files\Canon\MyPrinter\BJMyRes.dll MD5: 46b7a77463cb9dec2688cc42c7309c39 C:\Program Files\Citrix\GoToMyPC\g2svc.exe MD5: 3f451bf615c2e23624bd31aa1fe0665a C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll MD5: c3104be7d2b689ebe47e2aac64c07530 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll MD5: 203a74767eb81f96a5166b1933db46d0 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll MD5: ff575e76da89a3cede920bb71ee2f3c7 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll MD5: 27cd1c60031cc2d45b7446eedc6dfa86 C:\Program Files\Common Files\EPSON\EBAPI\EBPLPT.DLL MD5: e5bff3e8de08f738ebfc488534aa6cbc C:\Program Files\Common Files\EPSON\EBAPI\eEBIPDev.dll MD5: 59e302b619d88d22be87dd682d405730 C:\Program Files\Common Files\EPSON\EBAPI\eEBLPDev.dll MD5: 6b2a03b5b97812ddbfe03bc8ceee0cab C:\Program Files\Common Files\EPSON\EBAPI\eEBMSDev.dll MD5: c4e937e07f862c2ce84e65745b68963e C:\Program Files\Common Files\EPSON\EBAPI\eEBNWDev.dll MD5: 9f51dd58d358fbed8eed9f2301d0fe1f C:\Program Files\Common Files\EPSON\EBAPI\eEBRSVC.dll MD5: cd64ce62be47df0e9a459fd9002221fe C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe MD5: be0dbb25706762ff6fec7210349fa8ac C:\Program Files\Common Files\Intuit\QuickBooks\CFScan.dll MD5: 6bee1814470dc12fa20c53dfc3c97ebb C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe MD5: c8afe59e2d1fda67a6c5777a13082103 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe MD5: 98deebc97bc4788a242e7f8deb10e47b C:\Program Files\Common Files\Intuit\QuickBooks\QBDBPortFinder.dll MD5: fc2741a70b84d7e7ba5f51a352669ee8 C:\Program Files\Common Files\Intuit\QuickBooks\stlport_r50.dll MD5: 361ee3cab00e94aab27ba966ea44b1e8 C:\Program Files\Dantz\Retrospect\bdrock20.dll MD5: 826e99140b7febc945112a5e37a18f69 C:\Program Files\Dantz\Retrospect\bdrockui.dll MD5: 6fb9b33d20a2aac7c89884246a0e25fb C:\Program Files\Dantz\Retrospect\retrorun.exe MD5: 5b767df028dc39d4246f09f5628d7fdd C:\Program Files\Dantz\Retrospect\rthlpsvc.exe MD5: 6f5386267113fe4e0f87a882de48c577 C:\Program Files\Dantz\Retrospect\wdsvc.exe MD5: 5c5209b04b1942a534259c2ab7bb1eea C:\Program Files\Dell Support Center\bin\LIBEAY32.dll MD5: 0ab6629467d8f073b762fca1d416bf2d C:\Program Files\Dell Support Center\bin\sprtfod.dll MD5: 8e8d1251c52de0256c076caaa79af327 C:\Program Files\Dell Support Center\bin\sprtsched.dll MD5: 777115c9cc675bd98127660712d2f784 C:\Program Files\Dell Support Center\bin\sprtsvc.exe MD5: e4d3f600cff1e76950abb0d790f2a1ef C:\Program Files\Dell Support Center\bin\sprtupdate.dll MD5: 1a4f60ef6da38621f1091b0cb0fa2c09 C:\Program Files\Dell\BAE\BAE.dll MD5: 621a9728f52645c3e1b859e642aed1e3 C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_D1B8F90352BD52A9.dll MD5: 5ff2f46be1d8be01b5c304ee4703478a C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll MD5: 815a3cfde5abe0ce53d7a3b33f0dba6b C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll MD5: a953e104137df406b70477d60bc29008 C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll MD5: ad7125bc367bdc060729984ec2e5377a C:\Program Files\Internet Explorer\ieproxy.dll MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Internet Explorer\plugins\nppdf32.dll MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll MD5: bb0ee0c172e3d626263299ef1832fd40 C:\Program Files\internet explorer\xpshims.dll MD5: 55e583817a2012fd75f1f8cf87ee760c C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll MD5: 87ffc1ff3b269fd8e0bb010294b697f6 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe MD5: 246af5a08b0339231bdd7437ab6ff6b8 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe MD5: 74e6e96c6f0e2eca4edbb7f7a468f259 C:\Program Files\Messenger\msmsgs.exe MD5: 1d1b22613eab9287af902398867bc93c C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe MD5: 2a30d4b6319a69c82def52cb3672eceb C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll MD5: 27f9e0201d27d1c6472285de35898ca1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll MD5: b0753e73ff63f485521a9ddeb7de91eb C:\Program Files\Musicnotes\npmusicn.dll MD5: 0dd1e0a385b888107a1f9206189596cf C:\Program Files\Musicnotes\npsibelius.dll MD5: fd7e9aba274df75e08320420b8e9a1d5 C:\Program Files\NOS\bin\getPlus_Helper.dll MD5: 1acf98d80e95add298832c7a8996b48c C:\Program Files\NOS\bin\getPlus_Helper_3004.dll MD5: 625d0a824f513ce1cabb8861e97f2142 C:\Program Files\Picasa2\npPicasa2.dll MD5: 2d5e502371e736eb033ab0c5c6795674 C:\Program Files\Picasa2\npPicasa3.dll MD5: f34eb5d4f145ed5fe50033ca3a41ed24 C:\Program Files\QuickTime\qttask.exe MD5: 6f5386267113fe4e0f87a882de48c577 C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe MD5: 4c90dc07f50d3928ec5176098a811e82 C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\opends60.dll MD5: 109bf99c6ca4c590d4abb4f67b499099 C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\Resources\1033\sqlevn70.RLL MD5: 352e375ab298c23b0f9bc307652c7f50 C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE MD5: 1b959a0614d575d0ab3b09095f0a8b83 C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe MD5: 0e3388bc341fcaf843e85541fcccdd83 C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlsort.dll MD5: 2c04fd22c5e2bcbd612d1ea4f4046274 C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\SSmsLPCn.dll MD5: