Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Hijacker - Difficult to Remove


  • This topic is locked This topic is locked
16 replies to this topic

#1 michaelpc

michaelpc

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 17 November 2009 - 01:43 AM

I've used combofix, malwarebytes, superantispyware, and symantic antivirus as well as a few others (housecall, haxfix, panda) and I'm still plagued. I also get a little yellow box that pops up from the tray that reads "Symantic Antivirus Auto Protect Disabled".

I've attached some logs...

Also if this helps, hijacks have gone to:
hxxp://drconley.com/
hxxp://www.ave99.com/search.php?q=Hijack_Virus

In addition, I think it may have messed with my wifi - I can not connect to my router wirelessly anymore.

Any wisdom appreciated!


Thank you,
Michael

Attached Files


Edited by Orange Blossom, 17 November 2009 - 11:31 PM.
Deactivate links. ~ OB


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 24 November 2009 - 06:35 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 michaelpc

michaelpc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 24 November 2009 - 06:44 PM

Thank you for the reply. Yes, I still have the google hijack problem - it seems isolated to Firefox at the moment. I've used several tools panda, super anti-spyware, mbam, spybod S&D, and probably a few others. They all found something and cleaned up what was found. I then ran them all again until they found nothing to clean - however I still have the issue. I also have symantic anti-virus which is now somewhat crippled. A few minutes after I power on the pc, a yellow box will pop up from the tray and state that the auto-protect disabled. My wifi now doesn't work either.

Thanks for the help!

My reports:


DDS (Ver_09-10-26.01) - NTFSx86
Run by mcampbell at 15:36:54.97 on Tue 11/24/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.497 [GMT -8:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Backblaze\bzserv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\windows\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Backblaze\bzbui.exe
C:\Documents and Settings\mcampbell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\mcampbell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\mcampbell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\mcampbell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\mcampbell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Backblaze\bztransmit.exe
C:\Documents and Settings\mcampbell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\mcampbell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\mcampbell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\mcampbell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\mcampbell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\mcampbell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\mcampbell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\mcampbell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\mcampbell\My Documents\Downloads\Antivirus\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/ig
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Backblaze] "c:\program files\backblaze\bzbui.exe" -quiet
uRun: [Google Update] "c:\documents and settings\mcampbell\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [ScreenPrint32] c:\program files\screenprint32 v3\ScreenPrint32.exe -startup
StartupFolder: c:\docume~1\mcampb~1\startm~1\programs\startup\captur~1.lnk - c:\program files\capturewiz\pro\CaptureWiz.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
uPolicies-explorer: PromptRunasInstallNetPath = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256772607468
Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll
Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll
Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll
Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll
Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - c:\program files\design science\mathplayer\MathMLMimer.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mcampb~1\applic~1\mozilla\firefox\profiles\x43l60y3.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\documents and settings\mcampbell\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-11-18 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-11 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-11 74480]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 bzserv;Backblaze Service;c:\program files\backblaze\bzserv.exe [2009-10-28 217600]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-6-15 115952]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-10-28 102448]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-11 7408]

