Error loading / / AppData\Roaming\Adobe\Udate\flacor.dat
The specified module could not be found. The log files for Hijackthis, AVG and mawarebytes follow. Thanks for your help! Doug
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:14 PM, on 5/18/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programs\ZoomIt\ZoomIt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Programs\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Getdo] rundll32.exe "C:\Users\Doug\AppData\Roaming\Adobe\Update\flacor.dat""
O4 - HKCU\..\Run: [Helper] C:\Users\Doug\AppData\Roaming\Helper\bin\liveu.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ZoomIt.exe - Shortcut (2).lnk = C:\Programs\ZoomIt\ZoomIt.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll eNetHook.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
--
End of file - 10225 bytes
=========================================================================
can "Scan whole computer" was finished.
Infections;"49";"40";"9"
Information;"1"
Folders selected for scanning:;"Scan whole computer"
Scan started:;"Wednesday, May 12, 2010, 12:53:39 PM"
Scan finished:;"Wednesday, May 12, 2010, 1:51:59 PM (58 minute(s) 20 second(s))"
Total object scanned:;"585904"
User who launched the scan:;"Doug"
Infections
File;"Infection";"Result"
C:\Windows\system32\taskeng.exe (536):\memory_02b70000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Windows\system32\taskeng.exe (536);"Trojan horse Cryptic.NN";"Reboot is required to finish the action"
C:\Windows\system32\igfxsrvc.exe (1156):\memory_01bc0000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Windows\system32\igfxsrvc.exe (1156);"Trojan horse Cryptic.NN";""
C:\Windows\System32\igfxpers.exe (3524):\memory_01af0000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Windows\System32\igfxpers.exe (3524);"Trojan horse Cryptic.NN";""
C:\Windows\System32\hkcmd.exe (3452):\memory_01e50000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Windows\System32\hkcmd.exe (3452);"Trojan horse Cryptic.NN";""
C:\Windows\system32\Dwm.exe (568):\memory_020e0000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Windows\system32\Dwm.exe (568);"Trojan horse Cryptic.NN";"Reboot is required to finish the action"
C:\Windows\RtHDVCpl.exe (2264):\memory_03270000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Windows\RtHDVCpl.exe (2264);"Trojan horse Cryptic.NN";"Reboot is required to finish the action"
C:\Windows\msacm32.drv;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
C:\Windows\Explorer.EXE (1084):\memory_03ae0000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Windows\Explorer.EXE (1084);"Trojan horse Cryptic.NN";"Reboot is required to finish the action"
C:\Windows\ehome\ehtray.exe (3956):\memory_02b50000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Windows\ehome\ehtray.exe (3956);"Trojan horse Cryptic.NN";""
C:\Windows\ehome\ehmsas.exe (1812):\memory_01000000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Windows\ehome\ehmsas.exe (1812);"Trojan horse Cryptic.NN";"Reboot is required to finish the action"
C:\Users\Doug\AppData\Local\Temp\23631764.nls;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
C:\Users\Doug\AppData\Local\Temp\23631764.nls;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
C:\Users\Doug\AppData\Local\Temp\23631764.nls;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
C:\Users\Doug\AppData\Local\Temp\23631764.nls;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
C:\Users\Doug\AppData\Local\Temp\23631764.nls;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
C:\Users\Doug\AppData\Local\Temp\23631764.nls;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
C:\Users\Doug\AppData\Local\Temp\23631764.nls;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
C:\Users\Doug\AppData\Local\Temp\23631764.nls;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
C:\Users\Doug\AppData\Local\Temp\23631764.nls;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
C:\Users\Doug\AppData\Local\Temp\23631764.nls;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
C:\Programs\ZoomIt\ZoomIt.exe (2456):\memory_01b70000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Programs\ZoomIt\ZoomIt.exe (2456);"Trojan horse Cryptic.NN";""
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (2280):\memory_02120000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (2280);"Trojan horse Cryptic.NN";""
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe (3240):\memory_02a20000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe (3240);"Trojan horse Cryptic.NN";"Reboot is required to finish the action"
C:\Program Files\Launch Manager\LaunchAp.exe (2680):\memory_01c50000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Program Files\Launch Manager\LaunchAp.exe (2680);"Trojan horse Cryptic.NN";""
C:\Program Files\Internet Explorer\iexplore.exe (3996):\memory_00a20000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Program Files\Internet Explorer\iexplore.exe (3996);"Trojan horse Cryptic.NN";"Reboot is required to finish the action"
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (2156):\memory_01c30000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (2156);"Trojan horse Cryptic.NN";"Reboot is required to finish the action"
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (6076):\memory_023e0000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (6076);"Trojan horse Cryptic.NN";"Reboot is required to finish the action"
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (3232):\memory_01cc0000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (3232);"Trojan horse Cryptic.NN";""
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (2520):\memory_01c70000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (2520);"Trojan horse Cryptic.NN";""
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE (3084):\memory_070d0000;"Trojan horse Cryptic.NN";"Object is inaccessible."