f0f26a48165edb26e33c5598acd1f019 C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\binn\SSNETLIB.dll MD5: 6bd0412235b2a16fc3c333ce7e93bdf2 C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\ums.dll MD5: fb537f29a827d78f756154cf397a113f C:\WINDOWS\AppPatch\AcGenral.DLL MD5: c41203e76f7f4cfd5a81966ba3c129ba C:\WINDOWS\AppPatch\AcLayers.DLL MD5: fc6427ffb3d95cf1bb9babe68baa8385 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll MD5: 7c009119f6851465acd1d21f7aee2125 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll MD5: 3bfe3d86bb8101acf59e532e612ec4c6 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll MD5: 3f4413dcd8d3bbabf08f68f25e6d60e1 C:\WINDOWS\Downloaded Program Files\isusweb.dll MD5: 23dc75d158d484177ffe99e23264f89f C:\WINDOWS\Downloaded Program Files\qsax.dll MD5: 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll MD5: cebed017c4965fc4407ccd986ae0a528 C:\WINDOWS\Network Diagnostic\xpnetdiag.exe MD5: 875d770f477e0ae0088be1810d537b23 C:\WINDOWS\system32\activeds.dll MD5: 13510490bea0997db625daa0178cbfca C:\WINDOWS\system32\actxprxy.dll MD5: e8e57b0f9eb03d1aabec28d550c75116 C:\WINDOWS\system32\ADVAPI32.dll MD5: f1958fbf86d5c004cf19a5951a9514b7 C:\WINDOWS\system32\alg.exe MD5: eca24ab73fcffa754d4070cdb03529e3 C:\WINDOWS\system32\Apphelp.dll MD5: fae38db973cb03de0779fb02ac1ed8e4 C:\WINDOWS\system32\asycfilt.dll MD5: 5c3df25926729ebeef5cc7ff1933b360 C:\WINDOWS\system32\AUTHZ.dll MD5: 4c04d0d0f6f480832a2e336c61f18850 C:\WINDOWS\system32\browselc.dll MD5: e3cfccdda4edd1d0dc9168b2e18f27b8 c:\windows\system32\browser.dll MD5: a965b0deb87c075165e10dacd8fd9041 C:\WINDOWS\system32\BROWSEUI.dll MD5: 08f0190ae201ec331b4ca3b0fa2d2cce C:\WINDOWS\System32\Cabinet.dll MD5: e4b814fd217114df27717f4a7bd5b0ea C:\WINDOWS\system32\CAPM1LMK.DLL MD5: 740baad99c97257d37c77d55daf2d00e C:\WINDOWS\system32\CAPM1PTN.DLL MD5: 56d60b099d88d101dddc7b58776d2bf7 C:\WINDOWS\system32\CAPM1RSK.EXE MD5: 88add6a268b4358922488f8d10550c02 C:\WINDOWS\system32\CAPM1SMK.DLL MD5: ad44c5bc21213f394f6afcb55cc39293 c:\windows\system32\certcli.dll MD5: 0fcb11b39af688035e1cde754684ee5c c:\windows\system32\CFGMGR32.dll MD5: ec8a848fc4f17f3b3d9da4a0c43fb930 C:\WINDOWS\system32\CLBCATQ.DLL MD5: 98c1ff6676e02d43da208802286a6ee7 C:\WINDOWS\System32\CLUSAPI.DLL MD5: 07f0460ce9a571d1db6aebe83df6aa9e C:\WINDOWS\system32\CNCC160.DLL MD5: df588e45cc12913b3c63b7b03a971b81 C:\WINDOWS\system32\CNCL160.DLL MD5: 43bae2a78de14f25979d09647f4b681d C:\WINDOWS\system32\CNMLM83.DLL MD5: 69d7630b2b64c48121adee09e73e339f C:\WINDOWS\system32\colbact.DLL MD5: b0124cb21d28b1c9f678b566b6b57d92 C:\WINDOWS\system32\COMCTL32.dll MD5: 6728270cb7dbb776ed086f5ac4c82310 C:\WINDOWS\system32\COMRes.dll MD5: 75deb92422d955373825a11f9f74ec6a C:\WINDOWS\system32\comsvcs.dll MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll MD5: 1ecb753d7ceec8f5a94c9781ca64ec44 c:\windows\system32\credui.dll MD5: cad4aa32e7eca00c23cc39c0eb833f9d C:\WINDOWS\system32\cryptnet.dll MD5: 10654f9ddcea9c46cfb77554231be73b c:\windows\system32\cryptsvc.dll MD5: 587729679b4fe04ce06a5c61d6c56dcd C:\WINDOWS\system32\cscdll.dll MD5: f12b178b1678d778cfd3ff1fc38c71fb C:\WINDOWS\system32\csrss.exe MD5: 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe MD5: 8e19878192348e8bd426a389c942808e C:\WINDOWS\system32\D3DIM700.DLL MD5: 6479a184873f7ca797ff0375d711e9a6 C:\WINDOWS\system32\dbghelp.dll MD5: 7ed462f353b3d915a418a689fa881f96 C:\WINDOWS\system32\DDRAW.dll MD5: ad805da7015d155ef9899f73a1c27753 C:\WINDOWS\system32\ddrawex.dll MD5: ef545e1a4b043da4c84e230dd471c55f c:\windows\system32\dhcpcsvc.dll MD5: aac8ffbfd61e784fa3bac851d4a0bd5f c:\windows\system32\dnsrslvr.dll MD5: 2c428fa0c3e3a01ed93c9b2a27d8d4bb C:\WINDOWS\system32\DRIVERS\agp440.sys MD5: 67288b07d6aba6c1267b626e67bc56fd C:\WINDOWS\system32\DRIVERS\agpCPQ.sys MD5: f312b7cef21eff52fa23056b9d815fad C:\WINDOWS\system32\DRIVERS\alim1541.sys MD5: 675c16a3c1f8482f85ee4a97fc0dde3d C:\WINDOWS\system32\DRIVERS\amdagp.sys MD5: 40caace7f2e7668148a1d45cf91e1131 C:\WINDOWS\system32\DRIVERS\atapi.sys MD5: 7f599e8bcc5ebc78fa711e9e55eea40c C:\WINDOWS\system32\Drivers\CAPM1LP.SYS MD5: 34aaa3b298a852b3663e6e0d94d12945 C:\WINDOWS\system32\DRIVERS\e1e5132.sys MD5: e31363d186b3e1d7c4e9117884a6aee5 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys MD5: ed6bf9e441fdea13292a6d30a64a24c3 C:\WINDOWS\system32\DRIVERS\i2omp.sys MD5: 997e8f5939f2d12cd9f2e6b395724c16 C:\WINDOWS\system32\drivers\iaStor.sys MD5: 28423512370705aeda6a652fedb25468 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys MD5: 2d722b2b54ab55b2fa475eb58d7b2aad C:\WINDOWS\system32\DRIVERS\intelide.sys MD5: e182fa8e49e8ee41b4adc53093f3c7e6 C:\WINDOWS\system32\DRIVERS\kbdhid.sys MD5: bc2a92cff784555ed622f861cb34f2e6 C:\WINDOWS\System32\Drivers\Mpfp.sys MD5: 17bbbabb21f86b650b2626045a9d016c C:\WINDOWS\system32\drivers\RtkHDAud.sys MD5: 732d859b286da692119f286b21a2a114 C:\WINDOWS\system32\DRIVERS\sisagp.sys MD5: c6db9f873b09c63f5cb1de10c08bf6f9 C:\WINDOWS\system32\DRIVERS\SymIM.sys MD5: ced744117e91bdc0beb810f7d8608183 C:\WINDOWS\system32\DRIVERS\update.sys MD5: 708579b01fed227aadb393cb0c3b4a2c C:\WINDOWS\system32\DRIVERS\usbehci.sys MD5: d92e7c8a30cfd14d8e15b5f7f032151b C:\WINDOWS\system32\DRIVERS\viaagp.sys MD5: 