=============== Created Last 30 ================

2009-11-19 05:03:20 0 d-----w- c:\docume~1\alluse~1\applic~1\GoldWave
2009-11-19 04:33:35 0 d-----w- c:\program files\GoldWave
2009-11-18 18:20:12 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-11-17 21:44:49 0 d-----w- c:\docume~1\mcampb~1\applic~1\PixelMetrics
2009-11-17 21:44:46 0 d-----w- c:\program files\Windows Media Adapter v615
2009-11-17 21:44:46 0 d-----w- C:\PixelMetrics Logs
2009-11-17 21:44:40 0 d-----w- c:\program files\CaptureWiz
2009-11-17 21:35:10 0 d-----w- c:\docume~1\mcampb~1\applic~1\Longfine Software
2009-11-17 21:26:30 0 d-----w- c:\program files\ScreenPrint32 v3
2009-11-17 21:26:20 249856 ------w- c:\windows\Setup1.exe
2009-11-17 21:26:19 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-17 18:54:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-11-17 18:34:52 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 18:34:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-17 18:13:43 0 d-----w- c:\docume~1\mcampb~1\applic~1\AVG8
2009-11-17 05:57:11 0 d-----w- C:\HaxFix
2009-11-17 05:23:44 0 d-sha-r- C:\cmdcons
2009-11-17 05:21:28 77312 ----a-w- c:\windows\MBR.exe
2009-11-17 05:21:27 98816 ----a-w- c:\windows\sed.exe
2009-11-17 05:21:27 260608 ----a-w- c:\windows\PEV.exe
2009-11-17 05:21:27 161792 ----a-w- c:\windows\SWREG.exe
2009-11-17 03:14:32 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-17 03:14:24 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-17 03:14:24 0 d-----w- c:\docume~1\mcampb~1\applic~1\SUPERAntiSpyware.com
2009-11-17 03:14:13 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-17 03:09:26 0 d-----w- c:\program files\Panda Security
2009-11-16 23:15:22 0 ----a-w- c:\windows\Szetigisohuniru.bin
2009-11-16 23:15:21 120 ----a-w- c:\windows\Ydulo.dat
2009-11-11 20:21:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-10 16:54:55 0 d-----w- c:\docume~1\mcampb~1\applic~1\Malwarebytes
2009-11-06 18:25:37 290816 ----a-w- c:\windows\system32\decdll.dll
2009-11-06 18:25:36 0 d-----w- c:\program files\Free Video Converter
2009-11-06 18:25:36 0 d-----w- c:\docume~1\mcampb~1\applic~1\FreeVideoConverter
2009-11-06 18:11:35 0 d-----w- c:\windows\system32\windows media
2009-11-06 18:11:04 0 d--h--w- c:\windows\msdownld.tmp
2009-11-06 18:10:57 0 d-----w- c:\program files\Windows Media Components
2009-11-05 17:42:24 70444 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-04 17:35:40 0 d-----w- c:\program files\Design Science
2009-11-04 05:06:20 0 d-----w- c:\program files\SetFileDate
2009-11-03 19:57:02 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-03 19:57:01 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-03 19:57:01 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-03 19:57:00 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-11-03 00:17:11 0 d-----w- c:\program files\McAfee Security Scan
2009-11-03 00:17:11 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2009-11-02 15:51:05 3251 ----a-w- c:\windows\system32\wbem\Outlook_01ca5bd4492b57f1.mof
2009-11-01 21:57:37 0 d-----w- c:\program files\iPod
2009-11-01 21:57:35 0 d-----w- c:\program files\iTunes
2009-11-01 18:05:18 0 d-----w- c:\docume~1\mcampb~1\applic~1\BitTorrent
2009-11-01 18:05:06 0 d-----w- c:\program files\BitTorrent
2009-10-31 19:46:10 0 d-----w- c:\program files\MSXML 4.0
2009-10-31 01:55:37 0 d-----w- c:\docume~1\mcampb~1\applic~1\Design Science
2009-10-30 21:04:59 0 d-----w- c:\program files\MathType
2009-10-30 16:42:53 7680 --sha-w- c:\windows\Thumbs.db
2009-10-30 16:42:04 3251 ----a-w- c:\windows\system32\wbem\Outlook_01ca597fe91d2bd7.mof
2009-10-29 17:54:19 16384 ----a-w- c:\windows\system32\FileOps.exe
2009-10-29 17:54:18 0 d-----w- c:\windows\system32\Adobe
2009-10-29 17:49:02 0 d-----w- c:\program files\common files\Adobe Systems Shared
2009-10-29 17:47:50 82432 ----a-w- c:\windows\system32\msxml4r.dll
2009-10-29 16:58:10 0 d-----w- C:\Save
2009-10-29 00:16:13 0 d-----w- C:\.bzvol
2009-10-29 00:16:03 0 d-----w- c:\program files\Backblaze
2009-10-29 00:16:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Backblaze
2009-10-29 00:10:49 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-10-29 00:10:49 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2009-10-29 00:10:47 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-10-29 00:10:47 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-10-29 00:09:34 0 d-sh--w- c:\documents and settings\mcampbell\PrivacIE
2009-10-29 00:09:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-10-29 00:09:14 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-10-29 00:08:38 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-10-29 00:08:38 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-10-28 23:46:09 0 d-----w- c:\windows\system32\NtmsData
2009-10-28 23:43:39 0 d-sh--w- c:\documents and settings\mcampbell\IETldCache
2009-10-28 23:39:57 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-28 23:31:39 0 d-----w- c:\windows\ie8updates
2009-10-28 23:31:21 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-28 23:31:20 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-28 23:31:20 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-28 23:31:20 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-28 23:31:19 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-28 23:13:38 0 dc-h--w- c:\windows\ie8
2009-10-28 22:53:58 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat
2009-10-28 22:52:04 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-10-28 22:36:04 0 d-----w- c:\windows\system32\XPSViewer
2009-10-28 22:35:38 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-28 22:35:38 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-28 22:35:38 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-28 22:35:37 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-28 22:35:37 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-28 22:35:37 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-28 22:35:37 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-28 22:35:37 0 d-----w- C:\f59fe0d474751aa62eb1c9774a75
2009-10-28 22:30:36 823 ----a-w- c:\windows\system32\LexFiles.usr
2009-10-28 22:30:36 311296 ----a-w- c:\windows\system32\lexlog.dll
2009-10-28 22:30:36 1358 ----a-w- c:\windows\system32\LexFiles.ulf
2009-10-28 22:30:36 1084 ----a-w- c:\windows\DKAAP2DD.ini
2009-10-28 22:30:36 0 d-----w- c:\program files\Dell_HostCD
2009-10-28 22:01:50 0 d-----w- c:\windows\system32\scripting
2009-10-28 22:01:50 0 d-----w- c:\windows\l2schemas
2009-10-28 22:01:49 0 d-----w- c:\windows\system32\en
2009-10-28 22:01:49 0 d-----w- c:\windows\system32\bits
2009-10-28 21:58:45 0 d-----w- c:\windows\network diagnostic
2009-10-28 21:47:48 0 d-sh--w- c:\documents and settings\mcampbell\UserData
2009-10-28 21:44:58 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-28 21:44:21 0 d-----w- c:\program files\Bonjour
2009-10-28 21:42:18 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-10-28 21:42:18 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-10-28 21:24:05 0 d-----w- c:\program files\IrfanView
2009-10-28 21:23:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 21:23:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 21:23:11 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 21:23:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-28 21:19:40 87808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-28 21:19:40 107696 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-28 21:19:21 0 d-----w- C:\TEMP
2009-10-28 20:55:17 0 d-----w- c:\program files\common files\Deterministic Networks
2009-10-28 20:54:17 1594 ----a-w- c:\windows\VPNUnInstall.MIF
2009-10-28 20:53:42 0 d-----w- c:\windows\Internet Logs
2009-10-28 20:53:14 127376 ----a-w- c:\windows\system32\drivers\dne2000.sys
2009-10-28 20:53:14 101904 ----a-w- c:\windows\system32\dneinobj.dll
2009-10-28 20:53:01 0 d-----w- c:\program files\Cisco Systems
2009-10-28 20:52:57 1594 ----a-w- c:\windows\VPNInstall.MIF
2009-10-28 20:51:38 0 d-----w- c:\program files\Universal Extractor
2009-10-28 20:51:19 0 d-----w- c:\program files\CoreFTP
2009-10-28 20:50:16 0 d-----w- c:\program files\VideoLAN
2009-10-28 20:24:59 97117 ------w- c:\windows\system32\dllcache\mplayer2.hlp
2009-10-28 20:18:13 3251 ----a-w- c:\windows\system32\wbem\Outlook_01ca580bc6660d11.mof
2009-10-28 19:57:29 0 d-----w- C:\Movies
2009-10-28 18:46:39 0 ----a-w- c:\windows\VPC32.INI
2009-10-28 18:38:37 0 d-----w- c:\program files\Symantec
2009-10-28 18:38:34 0 d-----w- c:\program files\Symantec AntiVirus
2009-10-28 18:38:34 0 d-----w- c:\program files\common files\Symantec Shared
2009-10-28 18:38:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2009-10-28 18:35:33 0 d-----w- c:\docume~1\mcampb~1\applic~1\Wave Systems Corp
2009-10-28 18:35:33 0 d-----w- c:\docume~1\mcampb~1\applic~1\Intel
2009-10-28 18:33:29 0 d-----w- c:\windows\SchCache
2009-10-28 18:32:30 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-10-28 18:25:15 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-10-28 18:18:59 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2009-10-28 18:15:56 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-10-28 18:15:55 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-28 18:13:30 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-10-28 18:13:17 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-10-28 18:13:04 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-10-28 18:12:37 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-28 17:33:29 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-10-28 17:32:25 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-10-28 17:31:49 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-28 17:31:49 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-10-28 17:31:49 1203922 ------w- c:\windows\system32\dllcache\sysmain.sdb

==================== Find3M ====================

2009-10-08 21:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 21:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:57:00 220160 ------w- c:\windows\system32\dllcache\oleacc.dll
2009-10-08 21:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 21:56:56 20480 ------w- c:\windows\system32\dllcache\oleaccrc.dll
2009-09-25 05:37:10 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2009-09-25 05:37:09 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-25 05:37:09 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-08-29 08:08:21 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-08-29 08:08:20 5940224 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-08-29 08:08:20 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-08-29 08:08:18 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-08-29 08:08:17 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-08-29 08:08:16 11069440 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-08-29 08:08:13 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

============= FINISH: 15:38:27.80 ===============

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 24 November 2009 - 09:09 PM

Are you able to make an internet connect via LAN? If you are completely without an internet connection then you will have to transfer these tools by flash drive. You will need to immunize the flash drive on the clean computer 1st so as to not infect your clean computer.

==========

Remove Spybot if it is still installed. Turn off all active Antivirus protection on your sick computer too.

==========

I see you have run Combofix unsupervised.....this is ill advised!!

:( This is a complex and powerful tool that should not be used except under the supervision and direction of a malware expert. It can and will render your computer unbootable permanently!! Also realize that in most circumstances a single run of Combofix is ineffective. Specialized scripts will be written specifically directing this program to clean-up based on your logs!! :(

I would like to see your most recent CF logs. You will find them @ C:\ComboFix.txt

==========

:) P2P Warning :)

Your log indicates that you have Bittorent installed.

Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

- They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

- Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

- The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall Bittorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel>> Add / Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


==========


Do this...

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

==========

RKill by Grinler

Link #1
Link #2
Link #3
Link #4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
==========

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

==========

Download ComboFix (by sUBs)

You must rename it before saving it.

Posted Image

Posted Image

Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

    Posted Image

  • Drag the setup package onto "thcbytes.exe" and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image

  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.

==========

With your next post please provide:

* Old Combofix logs
* Exehelper log
* Combofix.txt

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 michaelpc

michaelpc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 24 November 2009 - 09:56 PM

Thanks.

