OK, here are the results:
ComboFix 08-09-03.06 - Theresa 2008-09-04 16:20:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.218 [GMT -5:00]Running from: C:\Documents and Settings\Theresa\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\Starware
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\gamesA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\jokesearch.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\moviesA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\PopupBlocker.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\PopupBlockerHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\popupblockerhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\popupblockerxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\pranks.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaverA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\smiley.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\smileyxp.png
C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\Travel.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\Catie\Cookies\catie@2o7[2].txt
C:\Documents and Settings\Catie\Cookies\catie@spamblockerutility[1].txt
C:\Documents and Settings\Catie\ResErrors.log
C:\Documents and Settings\Guest\Application Data\AVSystemCare
C:\Documents and Settings\Guest\Application Data\AVSystemCare\avtasks.dat
C:\Documents and Settings\Guest\Application Data\AVSystemCare\Logs\av.log
C:\Documents and Settings\Guest\Application Data\AVSystemCare\Logs\ga6Support.log
C:\Documents and Settings\Guest\Application Data\AVSystemCare\Logs\update.log
C:\Documents and Settings\Guest\Application Data\AVSystemCare\PGE.dat
C:\Documents and Settings\Guest\Application Data\ShoppingReport
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\Guest\ResErrors.log
C:\Documents and Settings\Theresa\Application Data\AVSystemCare
C:\Documents and Settings\Theresa\Application Data\AVSystemCare\avtasks.dat
C:\Documents and Settings\Theresa\Application Data\AVSystemCare\Logs\av.log
C:\Documents and Settings\Theresa\Application Data\AVSystemCare\Logs\ga6Support.log
C:\Documents and Settings\Theresa\Application Data\AVSystemCare\Logs\update.log
C:\Documents and Settings\Theresa\Application Data\AVSystemCare\PGE.dat
C:\Documents and Settings\Theresa\Application Data\ShoppingReport
C:\Documents and Settings\Theresa\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Theresa\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Theresa\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Theresa\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Theresa\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Theresa\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Theresa\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\Theresa\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\Theresa\Application Data\SpamBlockerUtility_Icons\3bSoftware_icon_1.ico
C:\Documents and Settings\Theresa\Application Data\SpamBlockerUtility_Icons\Repair+System+Registry.ico
C:\Documents and Settings\Theresa\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\Theresa\Application Data\WeatherDPA
C:\Documents and Settings\Theresa\Application Data\WeatherDPA\Weather\WeatherStartup.xml
C:\Documents and Settings\Theresa\Cookies\theresa@2o7[1].txt
C:\Documents and Settings\Theresa\Cookies\
[email protected][1].txt
C:\Documents and Settings\Theresa\Cookies\
[email protected][1].txt
C:\Documents and Settings\Theresa\Cookies\
[email protected][2].txt
C:\Documents and Settings\Theresa\Cookies\
[email protected][3].txt
C:\Documents and Settings\Theresa\Cookies\
[email protected][1].txt
C:\Documents and Settings\Theresa\Cookies\
[email protected][2].txt
C:\Documents and Settings\Theresa\Cookies\
[email protected][3].txt
C:\Documents and Settings\Theresa\Cookies\
[email protected][5].txt
C:\Documents and Settings\Theresa\Cookies\theresa@adserver[2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[17].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[18].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[19].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[20].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[21].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[22].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[23].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[24].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[25].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[26].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[27].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[28].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[29].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[30].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[31].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[32].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[33].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[34].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[35].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[36].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[37].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[38].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[39].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[40].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[41].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[42].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[43].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[44].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[45].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[46].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[47].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[48].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[49].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[50].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[51].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[52].txt
C:\Documents and Settings\Theresa\Cookies\theresa@advertising[53].txt
C:\Documents and Settings\Theresa\Cookies\theresa@avsystemcare[2].txt
C:\Documents and Settings\Theresa\Cookies\
[email protected][2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@bidsystem[1].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[1].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[16].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[17].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[18].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[19].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[20].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[21].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[22].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[23].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[24].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[25].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[26].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[27].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[3].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[4].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[5].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[6].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[7].txt
C:\Documents and Settings\Theresa\Cookies\theresa@casalemedia[8].txt
C:\Documents and Settings\Theresa\Cookies\
[email protected][1].txt
C:\Documents and Settings\Theresa\Cookies\
[email protected][3].txt
C:\Documents and Settings\Theresa\Cookies\
[email protected][2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@ebay[2].txt
C:\Documents and Settings\Theresa\Cookies\
[email protected][1].txt
C:\Documents and Settings\Theresa\Cookies\
[email protected][2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@fastclick[5].txt
C:\Documents and Settings\Theresa\Cookies\theresa@insightexpressai[2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@interclick[1].txt
C:\Documents and Settings\Theresa\Cookies\theresa@media6degrees[2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@myheritage[1].txt
C:\Documents and Settings\Theresa\Cookies\theresa@questionmarket[7].txt
C:\Documents and Settings\Theresa\Cookies\theresa@rtm[2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@serving-sys[1].txt
C:\Documents and Settings\Theresa\Cookies\
[email protected][2].txt
C:\Documents and Settings\Theresa\Cookies\
[email protected][1].txt
C:\Documents and Settings\Theresa\Cookies\theresa@trafficmp[1].txt
C:\Documents and Settings\Theresa\Cookies\theresa@trafficmp[2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@turn[2].txt
C:\Documents and Settings\Theresa\Cookies\theresa@vistaprint[2].txt
C:\Documents and Settings\Theresa\Cookies\
[email protected][2].txt
C:\Documents and Settings\Theresa\ResErrors.log
C:\Documents and Settings\Theresa\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Theresa\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Theresa\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive9.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\QdrModule11.exe
C:\Program Files\Screensavers.com
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\Installer\bin\siuninst.exe
C:\Program Files\screensavers.com\Installer\temp\blank.gif
C:\Program Files\screensavers.com\Installer\temp\dm1CE.tmp
C:\Program Files\screensavers.com\Installer\temp\dm1D8.tmp.exe
C:\Program Files\screensavers.com\Installer\temp\stubinstaller.ini
C:\Program Files\screensavers.com\Installer\temp\The_Weather_Channel_Application.exe
C:\Program Files\screensavers.com\Wallpaper\Christmas Tree.jpg
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\UGA6P
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FMTR
((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))
.
