Jump to content

Aggressive Redirect Virus - MBAM found one item but virus remains


MBDIAMO

Recommended Posts

Primary noticed symptom is Google searches being redirect to odd shopping related sites.

DDS Log

DDS (Ver_10-12-12.02) - NTFSx86

Run by Michelle at 19:52:02.70 on Sun 12/12/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1285 [GMT -8:00]

AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Philips\Philips PhotoFrame\PhotoManager.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\TeamViewer\Version5\TeamViewer.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

C:\Documents and Settings\Michelle\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [Auto Run Software for Photo Frame] "c:\program files\philips\philips photoframe\PhotoManager.exe" /autorun

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\michelle\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\michelle\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268631781128

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

Hosts: 74.125.45.100 securitysoftwarepayments.com

Hosts: 74.125.45.100 privatesecuredpayments.com

Hosts: 74.125.45.100 secure.privatesecuredpayments.com

Hosts: 74.125.45.100 getantivirusplusnow.com

Hosts: 74.125.45.100 secure-plus-payments.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michelle\applic~1\mozilla\firefox\profiles\j1i94u85.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\michelle\application data\mozilla\firefox\profiles\j1i94u85.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-4-28 114984]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-6-24 95896]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-6-24 810144]

R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-2-11 172328]

=============== Created Last 30 ================

2010-12-13 01:06:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-13 01:06:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-13 01:06:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-26 15:58:43 -------- d-----w- c:\windows\system32\wbem\repository\FS

2010-11-26 15:58:43 -------- d-----w- c:\windows\system32\wbem\Repository

2010-11-25 15:55:25 -------- d-----w- c:\docume~1\michelle\applic~1\Malwarebytes

2010-11-25 15:55:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-11-24 22:19:23 -------- d-----w- c:\docume~1\michelle\applic~1\Internet Security Suite

2010-11-24 22:19:19 -------- d-----w- c:\docume~1\michelle\locals~1\applic~1\ESET

==================== Find3M ====================

2010-11-12 18:46:58 4280320 ----a-w- c:\windows\system32\GPhotos.scr

2010-10-07 20:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-10-07 20:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

============= FINISH: 19:52:51.78 ===============

Link to post
Share on other sites

Hello MBDIAMO

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Link to post
Share on other sites

Thanks for the help here - OTL.Txt, Extras.Txt and Results.log included below in that order.

OTL logfile created on: 12/15/2010 6:28:38 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Michelle\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 147.57 Gb Total Space | 72.64 Gb Free Space | 49.22% Space Free | Partition Type: NTFS

Computer Name: MICHELLE1 | User Name: Michelle | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Michelle\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.)

PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)

PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

PRC - C:\Program Files\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)

PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)

PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUMPThumb.exe ()

PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUBrowser.exe (Sony Corporation)

PRC - C:\Program Files\Philips\Philips PhotoFrame\PhotoManager.exe (Philips)

PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

PRC - C:\WINDOWS\system32\sndvol32.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Michelle\My Documents\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)

SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)

SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

========== Driver Services (SafeList) ==========

DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)

DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)

DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)

DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)

DRV - (LVUVC) Logitech Webcam Pro 9000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)

DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/03/14 23:50:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 15:52:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 15:52:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/07/08 12:26:34 | 000,000,000 | ---D | M]

[2010/03/14 21:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions

[2010/03/14 21:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/03/14 22:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\8sbt3vge.default\extensions

[2010/03/14 22:22:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\8sbt3vge.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)

[2010/12/15 13:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\j1i94u85.default\extensions

[2010/03/14 22:02:03 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\j1i94u85.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2010/12/15 13:47:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/12/10 15:52:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/03/15 18:27:32 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/12/10 15:52:13 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/12/10 15:52:13 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/12/10 15:52:18 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2006/10/26 19:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

[2007/03/22 18:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

[2009/12/21 17:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/12/06 17:43:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/12/06 17:43:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/12/06 17:43:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/12/06 17:43:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/12/06 17:43:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/12/06 17:43:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/12/06 17:43:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2010/02/19 18:31:44 | 000,031,936 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll

[2010/07/28 06:04:01 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/07/28 06:04:01 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/07/28 06:04:01 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/07/28 06:04:01 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/07/28 06:04:01 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/07/28 06:04:01 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/07/28 06:04:01 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/11/24 18:17:50 | 000,002,000 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com