I uninstalled Spybot and bittorrent.

I ran Flash Disenfector - success.

I ran Rkill - success.

Ran exehelper (report below)







exeHelper by Raktor
Build 20091122
Run at 18:45:51 on 11/24/09
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--













Old Combo Fix Log - (I'll upload the new one in the next message)

ComboFix 09-11-18.01 - mcampbell 11/17/2009 9:53.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1304 [GMT -8:00]
Running from: c:\documents and settings\mcampbell\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\mcampbell\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2009-10-17 to 2009-11-17 )))))))))))))))))))))))))))))))
.

2009-11-17 05:57 . 2009-11-17 06:10 -------- d-----w- C:\HaxFix
2009-11-17 03:14 . 2009-11-17 06:10 117760 ----a-w- c:\documents and settings\mcampbell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-17 03:14 . 2009-11-17 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-17 03:14 . 2009-11-17 03:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-17 03:14 . 2009-11-17 03:14 -------- d-----w- c:\documents and settings\mcampbell\Application Data\SUPERAntiSpyware.com
2009-11-17 03:14 . 2009-11-17 03:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-17 03:09 . 2009-11-17 03:09 -------- d-----w- c:\program files\Panda Security
2009-11-17 00:25 . 2009-11-17 00:25 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-16 23:15 . 2009-11-16 23:15 0 ----a-w- c:\windows\Szetigisohuniru.bin
2009-11-16 23:15 . 2009-11-17 05:15 120 ----a-w- c:\windows\Ydulo.dat
2009-11-16 23:11 . 2009-11-16 23:11 64168 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.dll
2009-11-11 20:21 . 2009-11-16 18:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-10 16:54 . 2009-11-10 16:54 -------- d-----w- c:\documents and settings\mcampbell\Application Data\Malwarebytes
2009-11-06 18:25 . 2009-01-22 22:28 290816 ----a-w- c:\windows\system32\decdll.dll
2009-11-06 18:25 . 2009-11-06 18:26 -------- d-----w- c:\program files\Free Video Converter
2009-11-06 18:25 . 2009-11-06 18:25 -------- d-----w- c:\documents and settings\mcampbell\Application Data\FreeVideoConverter
2009-11-06 18:11 . 2009-11-06 18:11 -------- d-----w- c:\windows\system32\windows media
2009-11-06 18:11 . 2009-11-06 18:11 -------- d--h--w- c:\windows\msdownld.tmp
2009-11-06 18:10 . 2009-11-06 18:10 -------- d-----w- c:\program files\Windows Media Components
2009-11-05 17:42 . 2009-11-16 23:37 70444 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-05 00:17 . 2009-11-05 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-04 17:35 . 2009-11-04 17:35 -------- d-----w- c:\program files\Design Science
2009-11-04 05:06 . 2009-11-04 05:06 -------- d-----w- c:\program files\SetFileDate
2009-11-03 19:57 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-03 19:57 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-03 19:57 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-03 19:57 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-11-03 00:17 . 2009-11-03 00:17 -------- d-----w- c:\program files\McAfee Security Scan
2009-11-03 00:17 . 2009-11-03 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-11-01 21:57 . 2009-11-01 21:57 -------- d-----w- c:\program files\iPod
2009-11-01 21:57 . 2009-11-01 21:58 -------- d-----w- c:\program files\iTunes
2009-11-01 21:44 . 2009-11-01 21:44 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-01 19:39 . 2009-11-01 19:39 -------- d-----w- c:\documents and settings\mcampbell\Local Settings\Application Data\Apple
2009-11-01 18:05 . 2009-11-13 23:27 -------- d-----w- c:\documents and settings\mcampbell\Application Data\BitTorrent
2009-11-01 18:05 . 2009-11-01 18:05 -------- d-----w- c:\program files\BitTorrent
2009-11-01 17:28 . 2009-11-06 18:27 -------- d-----w- c:\documents and settings\mcampbell\Application Data\Apple Computer
2009-10-31 19:46 . 2009-10-31 19:46 -------- d-----w- c:\program files\MSXML 4.0
2009-10-31 18:30 . 2009-11-11 21:37 -------- d-----w- c:\documents and settings\mcampbell\Application Data\vlc
2009-10-31 01:55 . 2009-10-31 01:55 -------- d-----w- c:\documents and settings\mcampbell\Application Data\Design Science
2009-10-30 21:04 . 2009-10-30 21:05 -------- d-----w- c:\program files\MathType
2009-10-29 18:35 . 2009-11-03 00:24 -------- d-----w- c:\documents and settings\mcampbell\Application Data\Download Manager
2009-10-29 18:35 . 2009-10-29 18:35 -------- d-----w- c:\windows\Sun
2009-10-29 18:15 . 2009-11-17 01:28 -------- d-----w- c:\documents and settings\mcampbell\Application Data\FileZilla
2009-10-29 18:13 . 2009-10-29 18:13 -------- d-----w- c:\program files\FileZilla FTP Client
2009-10-29 17:54 . 2004-08-17 00:40 16384 ----a-w- c:\windows\system32\FileOps.exe
2009-10-29 17:54 . 2009-10-29 17:54 -------- d-----w- c:\windows\system32\Adobe
2009-10-29 17:50 . 2009-10-29 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-10-29 17:47 . 2009-10-29 17:47 82432 ----a-w- c:\windows\system32\msxml4r.dll
2009-10-29 16:58 . 2009-10-31 23:42 -------- d-----w- C:\Save
2009-10-29 00:20 . 2009-11-16 22:32 -------- d-----w- c:\documents and settings\mcampbell\Local Settings\Application Data\Temp
2009-10-29 00:20 . 2009-10-29 00:20 -------- d-----w- c:\documents and settings\mcampbell\Local Settings\Application Data\Deployment
2009-10-29 00:16 . 2009-10-29 00:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-29 00:16 . 2009-10-29 00:16 -------- d-----w- C:\.bzvol
2009-10-29 00:16 . 2009-10-29 00:16 -------- d-----w- c:\program files\Backblaze
2009-10-29 00:16 . 2009-10-29 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Backblaze
2009-10-29 00:10 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-10-29 00:10 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2009-10-29 00:10 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-10-29 00:10 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-10-29 00:09 . 2009-10-29 00:09 -------- d-sh--w- c:\documents and settings\mcampbell\PrivacIE
2009-10-29 00:08 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-10-29 00:08 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-10-28 23:46 . 2009-11-11 20:01 -------- d-----w- c:\windows\system32\NtmsData
2009-10-28 23:43 . 2009-10-28 23:43 -------- d-sh--w- c:\documents and settings\mcampbell\IETldCache
2009-10-28 23:39 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-28 23:31 . 2009-10-28 23:31 -------- d-----w- c:\windows\ie8updates
2009-10-28 23:31 . 2009-08-29 08:08 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-28 23:31 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-28 23:31 . 2009-08-29 08:08 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-28 23:31 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-28 23:31 . 2009-08-29 08:08 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-28 23:30 . 2009-10-28 23:30 -------- d-sh--w- c:\documents and settings\chrisq\IECompatCache
2009-10-28 23:29 . 2009-10-28 23:29 -------- d-sh--w- c:\documents and settings\chrisq\PrivacIE
2009-10-28 23:28 . 2009-10-28 23:28 -------- d-sh--w- c:\documents and settings\chrisq\IETldCache
2009-10-28 23:14 . 2009-10-28 23:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-10-28 23:13 . 2009-10-28 23:14 -------- dc-h--w- c:\windows\ie8
2009-10-28 22:51 . 2009-10-28 22:51 -------- d-sh--w- c:\documents and settings\chrisq\UserData
2009-10-28 22:36 . 2009-10-28 22:36 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-28 22:36 . 2009-10-28 22:36 -------- d-----w- c:\program files\MSBuild
2009-10-28 22:35 . 2009-10-28 22:35 -------- d-----w- c:\program files\Reference Assemblies
2009-10-28 22:35 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-28 22:35 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-28 22:35 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-28 22:35 . 2009-10-28 22:35 -------- d-----w- C:\f59fe0d474751aa62eb1c9774a75
2009-10-28 22:35 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-28 22:35 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-28 22:35 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-28 22:35 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-28 22:30 . 2009-10-28 22:30 -------- d-----w- c:\program files\Dell_HostCD
2009-10-28 22:30 . 2004-01-23 16:57 311296 ----a-w- c:\windows\system32\lexlog.dll
2009-10-28 22:01 . 2009-10-28 22:01 -------- d-----w- c:\windows\system32\scripting
2009-10-28 22:01 . 2009-10-28 22:01 -------- d-----w- c:\windows\l2schemas