55e148c01296696588eafa425782c3e8 C:\WINDOWS\system32\DSOUND.dll MD5: cacd2c63a79268d131ea37e85524cc44 C:\WINDOWS\system32\dssenh.dll MD5: ed7e847905dd2797565b4b695e92f42b C:\WINDOWS\system32\DUSER.dll MD5: e24f419e8d5414de6480041075b0cd10 C:\WINDOWS\system32\EBPMON2.DLL MD5: d6387af664c64d8d8dc7fdc880964058 C:\WINDOWS\system32\eEBUtil.dll MD5: 50de118da580208b914b40dd47c90d52 c:\windows\system32\ESENT.dll MD5: c7f69894e6c2a9b2159e8bbc2c6dcff5 C:\WINDOWS\System32\evntagnt.dll MD5: d4db912260f0ce3d10b20f3a24baa14f C:\WINDOWS\system32\FXSAPI.dll MD5: 9cc834bddffd69ffbf3c58408c4e47b3 C:\WINDOWS\system32\FXSEVENT.dll MD5: f517bd3b95fb375b42aedbb386615392 C:\WINDOWS\system32\FXSMON.DLL MD5: 634bd178592169d7890b5ac105a8f208 C:\WINDOWS\system32\fxsst.dll MD5: fcbd571fa0ee8dc238944ae5fab74461 C:\WINDOWS\system32\fxssvc.exe MD5: 170e5758469d83e269ced8aadf8b5b90 C:\WINDOWS\system32\gotomon.dll MD5: f8f80460c7b36d824cffc8053dff4c74 C:\WINDOWS\system32\hccutils.DLL MD5: 765b30c776a1780b46b479fe614f707c C:\WINDOWS\System32\hnetcfg.dll MD5: 35c1f6ca4fa6ef9822d9e9912426b2c5 C:\WINDOWS\System32\hostmib.dll MD5: 39860787f4e6de9a35ab1e74330cc788 C:\WINDOWS\system32\iepeers.dll MD5: 11d2eaaf3eb3fe282b38e9ec8e4bb206 C:\WINDOWS\system32\igfxdev.dll MD5: 20906fea416188d06747cd4372077ab3 C:\WINDOWS\system32\igfxpph.dll MD5: adac5ffc41bda7897275037c0feebd01 C:\WINDOWS\system32\igfxres.dll MD5: 6c4f7cc933a34c3e99b259917d8c0700 C:\WINDOWS\system32\igfxress.dll MD5: 392de3e940155dbab2dab36801b48f48 C:\WINDOWS\system32\igfxsrvc.dll MD5: c13b8585bdc134a4988e0328cce73057 C:\WINDOWS\System32\igmpagnt.dll MD5: 5afce94e8286b2f57a04da37f01bf21a C:\WINDOWS\system32\IMAGEHLP.dll MD5: 87ca7ce6469577f059297b9d6556d66d C:\WINDOWS\system32\IMM32.DLL MD5: abbb064336dc11194e2341ad06b8314e C:\WINDOWS\System32\inetmib1.dll MD5: f14a6bd840e4d7cd4c0535cb3cef2887 C:\WINDOWS\system32\inetpp.dll MD5: 011eacf9153ef90e6cbce2987acae411 C:\WINDOWS\System32\iphlpapi.dll MD5: 36cc8c01b5e50163037bef56cb96deff c:\windows\system32\ipnathlp.dll MD5: 1206e36eb45cd0372fa200b3b0bb7841 C:\WINDOWS\system32\javacypt.dll MD5: 1efbd57fa79b96f638f3f72dcc393f34 C:\WINDOWS\system32\kerberos.dll MD5: b6acaed7588295129791e0e6a2b0fade C:\WINDOWS\system32\kernel32.dll MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll MD5: a1a688ee56cf3bbd24edeb815d48e9ba C:\WINDOWS\system32\LINKINFO.dll MD5: 745c69bf7ed3374833b8535e7895dce5 C:\WINDOWS\System32\lmmib2.dll MD5: 2e632f071817ad3758c386571cbd9858 C:\WINDOWS\system32\localspl.dll MD5: 7db59fff2af32c27eb2276424fa5eddb C:\WINDOWS\system32\logonui.exe MD5: c958e5dec0465523fe9c058c2f3eca80 C:\WINDOWS\system32\LPRHELP.dll MD5: ed6ee8d7f78fc8267a394bb982ec8de3 C:\WINDOWS\system32\lprmon.dll MD5: 8185eee4e645f74c9ff30271365e0aba C:\WINDOWS\system32\LSASRV.dll MD5: 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe MD5: efbef826c183cf8edab324ce514d69b7 C:\WINDOWS\system32\Macromed\Flash\Flash10t.ocx MD5: 5ff9d3dbdb154fc50f680a32ba397614 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MD5: 39f32be798462a491f502bdb9cb31ae9 C:\WINDOWS\System32\mcastmib.dll MD5: 0346da24de3c85909717d5997510a31f C:\WINDOWS\system32\MLANG.dll MD5: 2cfe80aa3428c09e6de67fac50da65cf C:\WINDOWS\system32\MPR.dll MD5: 9f78f329b1858e845087b923b4dba0f3 C:\WINDOWS\System32\MPRAPI.dll MD5: a9753f3343eb7a8bc3b498841c8be6fd C:\WINDOWS\system32\MSCTF.dll MD5: 892f4bc54d486feb4df03e4e2ecb14e0 C:\WINDOWS\system32\msi.dll MD5: d3ad4f21dd60b4b9bfeb415564a6c308 C:\WINDOWS\system32\msimtf.dll MD5: e75aa32c6b79c846f5314ca4da92f29e C:\WINDOWS\system32\msjava.dll MD5: f5ee7cacd1784241f138a5e55b715897 c:\windows\system32\mstlsapi.dll MD5: 9eea0ca999a33c9d2eabe82e4c624cc3 C:\WINDOWS\system32\MSUTB.dll MD5: 8bcc4cb5ae075bfa6dde97cc3dac1dc6 C:\WINDOWS\system32\msv1_0.dll MD5: 1f57eb5b92b2ac7f9d71a77d184d8c13 C:\WINDOWS\System32\MSVCP60.dll MD5: 5a542c4e0f036431d0b7b607fc08758f C:\WINDOWS\system32\MSVCR70.dll MD5: b0fefa816d61ec66aa765ddf534eab5e C:\WINDOWS\system32\msvcrt.dll MD5: 146d198e3ad9d4b69c9eb0aea6ef333b C:\WINDOWS\system32\MSVCRT40.dll MD5: 99f43b9b76c88acead42fe84744f8c87 C:\WINDOWS\system32\MTXCLU.DLL MD5: e3ae8dc04643850d2dfd431443558b28 c:\windows\system32\netcfgx.dll MD5: 6c476d33d82f1054849790181e8f7772 C:\WINDOWS\system32\netlogon.dll MD5: 36739b39267914ba69ad0610a0299732 c:\windows\system32\netman.dll MD5: bf52a4d4eb4cfb3109667e429b93e21a c:\windows\system32\netshell.dll MD5: 01520b46830c8178e1b2c05a4f3f6c16 C:\WINDOWS\System32\NETUI0.dll MD5: 88b918e7fb3b09595dd8a0fd09a35b8f C:\WINDOWS\System32\NETUI1.dll MD5: 2f868bffbf50524653d7fe0d99afb064 C:\WINDOWS\system32\ntdll.dll MD5: 6201bacf384292a5fe94ce73364ae53a C:\WINDOWS\system32\NTDSAPI.dll MD5: daa91b358e685fc6cca9aca72be6fe85 C:\WINDOWS\system32\NTMARTA.DLL MD5: b62f29c00ac55a761b2e45877d85ea0f C:\WINDOWS\system32\ntmssvc.dll MD5: 385e9aec6e100dbebee5bd1f27a55e1d C:\WINDOWS\system32\ntshrui.dll MD5: f79d7d98cd764499eccbaaf3f800d349 C:\WINDOWS\system32\ODBC32.dll MD5: c237fb08f52f27823c4e4e6705ecd196 C:\WINDOWS\system32\odbcint.dll MD5: ab8231d13692ac5088eb9c226b0c0576 C:\WINDOWS\system32\ole32.dll MD5: 0144abc4c4a624b583d432ee478a711c C:\WINDOWS\system32\OLEAUT32.dll MD5: e7584239b46c4e0702aff5a1c8a410bb C:\WINDOWS\system32\pdh.dll