O1 - Hosts: 74.125.45.100 privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 secure-plus-payments.com

O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com

O1 - Hosts: 74.125.45.100 www.getavplusnow.com

O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com

O1 - Hosts: 74.125.45.100 urs.microsoft.com

O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com

O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com

O1 - Hosts: 74.125.45.100 paysoftbillsolution.com

O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com

O1 - Hosts: 69.72.227.44 www.google.com

O1 - Hosts: 69.72.227.44 google.com

O1 - Hosts: 69.72.227.44 google.com.au

O1 - Hosts: 69.72.227.44 www.google.com.au

O1 - Hosts: 69.72.227.44 google.be

O1 - Hosts: 69.72.227.44 www.google.be

O1 - Hosts: 69.72.227.44 google.com.br

O1 - Hosts: 69.72.227.44 www.google.com.br

O1 - Hosts: 69.72.227.44 google.ca

O1 - Hosts: 69.72.227.44 www.google.ca

O1 - Hosts: 69.72.227.44 google.ch

O1 - Hosts: 38 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKCU..\Run: [Auto Run Software for Photo Frame] C:\Program Files\Philips\Philips PhotoFrame\PhotoManager.exe (Philips)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1268631781128 (WUWebControl Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/03/14 14:28:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/14 13:36:09 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys

[2010/12/14 13:35:32 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe

[2010/12/13 16:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\YesVideo

[2010/12/12 17:06:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/12/12 17:06:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/12/12 17:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/26 08:25:00 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2010/11/25 07:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Malwarebytes

[2010/11/25 07:55:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/11/24 18:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET

[2010/11/24 14:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Internet Security Suite

[2010/11/24 14:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\ESET

[2010/11/18 10:12:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Michelle\Desktop\*.tmp files -> C:\Documents and Settings\Michelle\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/15 18:25:53 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk

[2010/12/15 15:11:55 | 066,519,040 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\20101214174745.mpg

[2010/12/15 13:23:35 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk

[2010/12/15 07:02:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/12/15 07:01:14 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2010/12/15 07:01:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/12/15 07:00:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs

[2010/12/15 07:00:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad

[2010/12/15 03:25:08 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/12/15 03:07:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/12/14 11:10:30 | 073,334,784 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\20101214081812.mpg

[2010/12/13 17:36:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/12/13 05:12:00 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\mbam-log-2010-12-12 (18-48-43).zip

[2010/12/13 05:06:23 | 000,000,985 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\ark.zip

[2010/12/12 20:00:52 | 000,004,782 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Attach.zip

[2010/12/12 19:44:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michelle\defogger_reenable

[2010/12/12 17:06:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/12 12:21:26 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\House Design Items.doc

[2010/12/12 04:51:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Fetch.job

[2010/12/11 15:35:11 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Michelle\Desktop\~$use Design Items.doc

[2010/12/07 11:14:00 | 000,924,717 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Invoice.jpg

[2010/12/06 17:56:06 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/12/06 17:47:11 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2010/12/06 17:47:11 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/12/06 17:43:40 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/12/02 12:35:35 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Greenberg Hanukkah Dinner Menu.doc

[2010/12/01 17:09:51 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/27 12:01:47 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\system.id

[2010/11/26 08:27:07 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk

[2010/11/26 08:27:07 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk

[2010/11/24 18:17:50 | 000,002,000 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/11/18 16:01:21 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2010/11/18 10:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll

[2010/11/18 10:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Michelle\Desktop\*.tmp files -> C:\Documents and Settings\Michelle\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/15 15:26:15 | 066,519,040 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\20101214174745.mpg

[2010/12/14 11:15:31 | 073,334,784 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\20101214081812.mpg

[2010/12/13 05:12:00 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\mbam-log-2010-12-12 (18-48-43).zip

[2010/12/13 05:06:23 | 000,000,985 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\ark.zip

[2010/12/12 20:00:52 | 000,004,782 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\Attach.zip

[2010/12/12 19:44:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\defogger_reenable

[2010/12/12 17:06:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/11 15:35:11 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\House Design Items.doc

[2010/12/11 15:35:11 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Michelle\Desktop\~$use Design Items.doc

[2010/12/07 11:14:00 | 000,924,717 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\Invoice.jpg