2009-10-28 22:01 . 2009-10-28 22:01 -------- d-----w- c:\windows\system32\en
2009-10-28 22:01 . 2009-10-28 22:01 -------- d-----w- c:\windows\system32\bits
2009-10-28 21:47 . 2009-10-28 21:47 -------- d-sh--w- c:\documents and settings\mcampbell\UserData
2009-10-28 21:44 . 2009-10-28 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-28 21:44 . 2009-10-28 21:44 -------- d-----w- c:\documents and settings\chrisq\Application Data\Apple Computer
2009-10-28 21:44 . 2009-10-28 21:44 -------- d-----w- c:\program files\Bonjour
2009-10-28 21:43 . 2009-10-28 21:44 -------- d-----w- c:\program files\QuickTime
2009-10-28 21:42 . 2009-10-28 21:42 -------- d-----w- c:\program files\Apple Software Update
2009-10-28 21:42 . 2009-10-28 21:42 -------- d-----w- c:\documents and settings\chrisq\Local Settings\Application Data\Apple
2009-10-28 21:42 . 2009-08-29 02:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-10-28 21:42 . 2009-08-29 02:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-10-28 21:33 . 2009-10-28 21:33 -------- d-----w- c:\documents and settings\mcampbell\Local Settings\Application Data\Mozilla
2009-10-28 21:24 . 2009-10-28 21:24 0 ----a-w- c:\windows\nsreg.dat
2009-10-28 21:24 . 2009-10-28 21:24 -------- d-----w- c:\documents and settings\chrisq\Local Settings\Application Data\Mozilla
2009-10-28 21:24 . 2009-11-17 17:45 -------- d-----w- c:\program files\IrfanView
2009-10-28 21:23 . 2009-10-28 21:23 -------- d-----w- c:\documents and settings\chrisq\Application Data\Malwarebytes
2009-10-28 21:23 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 21:23 . 2009-10-28 21:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 21:23 . 2009-10-28 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-28 21:23 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 21:19 . 2006-05-05 23:19 87808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-28 21:19 . 2006-05-05 23:19 107696 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-28 21:19 . 2009-10-28 21:21 -------- d-----w- C:\TEMP
2009-10-28 20:55 . 2009-10-28 20:55 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2009-10-28 20:53 . 2009-10-28 20:53 -------- d-----w- c:\windows\Internet Logs
2009-10-28 20:53 . 2007-01-31 20:45 101904 ----a-w- c:\windows\system32\dneinobj.dll
2009-10-28 20:53 . 2007-01-31 20:45 127376 ----a-w- c:\windows\system32\drivers\dne2000.sys
2009-10-28 20:53 . 2009-10-28 20:53 -------- d-----w- c:\program files\Cisco Systems
2009-10-28 20:51 . 2009-10-28 20:51 -------- d-----w- c:\program files\Universal Extractor
2009-10-28 20:51 . 2009-10-28 20:51 -------- d-----w- c:\program files\CoreFTP
2009-10-28 20:50 . 2009-10-28 20:50 -------- d-----w- c:\program files\VideoLAN
2009-10-28 20:49 . 2009-10-28 20:49 -------- d-----w- c:\documents and settings\chrisq\Local Settings\Application Data\Symantec
2009-10-28 20:24 . 2008-04-14 00:12 4639 ------w- c:\windows\system32\dllcache\mplayer2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-12 18:46 . 2008-05-18 19:30 84344 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 09:00 . 2009-11-16 22:22 84912 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\NAVENG.SYS
2009-11-11 09:00 . 2009-11-16 22:22 259440 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\ECMSVR32.DLL
2009-11-11 09:00 . 2009-11-16 22:22 177520 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\NAVENG32.DLL
2009-11-11 09:00 . 2009-11-16 22:22 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\NAVEX32A.DLL
2009-11-11 09:00 . 2009-11-16 22:22 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\NAVEX15.SYS
2009-11-11 09:00 . 2009-11-16 22:22 84912 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\NAVENG.SYS
2009-11-11 09:00 . 2009-11-16 22:22 259440 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\ECMSVR32.DLL
2009-11-11 09:00 . 2009-11-16 22:22 177520 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\NAVENG32.DLL
2009-11-11 09:00 . 2009-11-16 22:22 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\NAVEX32A.DLL
2009-11-11 09:00 . 2009-11-16 22:22 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\NAVEX15.SYS
2009-11-03 00:35 . 2008-05-18 19:26 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-01 21:57 . 2008-05-28 21:43 -------- d-----w- c:\program files\Common Files\Apple
2009-11-01 21:30 . 2008-05-28 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-29 17:49 . 2009-10-29 17:49 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-10-29 17:45 . 2008-05-18 18:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-29 15:46 . 2008-05-18 19:28 -------- d-----w- c:\program files\Google
2009-10-29 00:09 . 2009-10-29 00:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-10-29 00:09 . 2009-10-29 00:09 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-10-28 22:03 . 2004-08-11 22:14 88319 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-28 21:44 . 2008-05-28 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-14 00:06 . 2009-11-16 22:22 371248 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\EECTRL.SYS
2009-10-14 00:06 . 2009-11-16 22:22 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\CCERASER.DLL
2009-10-14 00:06 . 2009-11-16 22:22 102448 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\ERASER.SYS
2009-10-14 00:06 . 2009-11-16 22:22 371248 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\EECTRL.SYS
2009-10-14 00:06 . 2009-11-16 22:22 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\CCERASER.DLL
2009-10-14 00:06 . 2009-11-16 22:22 102448 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\ERASER.SYS
2009-10-08 21:57 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 21:57 . 2004-08-11 22:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:56 . 2004-08-11 22:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-09-25 05:37 . 2009-09-25 05:37 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2004-08-11 22:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-11 22:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-11 22:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-11-17_05.38.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-11 22:00 . 2009-11-17 05:18 72978 c:\windows\system32\perfc009.dat
+ 2004-08-11 22:00 . 2009-11-17 05:41 72978 c:\windows\system32\perfc009.dat
+ 2008-05-28 16:33 . 2009-11-17 05:37 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-28 16:33 . 2009-11-17 05:14 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-28 16:33 . 2009-11-17 05:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-28 16:33 . 2009-11-17 05:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-11-17 00:25 . 2009-11-17 05:14 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-11-17 00:25 . 2009-11-17 05:37 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2008-05-28 16:33 . 2009-11-17 05:37 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-05-28 16:33 . 2009-11-17 05:14 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-11 22:00 . 2009-11-17 05:41 445938 c:\windows\system32\perfh009.dat
- 2004-08-11 22:00 . 2009-11-17 05:18 445938 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Backblaze"="c:\program files\Backblaze\bzbui.exe" [2009-10-29 416768]
"Google Update"="c:\documents and settings\mcampbell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-29 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-11 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-25 53408]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-10-09 100888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-5-28 113664]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"PromptRunasInstallNetPath"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk
backup=c:\windows\pss\SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 10:44 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 10:44 AM 74480]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 11:21 AM 79432]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/15/2006 12:40 AM 115952]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 9:32 AM 97536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [10/28/2009 1:40 PM 102448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 10:44 AM 7408]
S2 bzserv;Backblaze Service;c:\program files\Backblaze\bzserv.exe [10/28/2009 4:16 PM 217600]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-11-11 c:\windows\Tasks\backup.job
- c:\windows\system32\ntbackup.exe [2004-08-11 00:12]