2008-09-04 15:11 . 2008-09-04 15:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-13 11:25 . 2008-05-01 09:30 331,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 15:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-20 22:19 --------- d-----w C:\Program Files\AIMTunes
2008-08-04 14:38 --------- d-----w C:\Documents and Settings\Theresa\Application Data\IMVU
2008-07-13 02:18 --------- d-----w C:\Program Files\IMVU
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-03-11 21:03 51,528 ----a-w C:\Documents and Settings\Theresa\Application Data\GDIPFONTCACHEV1.DAT
2007-09-30 18:28 158,752 ----a-w C:\Documents and Settings\Theresa\Application Data\install_en[1].exe
2007-09-29 13:55 59,904 ----a-w C:\Documents and Settings\Guest\wn247.exe
2005-12-16 00:04 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"AOLCC"="C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" [2005-02-09 326232]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-07-16 4670704]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-26 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 57344]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 131072]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2005-04-18 71256]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-02-03 26112]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 99480]
"_AntiSpyware"="C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe" [2004-11-15 114688]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"HostManager"="C:\Program Files\Common Files\AOL\1128019600\ee\AOLSoftware.exe" [2006-09-25 50736]
"AOLSPScheduler"="C:\Program Files\Common Files\AOL\1128019600\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe" [2006-11-20 8784]
"sscRun"="C:\Program Files\Common Files\AOL\1128019600\ee\SSCRun.exe" [2006-11-20 153168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"OASClnt"="C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [2005-08-18 116272]
"EmailScan"="C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [2005-10-19 460336]
"MPFExe"="C:\Program Files\mcafee.com\personal firewall\MPfTray.exe" [2006-03-07 992808]
"AIMWDInstallFilename"="C:\PROGRA~1\AIM\AIMWDI~1.EXE" [2004-01-12 102400]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 C:\WINDOWS\SYSTEM32\NARRATOR.EXE]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-07-30 217195]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-02-03 156784]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 83360]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-08-18 819200]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\
0]
Source= C:\Documents and Settings\Theresa\Desktop\My Pictures\thearcade_ecard_3_small[1].gif
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\Theresa\Desktop\New Folder\monkey.gif
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= C:\Documents and Settings\Theresa\Desktop\matthew.jpg
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source= C:\Documents and Settings\Theresa\Desktop\catie's pics\lost\images[35].jpg
FriendlyName=
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "C:\Program Files\McAfee\McAfee AntiSpyware\MssShell.dll" [2004-11-15 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1128019600\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Theresa\\Desktop\\Documents and Settings\\MySpaceMp3Gopher.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"46215:TCP"= 46215:TCP
ORT_46215
"40778:TCP"= 40778:TCP
ORT_40778
"11654:TCP"= 11654:TCP
ORT_11654
"40144:TCP"= 40144:TCP
ORT_40144
"30972:TCP"= 30972:TCP
ORT_30972
"60011:TCP"= 60011:TCP
ORT_60011
"51905:TCP"= 51905:TCP
ORT_51905
"15846:TCP"= 15846:TCP
ORT_15846
"50408:TCP"= 50408:TCP
ORT_50408
"65213:TCP"= 65213:TCP
ORT_65213
"16985:TCP"= 16985:TCP
ORT_16985
"32061:TCP"= 32061:TCP
ORT_32061
"31293:TCP"= 31293:TCP
ORT_31293
"19970:TCP"= 19970:TCP
ORT_19970
"44790:TCP"= 44790:TCP
ORT_44790
"7953:TCP"= 7953:TCP
ORT_7953
"65370:TCP"= 65370:TCP
ORT_65370
"24094:TCP"= 24094:TCP
ORT_24094
"48135:TCP"= 48135:TCP
ORT_48135
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 51712]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 11648]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-PopularScreensaversWallpaper - C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL
HKCU-Run-Aim6 - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Search Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*
http://www.yahoo.com/ext/search/search.html
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 -: &Search -
http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm824YYUS
O8 -: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 -: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 -: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 -: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 -: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 -: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 -: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 -: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 -: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 -: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmatch.com/mmz/openWebRadio.html
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Theresa\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 -: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {6F0892F7-0D44-41C3-BF07-7599873FAA04} - hxxp://reports.promoreports.com/crystalreportviewers115/ActiveXControls/ActiveXViewer.cab
C:\WINDOWS\Downloaded Program Files\crviewer.inf
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\mfc42u.dll
C:\WINDOWS\Downloaded Program Files\reportparameterdialog.dll
C:\WINDOWS\Downloaded Program Files\CRViewer.dll
C:\WINDOWS\Downloaded Program Files\sviewhlp.dll
C:\WINDOWS\Downloaded Program Files\swebrs.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-09-04 16:32:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\brss01a.exe
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\1128019600\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\ANTIVI~1\McShield.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\COMMON~1\AOL\112801~1\ee\SSCEVT~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-09-04 16:44:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-04 21:44:02
Pre-Run: 55,282,311,168 bytes free
Post-Run: 56,235,798,528 bytes free
434 --- E O F --- 2008-08-14 03:10:43