[2010/12/06 17:56:06 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/12/06 17:43:39 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/12/02 12:35:34 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\Greenberg Hanukkah Dinner Menu.doc

[2010/11/27 12:01:47 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\system.id

[2010/11/26 08:27:07 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk

[2010/11/26 08:27:07 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk

[2010/06/20 20:00:12 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010/06/20 20:00:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2010/06/20 20:00:09 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010/06/20 20:00:09 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010/06/20 20:00:08 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010/04/05 14:09:58 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2010/04/04 18:32:51 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

[2010/03/15 10:45:33 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2010/03/14 22:35:46 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/14 22:11:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll

[2010/03/14 21:55:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/03/14 06:16:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/10/07 00:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2009/10/07 00:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/03/14 15:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2010/07/08 12:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET

[2010/06/20 20:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MagicSoftware

[2010/03/17 18:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/04/08 05:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/03/14 17:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010/03/14 22:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Blitware(2)

[2010/11/26 07:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Internet Security Suite

[2010/03/15 10:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Leadertech

[2010/03/14 22:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\QuuSoft

[2010/03/15 00:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\TeamViewer

[2010/12/12 04:51:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Fetch.job

[2010/12/15 07:01:14 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 12/15/2010 6:28:38 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Michelle\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 147.57 Gb Total Space | 72.64 Gb Free Space | 49.22% Space Free | Partition Type: NTFS

Computer Name: MICHELLE1 | User Name: Michelle | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0791A9FF-ED33-4BC0-9D5C-8B615D65C619}" = ESET NOD32 Antivirus

"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan

"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support

"{31B27B28-5E06-4483-A363-8D1F2A97D38D}" = HP Officejet J3600 Series

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc

"{4D04C9A1-F28C-4F6F-9D66-81BB000693D9}" = BPDSoftware_Ini

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{6F60CD17-EE34-4f77-83B7-F8ADBDC31D46}" = ProductContext

"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update

"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{88FBDCF4-8ACF-46e6-9C33-231FBA6378D8}" = J3600

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel

"{8CE4CB34-8187-42A1-B597-517760BEE8EC}" = BPD_Scan

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch

"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software

"{C716522C-3731-4667-8579-40B098294500}" = Toolbox

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
    [resethosts]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "the system requires a reboot to finish"
  • Click on yes and after reboot it will open a log please post the contents of that log in your next reply.

=========

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Thanks again

OTL

All processes killed

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Michelle

->Temp folder emptied: 1049146264 bytes

->Temporary Internet Files folder emptied: 1055947793 bytes

->FireFox cache emptied: 199525268 bytes

->Apple Safari cache emptied: 50176 bytes

->Flash cache emptied: 146723 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 1720129 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2181852 bytes

%systemroot%\System32 .tmp files removed: 18301969 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 31890862 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 67240258 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 2644734072 bytes

Total Files Cleaned = 4,836.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 12202010_200335

Files\Folders moved on Reboot...

C:\Documents and Settings\Michelle\Local Settings\Temp\OLC Logging\mbdiamo_hotmail_com.txt moved successfully.

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DF1B99.tmp not found!

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DF5813.tmp not found!

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DF582B.tmp not found!

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DF9121.tmp not found!

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DFE39D.tmp not found!

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.Word\~WRF{82BD7819-A9B3-4733-B616-6F001F68C55E}.tmp not found!

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.Word\~WRS{71085172-9D44-4328-9000-F4B7241C7D6C}.tmp not found!

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.Word\~WRS{769BB671-BD76-4916-813A-A35C55861292}.tmp not found!

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.Word\~WRS{955776E2-8B7C-47D1-855F-E803166A9405}.tmp not found!

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.Word\~WRS{9D1EDB69-B453-4052-844C-E8DA1955A568}.tmp not found!

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.Word\~WRS{A661979E-285E-44F4-B0E7-63FE37BFD344}.tmp not found!

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.Word\~WRS{D45B5900-B57C-4136-854E-6665ABD6B585}.tmp not found!

Registry entries deleted on Reboot...