MD5: 39dc8d9bfb2d7fef8634fbf0b83dbc2f C:\WINDOWS\system32\printui.dll MD5: 4d3ccdf22d2b4bae229ba73b81d13e26 C:\WINDOWS\system32\psbase.dll MD5: 037438a305f1eff51af788c32eff4360 C:\WINDOWS\system32\qmgrprxy.dll MD5: 5f098bd2ae6b03044b085decffdf91ec C:\WINDOWS\system32\rasadhlp.dll MD5: cd1f7ed9842138beadf9ecbf37818bef C:\WINDOWS\system32\RASAPI32.dll MD5: 44db7a9bdd2fb58747d123fbf1d35adb C:\WINDOWS\System32\rasauto.dll MD5: ba5d5fd3cca6f64a429e2e0e1a1a0917 C:\WINDOWS\System32\RASDLG.dll MD5: 30e244a707e6ce0a4b099cd6384ec6ca C:\WINDOWS\system32\rasman.dll MD5: 49b5eed5fb89d39456a2f616ccd8ba5d c:\windows\system32\rasmans.dll MD5: 04ecec0447f79419ad25227205b8277d C:\WINDOWS\System32\rasppp.dll MD5: 1d536bebc30dd8d0d3b6ff3b0cd2d32b C:\WINDOWS\System32\rastapi.dll MD5: 899ed710fdc37eb7d0115c2932c2b1eb C:\WINDOWS\system32\REGAPI.dll MD5: 2738c8a33ff07dd3c99c7c8f0a85da72 C:\WINDOWS\System32\RESUTILS.DLL MD5: 461b6e2f04112e659280314b7a414f30 C:\WINDOWS\system32\RPCRT4.dll MD5: 24b5d53b9accc1e2edcf0a878d6659d4 c:\windows\system32\rpcss.dll MD5: 26acbd865f8cff730f1791c4d0854352 C:\WINDOWS\system32\rsaenh.dll MD5: eb6dbf63a06590aa75ed58fcb58784de C:\WINDOWS\System32\rtipxmib.dll MD5: ebe12f403fde45e7312e7bf764bfb6c6 C:\WINDOWS\System32\SAMLIB.dll MD5: e15154e7fda8a580a8f74c7cc16b1ffe C:\WINDOWS\system32\SAMSRV.dll MD5: 0f78e27f563f2aaf74b91a49e2abf19a C:\WINDOWS\system32\scecli.dll MD5: 9a42c1f3154545a4d32e5043038b01fa C:\WINDOWS\system32\SCESRV.dll MD5: 3732492edd6c46454752f9ac78f2539e C:\WINDOWS\system32\schannel.dll MD5: 92360854316611f6cc471612213c3d92 c:\windows\system32\schedsvc.dll MD5: d636fa41e50671160d838ea2dace3330 C:\WINDOWS\system32\sclgntfy.dll MD5: 1d141672ce98383b22a1846e4d43c159 C:\WINDOWS\system32\Secur32.dll MD5: a624930228b698cf5b89f91caf23a908 C:\WINDOWS\system32\security.dll MD5: 4712531ab7a01b7ee059853ca17d39bd C:\WINDOWS\system32\services.exe MD5: a1abf509b1a1f01fbf52d34a0e1cde3d C:\WINDOWS\system32\SETUPAPI.dll MD5: 9858cc4d73a4ccf2f852fae07c11a0b5 C:\WINDOWS\system32\sfc_os.dll MD5: 137a36b389a1848e355f491bb3896d70 C:\WINDOWS\system32\SHDOCVW.dll MD5: 06da8c5383aaf17127fc4b1658ba3f4f C:\WINDOWS\system32\SHELL32.dll MD5: 43da983415ea533f9e667fdb415f4655 C:\WINDOWS\system32\ShimEng.dll MD5: 7c972c7f0e3ce48503e1e9fbe9890009 C:\WINDOWS\system32\SHLWAPI.dll MD5: 6815def9b810aefac107eeaf72da6f82 C:\WINDOWS\system32\SHSVCS.dll MD5: bd7fb0957c716f1a60333aee04de2178 C:\WINDOWS\system32\smss.exe MD5: 6feb04de6288f5466391e29057dc5b0e C:\WINDOWS\system32\snmp.exe MD5: 0484c838adfc880b74b0e9d2d97738e2 C:\WINDOWS\System32\snmpapi.dll MD5: 3ca0a12df02108e3186dc355ed74b3b2 C:\WINDOWS\System32\snmpmib.dll MD5: 6f591dbefd11f7697042907b516f1212 C:\WINDOWS\System32\snmptrap.exe MD5: 091be61c27675fa94f25f2e303f0eb6f C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE MD5: 8eafe585d51b9f21d3abbbb634ee65c2 C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1PMN.DLL MD5: 88add6a268b4358922488f8d10550c02 C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1SMK.DLL MD5: 05ccd4c4c7a74f1b90555bed201c2b66 C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1SWK.EXE MD5: cf3c1e404b818b59317c770d636c1e11 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDR83.DLL MD5: 8489eda0d2b53505cc98c02c3bcb751d C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI83.DLL MD5: fec3ace4d5e9b8b13c401941ee50f476 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD83.DLL MD5: c1f032c90579b2f820af5f25206093aa C:\WINDOWS\System32\spool\PRTPROCS\W32X86\GoToPrintProcessor.dll MD5: 87b85bc1e1f6e0228876204a20a9c24c C:\WINDOWS\system32\SPOOLSS.DLL MD5: da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe MD5: 92bdf74f12d6cbec43c94d4b7f804838 c:\windows\system32\srsvc.dll MD5: 0cb3af149a0bac0836022ca307c7a0f8 c:\windows\system32\srvsvc.dll MD5: 4b8d61792f7175bed48859cc18ce4e38 c:\windows\system32\ssdpsrv.dll MD5: 297101a925ecffdcdf7f6341ffbb6c1a C:\WINDOWS\system32\stobject.dll MD5: 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe MD5: 0ff9fa27706fbe9048990c108c0d62f0 C:\WINDOWS\system32\sxs.dll MD5: 9c28b09c8757065d74e662e5a3503c89 C:\WINDOWS\system32\T2EMBED.DLL MD5: 6307a1b82f6ca87d7e0cdf49e6e7bc00 C:\WINDOWS\system32\TAPI32.dll MD5: fb78839b36025aa286a51289ed28b73e c:\windows\system32\tapisrv.dll MD5: 32933b07fc16d9f778bee12545fa1b1a C:\WINDOWS\system32\tcpsvcs.exe MD5: e6796d51ced309e46d29c0b787735615 C:\WINDOWS\system32\themeui.dll MD5: 6d9ac544b30f96c57f8206566c1fb6a1 c:\windows\system32\trkwks.dll MD5: 586211f4ff4bc49cc215c956919cd33b C:\WINDOWS\system32\umpnpmgr.dll MD5: 339089d6c3fc3bc5ced8d9049c4d2101 C:\WINDOWS\system32\upnp.dll MD5: aca5d98663d879c6baafcea7e2f1b710 C:\WINDOWS\System32\upnphost.dll MD5: b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\USER32.dll MD5: 2b9b56a89a8a42e917511972a6db36e3 C:\WINDOWS\system32\USERENV.dll MD5: 39b1ffb03c2296323832acbae50d2aff c:\windows\system32\userinit.exe MD5: 2cde496666a975a2ce8f969f3042c8db C:\WINDOWS\system32\uxtheme.dll MD5: 9af7d69ba8e58573721c8b6785db4dc3 C:\WINDOWS\system32\VMHELPER.DLL MD5: 2b281958f5d0cf99ed626e3ef39d5c8d C:\WINDOWS\system32\w32time.dll MD5: de578e4e6844954823fc7688625f00c8 C:\WINDOWS\system32\wbem\esscli.dll MD5: 4de2616b80c62930fd337ec395462b21 