2009-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321466456-79445294-927750060-8024Core.job
- c:\documents and settings\mcampbell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-29 00:20]

2009-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321466456-79445294-927750060-8024UA.job
- c:\documents and settings\mcampbell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-29 00:20]

2009-11-17 c:\windows\Tasks\User_Feed_Synchronization-{A7A5D478-78DE-44BA-9677-61CE98018850}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\mcampbell\Application Data\Mozilla\Firefox\Profiles\x43l60y3.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\documents and settings\mcampbell\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\documents and settings\mcampbell\My Documents\Downloads\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-17 10:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A750170]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9ef3852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1784)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(1848)
c:\windows\system32\WININET.dll
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(232)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-11-17 10:08
ComboFix-quarantined-files.txt 2009-11-17 18:08
ComboFix2.txt 2009-11-17 05:45

Pre-Run: 269,286,813,696 bytes free
Post-Run: 269,272,686,592 bytes free

- - End Of File - - 71D68C69D996F88960215ADFE8CFC433

#6 michaelpc

michaelpc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 24 November 2009 - 10:21 PM

The google hijack is still in effect.

The LAN does work, wifi doesn't.



Latest ComboFix report below:





ComboFix 09-11-24.02 - mcampbell 11/24/2009 19:03.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1426 [GMT -8:00]
Running from: c:\documents and settings\mcampbell\My Documents\Downloads\Antivirus\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-10-25 to 2009-11-25 )))))))))))))))))))))))))))))))
.