ComboFix

ComboFix 10-12-20.01 - Michelle 12/20/2010 20:23:52.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1489 [GMT -8:00]

Running from: c:\documents and settings\Michelle\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Michelle\Application Data\Internet Security Suite

c:\documents and settings\Michelle\Application Data\Internet Security Suite\cookies.sqlite

c:\documents and settings\Michelle\Recent\ANTIGEN.tmp

c:\documents and settings\Michelle\Recent\cid.tmp

c:\documents and settings\Michelle\Recent\energy.tmp

c:\documents and settings\Michelle\Recent\kernel32.tmp

c:\documents and settings\Michelle\Recent\sld.tmp

c:\windows\explorer(2).exe

c:\windows\system32\linkinfo(2).dll

c:\windows\system32\usp10(2).dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

((((((((((((((((((((((((( Files Created from 2010-11-21 to 2010-12-21 )))))))))))))))))))))))))))))))

.

2010-12-21 04:03 . 2010-12-21 04:03 -------- d-----w- C:\_OTL

2010-12-17 03:18 . 2010-12-17 03:18 296448 ----a-w- C:\t66m4ehs.exe

2010-12-14 21:36 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-14 21:35 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2010-12-14 00:49 . 2010-12-14 00:49 -------- d-----w- c:\documents and settings\Michelle\Local Settings\Application Data\YesVideo

2010-12-13 01:06 . 2010-11-30 01:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-13 01:06 . 2010-12-13 01:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-13 01:06 . 2010-11-30 01:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-26 16:25 . 2010-11-26 16:25 -------- d-----w- c:\program files\Google

2010-11-26 15:58 . 2010-11-26 15:58 -------- d-----w- c:\windows\system32\wbem\Repository

2010-11-25 15:55 . 2010-11-25 15:55 -------- d-----w- c:\documents and settings\Michelle\Application Data\Malwarebytes

2010-11-25 15:55 . 2010-11-25 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-11-25 02:21 . 2010-11-25 02:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET

2010-11-24 22:19 . 2010-11-24 22:19 -------- d-----w- c:\documents and settings\Michelle\Local Settings\Application Data\ESET

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-18 18:12 . 2010-03-14 22:25 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\windows\system32\GPhotos.scr

2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys

2010-10-07 20:23 . 2010-10-07 20:23 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-10-07 20:23 . 2010-10-07 20:23 107808 ----a-w- c:\windows\system32\dns-sd.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

"Auto Run Software for Photo Frame"="c:\program files\Philips\Philips PhotoFrame\PhotoManager.exe" [2007-08-28 4404736]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-16 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-16 155648]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-16 131072]

"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-09 47904]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-06-24 2202704]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]

c:\documents and settings\Michelle\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-3-15 385024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/28/2010 7:17 AM 114984]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6/24/2010 8:27 AM 95896]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6/24/2010 8:27 AM 810144]

R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2/11/2010 3:42 AM 172328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2010-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-12-21 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Michelle\Application Data\Mozilla\Firefox\Profiles\j1i94u85.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-20 20:28

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(6104)

c:\windows\system32\WININET.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\RTHDCPL.EXE

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Completion time: 2010-12-20 20:36:59 - machine was rebooted

ComboFix-quarantined-files.txt 2010-12-21 04:36

Pre-Run: 82,839,719,936 bytes free

Post-Run: 85,968,322,560 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 03D597904D6BA2A341DDFCB5C0BD9265

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
    [resethosts]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "the system requires a reboot to finish"
  • Click on yes and after reboot it will open a log please post the contents of that log in your next reply.

=========

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Link to post
Share on other sites

Below is the malware bytes log. I have not been able to run Kaspersky. Continual error saying license has expired. I believe I have tried many options to get it to work without success.

All processes killed

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Michelle

->Temp folder emptied: 1049146264 bytes

->Temporary Internet Files folder emptied: 1055947793 bytes

->FireFox cache emptied: 199525268 bytes

->Apple Safari cache emptied: 50176 bytes

->Flash cache emptied: 146723 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 1720129 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2181852 bytes

%systemroot%\System32 .tmp files removed: 18301969 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 31890862 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 67240258 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 2644734072 bytes

Total Files Cleaned = 4,836.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 12202010_200335

Files\Folders moved on Reboot...

C:\Documents and Settings\Michelle\Local Settings\Temp\OLC Logging\mbdiamo_hotmail_com.txt moved successfully.

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DF1B99.tmp not found!

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DF5813.tmp not found!

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DF582B.tmp not found!

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DF9121.tmp not found!