C:\WINDOWS\system32\wbem\FastProx.dll MD5: 9a66728efe501d855d0ffe3de023ce32 C:\WINDOWS\system32\wbem\repdrvfs.dll MD5: 4e39c36213e95fb971a61a247bde2f61 C:\WINDOWS\system32\wbem\wbemcomn.dll MD5: 36360b625d7290bba2cd03ad4975e1bc C:\WINDOWS\system32\wbem\wbemcore.dll MD5: 6708e1ddf12cab2d5b5a2b66b76e0038 C:\WINDOWS\system32\wbem\wbemess.dll MD5: 44266e3a948fa690585b2d7205a672f6 C:\WINDOWS\system32\wbem\wmiprvsd.dll MD5: 0a1161db4fccf7821736c70d70a0f5a3 C:\WINDOWS\system32\wbem\wmiutils.dll MD5: 6e2aba80e627a6b2caccc6d0c60874b1 C:\WINDOWS\system32\wdigest.dll MD5: 265f534ef76832435afbf771ec97176d c:\windows\system32\webclnt.dll MD5: b6763f8534ac547cf1af98afdff2edc8 c:\windows\system32\wiaservc.dll MD5: a1c10f87248529173f39f4b4734df14b C:\WINDOWS\system32\win32spl.dll MD5: 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe MD5: 90fdaa22f38d9e911f91fa3b8a1f7e5d C:\WINDOWS\system32\winmm.dll MD5: 2c8fdb176f22629ea5342db474fac391 C:\WINDOWS\System32\winrnr.dll MD5: 7bcb23fa39ce266af4347a6beab60f8c C:\WINDOWS\system32\WINSCARD.DLL MD5: 3d21b3be0c5768e76fd9780e9cf9e07c C:\WINDOWS\system32\winsrv.dll MD5: 7bc4ba4c33adf3ef5cd370d99bc60b04 C:\WINDOWS\system32\WINSTA.dll MD5: 10f36fa092d7a309a0647fcdc764ae6c C:\WINDOWS\system32\WLDAP32.dll MD5: a599e5e366c1408e48aa5d37882d4e3e C:\WINDOWS\system32\WlNotify.dll MD5: 4d59daa66c60858cdf4f67a900f42d4a c:\windows\system32\wscsvc.dll MD5: 9a9bbc71d0ebcd400a33abcd5f0ab39c c:\windows\system32\WZCSAPI.DLL MD5: 5a91e6feab9f901302fa7ff768c0120f c:\windows\system32\wzcsvc.dll MD5: eef46dab68229a14da3d8e73c99e2959 C:\WINDOWS\System32\xmlprov.dll MD5: 1320aea7057a26a671d9548cc7bebda5 C:\WINDOWS\system32\xpsp2res.dll MD5: 424162325a32183bf65bbaf740209749 C:\WINDOWS\system32\zipfldr.dll MD5: c4e80875c1cf1222fc5efd0314ae5c01 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll No file uploaded. Scan finished - communication took 2 sec Total traffic - 0.01 MB sent, 1.29 KB recvd Scanned 629 files and modules - 27 seconds ==============================================================================
  6. lionvp
    Hello and I trust you had some time to enjoy the weekend! I reran ComboFix, although it asked if I wanted to update the program before running and I did not update. I also took the liberty of running the ESET online scanner, but since I was connected through firefox, it ran from a separate window. Attached are the threats found. Thank you again for your help! ComboFix 11-07-01.02 - Paul 07/05/2011 8:06.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1013.669 [GMT -5:00] Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Paul\Desktop\CFScript.txt * Created a new restore point . FILE :: "c:\windows\system32\drivers\mywebsearchservice.sys" . . ((((((((((((((((((((((((( Files Created from 2011-06-05 to 2011-07-05 ))))))))))))))))))))))))))))))) . . 2011-06-18 14:04 . 2011-06-18 16:14 -------- d-----w- c:\documents and settings\Administrator.VOSTRO-OFFICE.000 2011-06-07 17:35 . 2011-06-07 17:35 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2011-06-07 17:35 . 2011-06-07 17:35 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-30 15:40 . 2011-06-18 17:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-03-26 18:09 . 2010-03-26 18:09 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-07-02_18.17.10 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-05 13:13 . 2011-07-05 13:13 16384 c:\windows\temp\Perflib_Perfdata_764.dat + 2011-07-05 13:13 . 2011-07-05 13:13 16384 c:\windows\temp\Perflib_Perfdata_748.dat + 2011-07-05 13:13 . 2011-07-05 13:13 16384 c:\windows\temp\Perflib_Perfdata_290.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Canon PC1200 iC D600 iR1200G Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE [2003-11-3 30208] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC] 2010-07-26 18:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk backup=c:\windows\pss\Billminder.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk backup=c:\windows\pss\Quicken Startup.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk backup=c:\windows\pss\UPS WorldShip Messaging Utility.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk backup=c:\windows\pss\UPS WorldShip PLD Reminder Utility.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2007-06-14 02:41 69632 ----a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2007-11-15 15:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2010-03-26 18:09 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-06-14 01:21 162584 ----a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2007-06-14 01:21 142104 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager] 2009-11-26 06:04 1087752 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NA1Messenger] 2009-12-02 03:36 24576 ----a-w- c:\ups\WSTD\UPSNA1Msgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] 2006-10-11 17:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-06-14 01:21 138008 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-05-27 15:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2007-06-14 02:41 16132608 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-09-28 18:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-07-25 10:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-10-11 