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE (3084);"Trojan horse Cryptic.NN";"Reboot is required to finish the action"
Information
File;"Information";"Result"
C:\Acer\Empowering Technology\eRecovery\Autorun\APP\CDMaker\WMFDist.exe;"The file is signed with a broken digital signature, issued by: Microsoft Corporation.";""
==========================================================
Scan started:;"Thursday, May 13, 2010, 5:36:53 PM"
Scan finished:;"Thursday, May 13, 2010, 8:32:40 PM (2 hour(s) 55 minute(s) 46 second(s))"
Total object scanned:;"767705"
User who launched the scan:;"Doug"
Infections
File;"Infection";"Result"
C:\Users\Doug\AppData\Local\Temp\23631764.nls;"Trojan horse Cryptic.NN";"Moved to Virus Vault"
Information
File;"Information";"Result"
D:\System Volume Information\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\LogFiles\WMI\RtBackup\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\systemprofile\AppData\Local\History\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SYSTEM.LOG2;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SYSTEM.LOG1;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SYSTEM;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SOFTWARE.LOG2;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SOFTWARE.LOG1;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SOFTWARE;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SECURITY.LOG2;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SECURITY.LOG1;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SECURITY;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SAM.LOG2;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SAM.LOG1;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\SAM;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\RegBack\SYSTEM;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\RegBack\SOFTWARE;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\RegBack\SECURITY;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\RegBack\SAM;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\RegBack\DEFAULT;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\RegBack\COMPONENTS;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\DEFAULT.LOG2;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\DEFAULT.LOG1;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\DEFAULT;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\COMPONENTS.LOG2;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\COMPONENTS.LOG1;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\config\COMPONENTS;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\catroot2\edb.log;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\cspED94.tmp;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\cspE7A.tmp;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\cspC87A.tmp;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\csp517E.tmp;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat;"Locked file. Not tested.";"Locked file. Not tested."
C:\Windows\bthservsdp.dat;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Public\Documents\My Videos\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Public\Documents\My Pictures\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Public\Documents\My Music\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Doug\ntuser.dat.LOG2;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Doug\ntuser.dat.LOG1;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Doug\ntuser.dat;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Doug\Documents\My Videos\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Doug\Documents\My Pictures\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Doug\Documents\My Music\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Doug\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Doug\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Doug\AppData\Local\Microsoft\Windows\UsrClass.dat;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Doug\AppData\Local\History\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Default\Templates\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Default\Recent\;"Locked file. Not tested.";"Locked file. Not tested."
C:\Users\Default\PrintHood\;"Locked file. Not tested.";"Locked file. Not tested."
===============================================================================
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org
Database version: 4097
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
5/13/2010 3:40:20 PM
mbam-log-2010-05-13 (15-40-20).txt
Scan type: Quick scan
Objects scanned: 127526
Time elapsed: 9 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getdo (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\helper (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Doug\AppData\Roaming\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\wuasirvy.dll (Trojan.Banker) -> Quarantined and deleted successfully.
C:\Windows\rasqervy.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\sdfinacs.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\sdfixwcs.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Doug\AppData\Roaming\Helper\bin\liveu.exe (Trojan.Agent) -> Quarantined and deleted successfully.