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temp\~DFE39D.tmp not found!

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.Word\~WRF{82BD7819-A9B3-4733-B616-6F001F68C55E}.tmp not found!

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.Word\~WRS{71085172-9D44-4328-9000-F4B7241C7D6C}.tmp not found!

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.Word\~WRS{769BB671-BD76-4916-813A-A35C55861292}.tmp not found!

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.Word\~WRS{955776E2-8B7C-47D1-855F-E803166A9405}.tmp not found!

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.Word\~WRS{9D1EDB69-B453-4052-844C-E8DA1955A568}.tmp not found!

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.Word\~WRS{A661979E-285E-44F4-B0E7-63FE37BFD344}.tmp not found!

File\Folder C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.Word\~WRS{D45B5900-B57C-4136-854E-6665ABD6B585}.tmp not found!

Registry entries deleted on Reboot...

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Link to post
Share on other sites

The kaspersky error says that from the online scanner?

Please click here to download Kaspersky Virus Removal Tool.

  1. Double click on the file you just downloaded and let it install.
  2. It will install to your desktop.
  3. After that leave what is selected and put a check next to My Computer.
  4. Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.
  5. Then click on Start Scan.
  6. Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  7. When the scan is done no log will be produced.
  8. Click on the bottom where it says Report to open the report.
  9. Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  10. This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  11. You can save this on the desktop.
  12. Post the contents of the document in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Link to post
Share on other sites

Right, kaspersky says that from the online scanner. Not sure the issue.

Here is the log from kaspersky virus removal tool:

Autoscan: completed 9 hours ago (events: 6, objects: 218433, time: 00:46:12)

12/26/2010 7:03:42 PM Task started

12/26/2010 7:20:00 PM Processing error C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\Outlook\mbdiamo_hotmail4.ost Read error

12/26/2010 7:20:00 PM Processing error C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\Outlook\Outlook2.pst Read error

12/26/2010 7:39:53 PM Task stopped

12/27/2010 5:16:28 AM Task started

12/27/2010 6:02:41 AM Task completed

The kaspersky error says that from the online scanner?

Please click here to download Kaspersky Virus Removal Tool.

  1. Double click on the file you just downloaded and let it install.
  2. It will install to your desktop.
  3. After that leave what is selected and put a check next to My Computer.
  4. Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.
  5. Then click on Start Scan.
  6. Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  7. When the scan is done no log will be produced.
  8. Click on the bottom where it says Report to open the report.
  9. Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  10. This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  11. You can save this on the desktop.
  12. Post the contents of the document in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Link to post
Share on other sites

Think issues are resolved from what we can tell. Please confirm you agree based on the below log. Plan to donate for all of your time spent helping us shortly. Thanks again.

OTL logfile created on: 12/27/2010 7:47:41 PM - Run 2

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Michelle\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free

4.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 147.57 Gb Total Space | 79.40 Gb Free Space | 53.80% Space Free | Partition Type: NTFS

Computer Name: MICHELLE1 | User Name: Michelle | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Michelle\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\BookSmart\BookSmart.exe (Blurb, Inc)

PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.)

PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)

PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)

PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)

PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()

PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Program Files\Apple Software Update\SoftwareUpdate.exe (Apple Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

PRC - C:\Program Files\Philips\Philips PhotoFrame\PhotoManager.exe (Philips)

PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Michelle\My Documents\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)

SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)

SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\catchme.sys File not found

DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)

DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)

DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)

DRV - (11828072) -- C:\WINDOWS\system32\DRIVERS\11828072.sys (Kaspersky Lab)

DRV - (setup_9.0.0.722_27.12.2010_04-33drv) -- C:\WINDOWS\system32\drivers\1182807.sys (Kaspersky Lab)

DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)

DRV - (LVUVC) Logitech Webcam Pro 9000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)

DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()

DRV - (11828071) -- C:\WINDOWS\system32\drivers\11828071.sys (Kaspersky Lab)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 15:52:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/23 18:20:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/07/08 12:26:34 | 000,000,000 | ---D | M]

[2010/03/14 21:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions

[2010/03/14 22:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\8sbt3vge.default\extensions

[2010/03/14 22:22:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\8sbt3vge.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)

[2010/12/24 17:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\j1i94u85.default\extensions