13:51 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-01-27 15:09 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager] 2009-04-10 19:54 331776 ----a-w- c:\windows\system32\WDBtnMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "GoToMyPC"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "2479:TCP"= 2479:TCP:Services "5052:TCP"= 5052:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop "2899:TCP"= 2899:TCP:Services "4298:TCP"= 4298:TCP:Services . R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2/29/2008 5:40 PM 34916] R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 8:04 AM 135664] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/21/2011 8:11 AM 363344] S2 RapidPortM1;RapidPortM1;c:\windows\system32\drivers\CAPM1LP.SYS [1/29/2008 9:18 AM 22912] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/21/2008 11:54 AM 30192] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 8:04 AM 135664] S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 1:51 PM 14336] S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 13:04] . 2011-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 13:04] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.254 Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\ar55773n.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-05 08:19 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(696) c:\program files\Citrix\GoToMyPC\G2WinLogon.dll . - - - - - - - > 'explorer.exe'(3204) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\windows\system32\CAPM1RSK.EXE c:\program files\Dantz\Retrospect\retrorun.exe c:\progra~1\Dantz\RETROS~1\wdsvc.exe c:\windows\System32\snmp.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\windows\system32\spool\drivers\w32x86\3\CAPM1SWK.EXE . ************************************************************************** . Completion time: 2011-07-05 08:22:00 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-05 13:21 ComboFix2.txt 2011-07-02 18:23 . Pre-Run: 58,048,294,912 bytes free Post-Run: 58,033,360,896 bytes free . - - End Of File - - F68D5CC598932021B603A801998221E6 C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\BCP6M6MQ\KAV6[1].htm JS/Exploit.Agent.NBA trojan cleaned by deleting - quarantined C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\TX68MVYL\kav6[1].htm JS/Exploit.Agent.NBA trojan cleaned by deleting - quarantined C:\Documents and Settings\Paul\Application Data\Sun\Java\Deployment\cache\6.0\49\73190831-67ba8f3e a variant of Java/Exploit.CVE-2010-4452.A trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1300\A0130697.sys Win32/Olmasco.E trojan deleted - quarantined
  7. lionvp
    ComboFix 11-07-01.02 - Paul 07/02/2011 13:11:02.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1013.587 [GMT -5:00] Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\HelpAssistant\g2mdlhlpx.exe c:\documents and settings\HelpAssistant\WINDOWS c:\documents and settings\Paul\g2mdlhlpx.exe c:\documents and settings\Paul\Local Settings\Application Data\{61A795F0-9FB4-4229-A3CD-E37BFDDBE4B7} c:\documents and settings\Paul\Local Settings\Application Data\{61A795F0-9FB4-4229-A3CD-E37BFDDBE4B7}\chrome.manifest c:\documents and settings\Paul\Local Settings\Application Data\{61A795F0-9FB4-4229-A3CD-E37BFDDBE4B7}\chrome\content\_cfg.js c:\documents and settings\Paul\Local Settings\Application Data\{61A795F0-9FB4-4229-A3CD-E37BFDDBE4B7}\chrome\content\overlay.xul c:\documents and settings\Paul\Local Settings\Application Data\{61A795F0-9FB4-4229-A3CD-E37BFDDBE4B7}\install.rdf c:\documents and settings\Paul\Start Menu\Programs\Windows XP Repair c:\documents and settings\Paul\Start Menu\Programs\Windows XP Repair\Uninstall Windows XP Repair.lnk c:\documents and settings\Paul\Start Menu\Programs\Windows XP Repair\Windows XP Repair.lnk c:\documents and settings\Paul\WINDOWS c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf c:\windows\system32\linkinfo(2).dll . Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MYWEBSEARCHSERVICE . . ((((((((((((((((((((((((( Files Created from 2011-06-02 to 2011-07-02 ))))))))))))))))))))))))))))))) . . 2011-06-18 14:04 . 2011-06-18 16:14 -------- d-----w- c:\documents and settings\Administrator.VOSTRO-OFFICE.000 2011-06-07 17:35 . 2011-06-07 17:35 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2011-06-07 17:35 . 2011-06-07 17:35 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-30 15:40 . 2011-06-18 17:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-03-26 18:09 . 2010-03-26 18:09 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Canon PC1200 iC D600 iR1200G Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE [2003-11-3 30208] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC] 2010-07-26 18:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk backup=c:\windows\pss\Billminder.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk backup=c:\windows\pss\Quicken Startup.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk backup=c:\windows\pss\UPS WorldShip Messaging Utility.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk backup=c:\windows\pss\UPS WorldShip PLD Reminder Utility.