2009-11-25 02:44 . 2009-11-25 02:44 -------- d--h--w- c:\windows\PIF
2009-11-19 05:03 . 2009-11-19 05:03 -------- d-----w- c:\documents and settings\All Users\Application Data\GoldWave
2009-11-19 05:03 . 2009-09-26 17:00 496640 ----a-w- c:\documents and settings\All Users\Application Data\GoldWave\lame_enc.dll
2009-11-19 04:33 . 2009-11-19 04:33 -------- d-----w- c:\program files\GoldWave
2009-11-18 18:20 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-11-17 21:44 . 2009-11-17 21:44 -------- d-----w- c:\documents and settings\mcampbell\Application Data\PixelMetrics
2009-11-17 21:44 . 2009-11-17 21:44 -------- d-----w- c:\program files\Windows Media Adapter v615
2009-11-17 21:44 . 2009-11-17 21:44 -------- d-----w- C:\PixelMetrics Logs
2009-11-17 21:44 . 2009-11-17 21:44 -------- d-----w- c:\program files\CaptureWiz
2009-11-17 21:35 . 2009-11-17 21:35 -------- d-----w- c:\documents and settings\mcampbell\Application Data\Longfine Software
2009-11-17 21:26 . 2009-11-17 21:34 -------- d-----w- c:\program files\ScreenPrint32 v3
2009-11-17 21:26 . 2009-11-17 21:26 249856 ------w- c:\windows\Setup1.exe
2009-11-17 21:26 . 2009-11-17 21:26 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-17 18:54 . 2009-11-17 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-11-17 18:34 . 2009-11-25 02:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 18:34 . 2009-11-25 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-17 18:13 . 2009-11-17 18:13 -------- d-----w- c:\documents and settings\mcampbell\Application Data\AVG8
2009-11-17 05:57 . 2009-11-17 06:10 -------- d-----w- C:\HaxFix
2009-11-17 03:14 . 2009-11-17 06:10 117760 ----a-w- c:\documents and settings\mcampbell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-17 03:14 . 2009-11-17 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-17 03:14 . 2009-11-17 03:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-17 03:14 . 2009-11-17 03:14 -------- d-----w- c:\documents and settings\mcampbell\Application Data\SUPERAntiSpyware.com
2009-11-17 03:14 . 2009-11-17 03:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-17 03:09 . 2009-11-17 03:09 -------- d-----w- c:\program files\Panda Security
2009-11-17 00:25 . 2009-11-17 00:25 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-16 23:15 . 2009-11-16 23:15 0 ----a-w- c:\windows\Szetigisohuniru.bin
2009-11-16 23:15 . 2009-11-17 05:15 120 ----a-w- c:\windows\Ydulo.dat
2009-11-16 23:11 . 2009-11-16 23:11 64168 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.dll
2009-11-11 20:21 . 2009-11-16 18:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-10 16:54 . 2009-11-10 16:54 -------- d-----w- c:\documents and settings\mcampbell\Application Data\Malwarebytes
2009-11-06 18:25 . 2009-01-22 22:28 290816 ----a-w- c:\windows\system32\decdll.dll
2009-11-06 18:25 . 2009-11-06 18:26 -------- d-----w- c:\program files\Free Video Converter
2009-11-06 18:25 . 2009-11-06 18:25 -------- d-----w- c:\documents and settings\mcampbell\Application Data\FreeVideoConverter
2009-11-06 18:11 . 2009-11-06 18:11 -------- d-----w- c:\windows\system32\windows media
2009-11-06 18:11 . 2009-11-06 18:11 -------- d--h--w- c:\windows\msdownld.tmp
2009-11-06 18:10 . 2009-11-06 18:10 -------- d-----w- c:\program files\Windows Media Components
2009-11-05 17:42 . 2009-11-16 23:37 70444 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-05 00:17 . 2009-11-05 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-04 17:35 . 2009-11-04 17:35 -------- d-----w- c:\program files\Design Science
2009-11-04 05:06 . 2009-11-04 05:06 -------- d-----w- c:\program files\SetFileDate
2009-11-03 19:57 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-03 19:57 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-03 19:57 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-03 19:57 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-11-03 00:17 . 2009-11-03 00:17 -------- d-----w- c:\program files\McAfee Security Scan
2009-11-03 00:17 . 2009-11-03 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-11-01 21:57 . 2009-11-01 21:57 -------- d-----w- c:\program files\iPod
2009-11-01 21:57 . 2009-11-01 21:58 -------- d-----w- c:\program files\iTunes
2009-11-01 21:44 . 2009-11-01 21:44 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-01 19:39 . 2009-11-01 19:39 -------- d-----w- c:\documents and settings\mcampbell\Local Settings\Application Data\Apple
2009-11-01 17:28 . 2009-11-06 18:27 -------- d-----w- c:\documents and settings\mcampbell\Application Data\Apple Computer
2009-10-31 19:46 . 2009-10-31 19:46 -------- d-----w- c:\program files\MSXML 4.0
2009-10-31 18:30 . 2009-11-11 21:37 -------- d-----w- c:\documents and settings\mcampbell\Application Data\vlc
2009-10-31 01:55 . 2009-10-31 01:55 -------- d-----w- c:\documents and settings\mcampbell\Application Data\Design Science
2009-10-30 21:04 . 2009-10-30 21:05 -------- d-----w- c:\program files\MathType
2009-10-29 18:35 . 2009-11-03 00:24 -------- d-----w- c:\documents and settings\mcampbell\Application Data\Download Manager
2009-10-29 18:35 . 2009-10-29 18:35 -------- d-----w- c:\windows\Sun
2009-10-29 18:15 . 2009-11-20 23:39 -------- d-----w- c:\documents and settings\mcampbell\Application Data\FileZilla
2009-10-29 18:13 . 2009-10-29 18:13 -------- d-----w- c:\program files\FileZilla FTP Client
2009-10-29 17:54 . 2004-08-17 00:40 16384 ----a-w- c:\windows\system32\FileOps.exe
2009-10-29 17:54 . 2009-10-29 17:54 -------- d-----w- c:\windows\system32\Adobe
2009-10-29 17:50 . 2009-10-29 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-10-29 17:47 . 2009-10-29 17:47 82432 ----a-w- c:\windows\system32\msxml4r.dll
2009-10-29 16:58 . 2009-10-31 23:42 -------- d-----w- C:\Save
2009-10-29 00:20 . 2009-11-16 22:32 -------- d-----w- c:\documents and settings\mcampbell\Local Settings\Application Data\Temp
2009-10-29 00:20 . 2009-10-29 00:20 -------- d-----w- c:\documents and settings\mcampbell\Local Settings\Application Data\Deployment
2009-10-29 00:16 . 2009-10-29 00:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-29 00:16 . 2009-10-29 00:16 -------- d-----w- C:\.bzvol
2009-10-29 00:16 . 2009-10-29 00:16 -------- d-----w- c:\program files\Backblaze
2009-10-29 00:16 . 2009-10-29 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Backblaze
2009-10-29 00:10 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-10-29 00:10 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2009-10-29 00:10 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-10-29 00:10 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-10-29 00:09 . 2009-10-29 00:09 -------- d-sh--w- c:\documents and settings\mcampbell\PrivacIE
2009-10-29 00:08 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-10-29 00:08 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-10-28 23:46 . 2009-11-11 20:01 -------- d-----w- c:\windows\system32\NtmsData
2009-10-28 23:43 . 2009-10-28 23:43 -------- d-sh--w- c:\documents and settings\mcampbell\IETldCache
2009-10-28 23:39 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-28 23:31 . 2009-10-28 23:31 -------- d-----w- c:\windows\ie8updates
2009-10-28 23:31 . 2009-08-29 08:08 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-28 23:31 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-28 23:31 . 2009-08-29 08:08 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-28 23:31 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-28 23:31 . 2009-08-29 08:08 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-28 23:30 . 2009-10-28 23:30 -------- d-sh--w- c:\documents and settings\chrisq\IECompatCache
2009-10-28 23:29 . 2009-10-28 23:29 -------- d-sh--w- c:\documents and settings\chrisq\PrivacIE
2009-10-28 23:28 . 2009-10-28 23:28 -------- d-sh--w- c:\documents and settings\chrisq\IETldCache
2009-10-28 23:14 . 2009-10-28 23:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-10-28 23:13 . 2009-10-28 23:14 -------- dc-h--w- c:\windows\ie8
2009-10-28 22:51 . 2009-10-28 22:51 -------- d-sh--w- c:\documents and settings\chrisq\UserData
2009-10-28 22:36 . 2009-10-28 22:36 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-28 22:36 . 2009-10-28 22:36 -------- d-----w- c:\program files\MSBuild
2009-10-28 22:35 . 2009-10-28 22:35 -------- d-----w- c:\program files\Reference Assemblies
2009-10-28 22:35 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-28 22:35 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-28 22:35 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-28 22:35 . 2009-10-28 22:35 -------- d-----w- C:\f59fe0d474751aa62eb1c9774a75
2009-10-28 22:35 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-28 22:35 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-28 22:35 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-28 22:35 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-28 22:30 . 2009-10-28 22:30 -------- d-----w- c:\program files\Dell_HostCD
2009-10-28 22:30 . 2004-01-23 16:57 311296 ----a-w- c:\windows\system32\lexlog.dll
2009-10-28 22:01 . 2009-10-28 22:01 -------- d-----w- c:\windows\system32\scripting
2009-10-28 22:01 . 2009-10-28 22:01 -------- d-----w- c:\windows\l2schemas
2009-10-28 22:01 . 2009-10-28 22:01 -------- d-----w- c:\windows\system32\en
2009-10-28 22:01 . 2009-10-28 22:01 -------- d-----w- c:\windows\system32\bits
2009-10-28 21:44 . 2009-10-28 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-28 21:44 . 2009-10-28 21:44 -------- d-----w- c:\documents and settings\chrisq\Application Data\Apple Computer
2009-10-28 21:44 . 2009-10-28 21:44 -------- d-----w- c:\program files\Bonjour
2009-10-28 21:43 . 2009-10-28 21:44 -------- d-----w- c:\program files\QuickTime
2009-10-28 21:42 . 2009-10-28 21:42 -------- d-----w- c:\program files\Apple Software Update
2009-10-28 21:42 . 2009-10-28 21:42 -------- d-----w- c:\documents and settings\chrisq\Local Settings\Application Data\Apple
2009-10-28 21:42 . 2009-08-29 02:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-10-28 21:42 . 2009-08-29 02:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-10-28 21:33 . 2009-10-28 21:33 -------- d-----w- c:\documents and settings\mcampbell\Local Settings\Application Data\Mozilla
2009-10-28 21:24 . 2009-10-28 21:24 0 ----a-w- c:\windows\nsreg.dat
2009-10-28 21:24 . 2009-10-28 21:24 -------- d-----w- c:\documents and settings\chrisq\Local Settings\Application Data\Mozilla
2009-10-28 21:24 . 2009-11-17 17:45 -------- d-----w- c:\program files\IrfanView
2009-10-28 21:23 . 2009-10-28 21:23 -------- d-----w- c:\documents and settings\chrisq\Application Data\Malwarebytes
2009-10-28 21:23 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 21:23 . 2009-10-28 21:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 21:23 . 2009-10-28 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-12 18:46 . 2008-05-18 19:30 84344 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 09:00 . 2009-11-16 22:22 84912 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\NAVENG.SYS
2009-11-11 09:00 . 2009-11-16 22:22 259440 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\ECMSVR32.DLL
2009-11-11 09:00 . 2009-11-16 22:22 177520 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\NAVENG32.DLL
2009-11-11 09:00 . 2009-11-16 22:22 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\NAVEX32A.DLL
2009-11-11 09:00 . 2009-11-16 22:22 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\NAVEX15.SYS
2009-11-11 09:00 . 2009-11-16 22:22 84912 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\NAVENG.SYS
2009-11-11 09:00 . 2009-11-16 22:22 259440 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\ECMSVR32.DLL
2009-11-11 09:00 . 2009-11-16 22:22 177520 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\NAVENG32.DLL
2009-11-11 09:00 . 2009-11-16 22:22 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\NAVEX32A.DLL
2009-11-11 09:00 . 2009-11-16 22:22 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\NAVEX15.SYS
2009-11-03 00:35 . 2008-05-18 19:26 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-01 21:57 . 2008-05-28 21:43 -------- d-----w- c:\program files\Common Files\Apple
2009-11-01 21:30 . 2008-05-28 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-29 17:49 . 2009-10-29 17:49 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-10-29 17:45 . 2008-05-18 18:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-29 15:46 . 2008-05-18 19:28 -------- d-----w- c:\program files\Google
2009-10-29 00:09 . 2009-10-29 00:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-10-29 00:09 . 2009-10-29 00:09 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-10-28 22:03 . 2004-08-11 22:14 88319 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-28 21:44 . 2008-05-28 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-10-14 00:06 . 2009-11-16 22:22 371248 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\EECTRL.SYS
2009-10-14 00:06 . 2009-11-16 22:22 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\CCERASER.DLL
2009-10-14 00:06 . 2009-11-16 22:22 102448 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\ERASER.SYS
2009-10-14 00:06 . 2009-11-16 22:22 371248 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\EECTRL.SYS
2009-10-14 00:06 . 2009-11-16 22:22 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\CCERASER.DLL
2009-10-14 00:06 . 2009-11-16 22:22 102448 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\ERASER.SYS
2009-10-08 21:57 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 21:57 . 2004-08-11 22:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:56 . 2004-08-11 22:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-09-25 05:37 . 2009-09-25 05:37 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2004-08-11 22:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-11 22:00 916480 ------w- c:\windows\system32\wininet.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\System32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-11-17_05.38.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-11 22:00 . 2009-11-25 02:53 72978 c:\windows\system32\perfc009.dat
- 2004-08-11 22:00 . 2009-11-17 05:18 72978 c:\windows\system32\perfc009.dat
+ 2008-05-28 16:33 . 2009-11-25 02:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-28 16:33 . 2009-11-17 05:14 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-28 16:33 . 2009-11-17 05:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-28 16:33 . 2009-11-25 02:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-11-17 00:25 . 2009-11-25 02:48 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-11-17 00:25 . 2009-11-17 05:14 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2008-05-28 16:33 . 2009-11-17 05:14 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-28 16:33 . 2009-11-25 02:48 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2000-07-15 08:00 . 2000-07-15 08:00 101888 c:\windows\system32\VB6STKIT.DLL
- 2004-08-11 22:00 . 2009-11-17 05:18 445938 c:\windows\system32\perfh009.dat
+ 2004-08-11 22:00 . 2009-11-25 02:53 445938 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Backblaze"="c:\program files\Backblaze\bzbui.exe" [2009-10-29 416768]
"Google Update"="c:\documents and settings\mcampbell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-29 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-25 53408]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-10-09 100888]