[2010/03/14 22:02:03 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\j1i94u85.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2010/12/24 17:44:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/03/15 18:27:32 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/12/23 18:20:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/12/23 18:19:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/20 20:28:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKCU..\Run: [Auto Run Software for Photo Frame] C:\Program Files\Philips\Philips PhotoFrame\PhotoManager.exe (Philips)

O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\setup_9.0.0.722_27.12.2010_04-33.lnk = C:\Documents and Settings\Michelle\Desktop\Virus Removal Tool\setup_9.0.0.722_27.12.2010_04-33\startup.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1268631781128 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/03/14 14:28:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/26 19:00:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2010/12/26 19:00:34 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\1182807.sys

[2010/12/26 19:00:34 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\11828071.sys

[2010/12/26 19:00:34 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\11828072.sys

[2010/12/26 19:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Desktop\Virus Removal Tool

[2010/12/26 18:40:24 | 086,870,808 | ---- | C] ( ) -- C:\Documents and Settings\Michelle\Desktop\setup_9.0.0.722_27.12.2010_04-33.exe

[2010/12/24 13:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\My Documents\BookSmartData

[2010/12/24 13:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\.blurb

[2010/12/24 13:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\BookSmart

[2010/12/24 13:04:22 | 044,159,512 | ---- | C] (Blurb, Inc) -- C:\Documents and Settings\Michelle\Desktop\BookSmart_2.9.5.exe

[2010/12/23 18:20:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2010/12/23 18:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/12/23 18:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/12/23 18:20:10 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/12/23 18:20:09 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/12/23 18:20:09 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/12/23 18:20:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/12/23 18:20:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/12/23 18:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2010/12/23 18:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Sun

[2010/12/23 17:28:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/12/20 20:26:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010/12/20 20:22:52 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/12/20 20:18:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/12/20 20:18:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/12/20 20:18:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/12/20 20:18:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/12/20 20:17:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/12/20 20:17:12 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/12/20 20:03:35 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/12/14 13:36:09 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys

[2010/12/14 13:35:32 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe

[2010/12/13 16:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\YesVideo

[2010/12/12 17:06:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/12/12 17:06:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/12/12 17:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[1 C:\Documents and Settings\Michelle\Desktop\*.tmp files -> C:\Documents and Settings\Michelle\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/27 17:36:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/12/26 19:02:37 | 000,002,239 | ---- | M] () -- C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\setup_9.0.0.722_27.12.2010_04-33.lnk

[2010/12/26 18:49:53 | 086,870,808 | ---- | M] ( ) -- C:\Documents and Settings\Michelle\Desktop\setup_9.0.0.722_27.12.2010_04-33.exe

[2010/12/26 18:11:17 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk

[2010/12/26 08:16:37 | 039,714,816 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\20101225165212.mpg

[2010/12/24 13:12:25 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/12/24 13:07:46 | 000,001,570 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\BookSmart.lnk

[2010/12/24 13:07:46 | 000,001,570 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BookSmart.lnk

[2010/12/24 13:05:01 | 044,159,512 | ---- | M] (Blurb, Inc) -- C:\Documents and Settings\Michelle\Desktop\BookSmart_2.9.5.exe

[2010/12/23 19:52:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/12/23 19:52:15 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2010/12/23 19:52:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/12/23 19:51:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs

[2010/12/23 19:51:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad

[2010/12/23 18:19:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/12/23 18:19:55 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/12/23 18:19:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/12/23 18:19:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/12/23 18:19:55 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/12/20 20:28:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/12/20 20:22:56 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2010/12/20 20:18:12 | 003,995,496 | R--- | M] () -- C:\Documents and Settings\Michelle\Desktop\ComboFix.exe

[2010/12/19 18:40:21 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\House Design Items - recoved.doc

[2010/12/16 19:18:41 | 000,296,448 | ---- | M] () -- C:\t66m4ehs.exe

[2010/12/16 18:07:38 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk

[2010/12/15 15:11:55 | 066,519,040 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\20101214174745.mpg

[2010/12/15 03:25:08 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/12/15 03:07:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/12/13 05:12:00 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\mbam-log-2010-12-12 (18-48-43).zip

[2010/12/13 05:06:23 | 000,000,985 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\ark.zip

[2010/12/12 20:00:52 | 000,004,782 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Attach.zip

[2010/12/12 19:44:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michelle\defogger_reenable