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2007-06-14 02:41 69632 ----a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2007-11-15 15:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2010-03-26 18:09 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-06-14 01:21 162584 ----a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2007-06-14 01:21 142104 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager] 2009-11-26 06:04 1087752 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NA1Messenger] 2009-12-02 03:36 24576 ----a-w- c:\ups\WSTD\UPSNA1Msgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] 2006-10-11 17:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-06-14 01:21 138008 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-05-27 15:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2007-06-14 02:41 16132608 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-09-28 18:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-07-25 10:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-10-11 13:51 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-01-27 15:09 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager] 2009-04-10 19:54 331776 ----a-w- c:\windows\system32\WDBtnMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "GoToMyPC"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "2479:TCP"= 2479:TCP:Services "5052:TCP"= 5052:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop "2899:TCP"= 2899:TCP:Services "4298:TCP"= 4298:TCP:Services . R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2/29/2008 5:40 PM 34916] R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 8:04 AM 135664] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/21/2011 8:11 AM 363344] S2 RapidPortM1;RapidPortM1;c:\windows\system32\drivers\CAPM1LP.SYS [1/29/2008 9:18 AM 22912] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/21/2008 11:54 AM 30192] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 8:04 AM 135664] S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 1:51 PM 14336] S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2011-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 13:04] . 2011-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 13:04] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.254 Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\ar55773n.default\ . - - - - ORPHANS REMOVED - - - - . Notify-NavLogon - (no file) MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe MSConfigStartUp-DellAutomatedPCTuneUp - c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe MSConfigStartUp-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL MSConfigStartUp-pMkKaQsoKXBW - c:\documents and settings\All Users\Application Data\pMkKaQsoKXBW.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-02 13:17 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(696) c:\program files\Citrix\GoToMyPC\G2WinLogon.dll . - - - - - - - > 'explorer.exe'(432) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\windows\system32\CAPM1RSK.EXE c:\program files\Dantz\Retrospect\retrorun.exe c:\progra~1\Dantz\RETROS~1\wdsvc.exe c:\windows\System32\snmp.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2011-07-02 13:23:52 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-02 18:23 . Pre-Run: 56,605,470,720 bytes free Post-Run: 58,073,403,392 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 61038229D3EF380900E1959ACE6A2FA3 attach2.zip
  8. lionvp
    Here is the DDS and GMER info. The GMER ran with the IAT/EAT box checked. I am re-running it now with that box unchecked, but it is taking its time. I also had run the Defogger program. I downloaded and extracted the TDSKILLER.exe program, but it does not seem to run, only the "sands of time" icon flashes briefly when I try to run it. Do you want me to download and run the combofix.exe program next? Thanks for any help.. DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15 Run by Paul at 11:45:03 on 2011-07-02 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1013.432 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe svchost.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\WINDOWS\system32\mfevtps.exe C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe C:\WINDOWS\system32\CAPM1RSK.EXE C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Dantz\Retrospect\retrorun.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\CAPM1RSK.EXE C:\WINDOWS\system32\CAPM1RSK.EXE C:\WINDOWS\system32\CAPM1RSK.EXE C:\WINDOWS\system32\CAPM1RSK.EXE C:\Program Files\Citrix\GoToMyPC\G2ProcessFactory.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\Mozilla Firefox\firefox.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uWindow Title = Windows Internet Explorer provided by MSN & Bing mSearch Bar = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110513141811.