c:\documents and settings\mcampbell\Start Menu\Programs\Startup\
CaptureWiz.lnk - c:\program files\CaptureWiz\Pro\CaptureWiz.exe [2009-11-17 3086528]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-5-28 113664]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"PromptRunasInstallNetPath"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk
backup=c:\windows\pss\SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [11/18/2009 10:20 AM 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 10:44 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 10:44 AM 74480]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 11:21 AM 79432]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/15/2006 12:40 AM 115952]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 9:32 AM 97536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [10/28/2009 1:40 PM 102448]
S2 bzserv;Backblaze Service;c:\program files\Backblaze\bzserv.exe [10/28/2009 4:16 PM 217600]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 10:44 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-11-11 c:\windows\Tasks\backup.job
- c:\windows\system32\ntbackup.exe [2004-08-11 00:12]

2009-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321466456-79445294-927750060-8024Core.job
- c:\documents and settings\mcampbell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-29 00:20]

2009-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321466456-79445294-927750060-8024UA.job
- c:\documents and settings\mcampbell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-29 00:20]

2009-11-17 c:\windows\Tasks\User_Feed_Synchronization-{A7A5D478-78DE-44BA-9677-61CE98018850}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\mcampbell\Application Data\Mozilla\Firefox\Profiles\x43l60y3.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\documents and settings\mcampbell\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ScreenPrint32 - c:\program files\ScreenPrint32 v3\ScreenPrint32.exe
AddRemove-CaptureWiz - c:\program files\CaptureWiz\Pro\CaptureWiz.exe uninstal
AddRemove-GoldWave v5.55 - c:\program files\GoldWave\unstall.exe GoldWave v5.55
AddRemove-{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} - c:\program files\Apoint\Uninstap.exe ADDREMOVE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-24 19:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A774170]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9ef3852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1788)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(1856)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1632)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-11-24 19:17
ComboFix-quarantined-files.txt 2009-11-25 03:17
ComboFix2.txt 2009-11-17 18:08
ComboFix3.txt 2009-11-17 05:45

Pre-Run: 272,874,889,216 bytes free
Post-Run: 273,021,087,744 bytes free

- - End Of File - - 57CBF40AC0D771CD4B7EC21E8E0E9B0C

#7 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 24 November 2009 - 11:34 PM

Well done. :(

==========

It has come to my attention that you have posted for help with your computer at another forum.

Geekstogo

Although we understand you wish your problems to be addressed as soon as possible, there are reasons why multi-posting causes problems.

* By Multi-Posting you are utilizing the time of two (or more) trained helpers.

Helpers take a long time to train. They need a great deal of expertise and knowledge to be able to safely remove Malware from your computer and because of this are in short supply. We wish to use them to help the maximum number of people, and if they are researching the log of someone who is already being helped, then their time and effort is going to waste.

Understandably this causes a certain amount of bad feeling.

o From the helper who has needlessly spent time researching your log and compiling and posting instructions.
o From others who have to wait longer for their problems to be addressed.

* Advice from two separate helpers can cause problems.

Different helpers may use different methods to combat your infection. Whilst each in isolation is safe, that may not be so if you follow the advice of both together. Some of the tools we use are very powerful and have to be used in a specific way and in some cases do not combine well with others. By using advice from two different sources it is possible that tools may be used that do not combine well and you may severely damage your computer, even rendering it inoperable in some circumstances.


  • If you wish to continue here, please notify the other forums so they can close your threads.
  • If you wish to be helped elsewhere let me know so I can close your thread here.
If I do not hear back from you on this matter within 24 hours, this thread will be closed.


Lets continue.........

==========

Re-run RKill

==========


:( Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::
c:\windows\ServicePackFiles\i386\eventlog.dll | c:\windows\system32\eventlog.dll

FileLook::
C:\Windows\System32\drivers\atapi.sys
C:\Windows\System32\drivers\iaStor.sys

SRPeek::
C:\Windows\System32\drivers\atapi.sys
C:\Windows\System32\drivers\iaStor.sys

File::
c:\windows\Szetigisohuniru.bin
c:\windows\Ydulo.dat


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Re-run RKill

==========

Please rerun MBAM.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
    • Update Malwarebytes' Anti-Malware <--- Important!!
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
==========

With your next post please provide:

* Will you continue with me or Geekstogo?
* Combofix.txt
* MBAM log
* Gooredfix.txt
* Still getting redirected?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#8 michaelpc

michaelpc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 25 November 2009 - 12:14 AM

Thank you again!

I added notes to the other forum to disregard. Thanks for the reminder.

I ran through all of the requests - the hijack still persists however something did seem to change with symantic - I rebooted after the last step (goored) and when it came back Symantic was alive and reported that it found and quarantined a trojan. I tried to find the log or note but I couldn't.