[2010/12/12 17:06:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/12 12:21:26 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\House Design Items.doc

[2010/12/11 15:35:11 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Michelle\Desktop\~$use Design Items.doc

[2010/12/07 11:14:00 | 000,924,717 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Invoice.jpg

[2010/12/06 17:56:06 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/12/06 17:47:11 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2010/12/06 17:47:11 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/12/06 17:43:40 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/12/02 12:35:35 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Greenberg Hanukkah Dinner Menu.doc

[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[1 C:\Documents and Settings\Michelle\Desktop\*.tmp files -> C:\Documents and Settings\Michelle\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/26 19:02:38 | 000,002,239 | ---- | C] () -- C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\setup_9.0.0.722_27.12.2010_04-33.lnk

[2010/12/26 08:17:34 | 039,714,816 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\20101225165212.mpg

[2010/12/24 13:07:46 | 000,001,570 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\BookSmart.lnk

[2010/12/24 13:07:46 | 000,001,570 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BookSmart.lnk

[2010/12/20 20:22:56 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/12/20 20:22:54 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2010/12/20 20:18:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/12/20 20:18:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/12/20 20:18:48 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/12/20 20:18:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/12/20 20:18:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/12/20 20:14:36 | 003,995,496 | R--- | C] () -- C:\Documents and Settings\Michelle\Desktop\ComboFix.exe

[2010/12/16 19:54:54 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\House Design Items - recoved.doc

[2010/12/16 19:18:41 | 000,296,448 | ---- | C] () -- C:\t66m4ehs.exe

[2010/12/15 15:26:15 | 066,519,040 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\20101214174745.mpg

[2010/12/13 05:12:00 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\mbam-log-2010-12-12 (18-48-43).zip

[2010/12/13 05:06:23 | 000,000,985 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\ark.zip

[2010/12/12 20:00:52 | 000,004,782 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\Attach.zip

[2010/12/12 19:44:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\defogger_reenable

[2010/12/12 17:06:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/11 15:35:11 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\House Design Items.doc

[2010/12/11 15:35:11 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Michelle\Desktop\~$use Design Items.doc

[2010/12/07 11:14:00 | 000,924,717 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\Invoice.jpg

[2010/12/06 17:56:06 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/12/06 17:43:39 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/12/02 12:35:34 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\Greenberg Hanukkah Dinner Menu.doc

[2010/11/27 12:01:47 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\system.id

[2010/06/20 20:00:12 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010/06/20 20:00:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2010/06/20 20:00:09 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010/06/20 20:00:09 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010/06/20 20:00:08 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010/04/05 14:09:58 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2010/04/04 18:32:51 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

[2010/03/15 10:45:33 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2010/03/14 22:35:46 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/14 22:11:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll

[2010/03/14 21:55:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/03/14 06:16:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/10/07 00:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2009/10/07 00:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >

Ok how are things running now?

Let me know of any remaining issues and open OTL once more and click on Run scan at the top.

Post the new log that opens please.

Link to post
Share on other sites

Yes your logs are clean.

You are welcome :lol:

Also please go here > http://get.adobe.com/reader/ and install the newest version of adobe reader.

Please open this folder on your desktop:

C:\Documents and Settings\Michelle\Desktop\Virus Removal Tool and double click the uninst.exe that is there to remove all the components of the removal tool.

=======Cleanup=======

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there.

======Next======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

========================

Delete\uninstall anything else that we have used that is leftover.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

How did I get infected in the first place? Also this one by Tony Klein.

If your computer is slow Things you can do if your computer is slow.

PC Safety and Security - What Do I Need? Security suggestions and general hints and tips for PC security.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

Link to post
Share on other sites

thank you, this is great, just donated to your page

Yes your logs are clean.

You are welcome :)

Also please go here > http://get.adobe.com/reader/ and install the newest version of adobe reader.

Please open this folder on your desktop:

C:\Documents and Settings\Michelle\Desktop\Virus Removal Tool and double click the uninst.exe that is there to remove all the components of the removal tool.

=======Cleanup=======

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there.

======Next======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

========================

Delete\uninstall anything else that we have used that is leftover.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

How did I get infected in the first place? Also this one by Tony Klein.

If your computer is slow Things you can do if your computer is slow.

PC Safety and Security - What Do I Need? Security suggestions and general hints and tips for PC security.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.