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe IE: &Search IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813 DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269096774406 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{2C2CBADC-C982-43E6-84B1-3CEAFEEF45BD} : DhcpNameServer = 192.168.1.254 Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\paul\application data\mozilla\firefox\profiles\ar55773n.default\ FF - component: c:\documents and settings\paul\application data\mozilla\firefox\profiles\ar55773n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\paul\application data\mozilla\firefox\profiles\ar55773n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll FF - component: c:\program files\mozilla firefox\components\Scriptff.dll FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\musicnotes\npmusicn.dll FF - plugin: c:\program files\musicnotes\NPSibelius.dll FF - plugin: c:\program files\picasa2\npPicasa2.dll FF - plugin: c:\program files\picasa2\npPicasa3.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-1 387480] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-1 84200] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-1 271480] R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-1 271480] R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-1 171168] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-1 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-1 141792] R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2008-2-29 34916] R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\wstd\mssql$upswsdbserver\binn\sqlservr.exe -supswsdbserver --> c:\ups\wstd\mssql$upswsdbserver\binn\sqlservr.exe -sUPSWSDBSERVER [?] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-1 153280] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-1 52320] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-1 314088] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-1 88736] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-21 363344] S2 RapidPortM1;RapidPortM1;c:\windows\system32\drivers\CAPM1LP.SYS [2008-1-29 22912] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-1 56064] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-21 30192] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664] S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-1 88736] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-1 84488] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336] S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\wstd\mssql$upswsdbserver\binn\sqlagent.exe -i upswsdbserver --> c:\ups\wstd\mssql$upswsdbserver\binn\sqlagent.EXE -i UPSWSDBSERVER [?] . =============== Created Last 30 ================ . 2011-06-30 18:05:47 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan 2011-06-30 18:05:46 -------- d-----w- c:\program files\McAfee Security Scan 2011-06-30 15:40:29 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2011-06-30 15:40:28 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2011-06-27 20:59:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-21 13:11:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-21 13:11:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-18 17:47:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-06-18 17:47:12 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe 2011-06-18 17:47:11 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2011-06-18 17:47:11 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll 2011-06-18 17:47:11 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll 2011-06-18 17:47:11 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2011-06-18 17:47:11 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll 2011-06-18 17:47:11 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll 2011-06-07 17:35:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2011-06-07 17:35:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll . ==================== Find3M ==================== . 2011-04-14 19:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2011-04-14 19:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-04-14 19:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-04-14 19:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-04-14 19:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-04-14 19:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-04-14 19:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-04-14 19:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2011-04-14 19:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-04-14 19:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-04-14 19:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe . ============= FINISH: 11:46:48.06 =============== attach.zip
  9. lionvp
    Hello, I also have been fighting this google redirect problem for a few weeks now, with the other following symptoms: 1) IE keeps running in Task manager 2) printer spooler not starting 3) unable to complete a system restore 4)lost programs in start menu 5) desktop icons hidden 6)windows service pack 3 will not install with setup error "windows\system32\drivers\volsnap.sys is open or in use by another application". 7)windows update had not been working, and I used windows update reset microsoft fix-it #50202 to get it running again 8) used Malwarebytes numerous times and also paid for PRO but it will not load with errors "start service failed to perform desired action error code 1068" Windows XP home ver 5.1.2600 service pack 2 build 2600 IE explorer 8 version 0 Should I run the ComboFix.exe program to solve this? Thanks for any help!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.