Anyway, the reports you asked for:




GooredFix by jpshortstuff (09.11.09.1)
Log created at 21:04 on 24/11/2009 (mcampbell)
Firefox version 3.5.5 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:44 28/05/2008]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [22:36 28/10/2009]

---------- Old Logs ----------
GooredFix[19.53.16_17-11-2009].txt

-=E.O.F=-








Malwarebytes' Anti-Malware 1.41
Database version: 3226
Windows 5.1.2600 Service Pack 3

11/24/2009 9:03:33 PM
mbam-log-2009-11-24 (21-03-33).txt

Scan type: Quick Scan
Objects scanned: 140779
Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)















ComboFix 09-11-24.02 - mcampbell 11/24/2009 20:43.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1375 [GMT -8:00]
Running from: c:\documents and settings\mcampbell\My Documents\Downloads\Antivirus\ComboFix.exe
Command switches used :: c:\documents and settings\mcampbell\My Documents\Downloads\Antivirus\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FILE ::
"c:\windows\Szetigisohuniru.bin"
"c:\windows\Ydulo.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Szetigisohuniru.bin
c:\windows\Ydulo.dat

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\eventlog.dll --> c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((( Files Created from 2009-10-25 to 2009-11-25 )))))))))))))))))))))))))))))))
.

2009-11-25 04:43 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\eventlog.dll
2009-11-25 04:43 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\dllcache\eventlog.dll
2009-11-25 02:44 . 2009-11-25 02:44 -------- d--h--w- c:\windows\PIF
2009-11-19 05:03 . 2009-11-19 05:03 -------- d-----w- c:\documents and settings\All Users\Application Data\GoldWave
2009-11-19 05:03 . 2009-09-26 17:00 496640 ----a-w- c:\documents and settings\All Users\Application Data\GoldWave\lame_enc.dll
2009-11-19 04:33 . 2009-11-19 04:33 -------- d-----w- c:\program files\GoldWave
2009-11-18 18:20 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-11-17 21:44 . 2009-11-17 21:44 -------- d-----w- c:\documents and settings\mcampbell\Application Data\PixelMetrics
2009-11-17 21:44 . 2009-11-17 21:44 -------- d-----w- c:\program files\Windows Media Adapter v615
2009-11-17 21:44 . 2009-11-17 21:44 -------- d-----w- C:\PixelMetrics Logs
2009-11-17 21:44 . 2009-11-17 21:44 -------- d-----w- c:\program files\CaptureWiz
2009-11-17 21:35 . 2009-11-17 21:35 -------- d-----w- c:\documents and settings\mcampbell\Application Data\Longfine Software
2009-11-17 21:26 . 2009-11-17 21:34 -------- d-----w- c:\program files\ScreenPrint32 v3
2009-11-17 21:26 . 2009-11-17 21:26 249856 ------w- c:\windows\Setup1.exe
2009-11-17 21:26 . 2009-11-17 21:26 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-17 18:54 . 2009-11-17 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-11-17 18:34 . 2009-11-25 02:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 18:34 . 2009-11-25 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-17 18:13 . 2009-11-17 18:13 -------- d-----w- c:\documents and settings\mcampbell\Application Data\AVG8
2009-11-17 05:57 . 2009-11-17 06:10 -------- d-----w- C:\HaxFix
2009-11-17 03:14 . 2009-11-17 06:10 117760 ----a-w- c:\documents and settings\mcampbell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-17 03:14 . 2009-11-17 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-17 03:14 . 2009-11-17 03:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-17 03:14 . 2009-11-17 03:14 -------- d-----w- c:\documents and settings\mcampbell\Application Data\SUPERAntiSpyware.com
2009-11-17 03:14 . 2009-11-17 03:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-17 03:09 . 2009-11-17 03:09 -------- d-----w- c:\program files\Panda Security
2009-11-17 00:25 . 2009-11-17 00:25 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-16 23:11 . 2009-11-16 23:11 64168 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.dll
2009-11-11 20:21 . 2009-11-16 18:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-10 16:54 . 2009-11-10 16:54 -------- d-----w- c:\documents and settings\mcampbell\Application Data\Malwarebytes
2009-11-06 18:25 . 2009-01-22 22:28 290816 ----a-w- c:\windows\system32\decdll.dll
2009-11-06 18:25 . 2009-11-06 18:26 -------- d-----w- c:\program files\Free Video Converter
2009-11-06 18:25 . 2009-11-06 18:25 -------- d-----w- c:\documents and settings\mcampbell\Application Data\FreeVideoConverter
2009-11-06 18:11 . 2009-11-06 18:11 -------- d-----w- c:\windows\system32\windows media
2009-11-06 18:11 . 2009-11-06 18:11 -------- d--h--w- c:\windows\msdownld.tmp
2009-11-06 18:10 . 2009-11-06 18:10 -------- d-----w- c:\program files\Windows Media Components
2009-11-05 17:42 . 2009-11-16 23:37 70444 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-05 00:17 . 2009-11-05 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-04 17:35 . 2009-11-04 17:35 -------- d-----w- c:\program files\Design Science
2009-11-04 05:06 . 2009-11-04 05:06 -------- d-----w- c:\program files\SetFileDate
2009-11-03 19:57 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-03 19:57 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-03 19:57 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-03 19:57 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-11-03 00:17 . 2009-11-03 00:17 -------- d-----w- c:\program files\McAfee Security Scan
2009-11-03 00:17 . 2009-11-03 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-11-01 21:57 . 2009-11-01 21:57 -------- d-----w- c:\program files\iPod
2009-11-01 21:57 . 2009-11-01 21:58 -------- d-----w- c:\program files\iTunes
2009-11-01 21:44 . 2009-11-01 21:44 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-01 19:39 . 2009-11-01 19:39 -------- d-----w- c:\documents and settings\mcampbell\Local Settings\Application Data\Apple
2009-11-01 17:28 . 2009-11-06 18:27 -------- d-----w- c:\documents and settings\mcampbell\Application Data\Apple Computer
2009-10-31 19:46 . 2009-10-31 19:46 -------- d-----w- c:\program files\MSXML 4.0
2009-10-31 18:30 . 2009-11-11 21:37 -------- d-----w- c:\documents and settings\mcampbell\Application Data\vlc
2009-10-31 01:55 . 2009-10-31 01:55 -------- d-----w- c:\documents and settings\mcampbell\Application Data\Design Science
2009-10-30 21:04 . 2009-10-30 21:05 -------- d-----w- c:\program files\MathType
2009-10-29 18:35 . 2009-11-03 00:24 -------- d-----w- c:\documents and settings\mcampbell\Application Data\Download Manager
2009-10-29 18:35 . 2009-10-29 18:35 -------- d-----w- c:\windows\Sun
2009-10-29 18:15 . 2009-11-20 23:39 -------- d-----w- c:\documents and settings\mcampbell\Application Data\FileZilla
2009-10-29 18:13 . 2009-10-29 18:13 -------- d-----w- c:\program files\FileZilla FTP Client
2009-10-29 17:54 . 2004-08-17 00:40 16384 ----a-w- c:\windows\system32\FileOps.exe
2009-10-29 17:54 . 2009-10-29 17:54 -------- d-----w- c:\windows\system32\Adobe
2009-10-29 17:50 . 2009-10-29 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-10-29 17:47 . 2009-10-29 17:47 82432 ----a-w- c:\windows\system32\msxml4r.dll
2009-10-29 16:58 . 2009-10-31 23:42 -------- d-----w- C:\Save
2009-10-29 00:20 . 2009-11-16 22:32 -------- d-----w- c:\documents and settings\mcampbell\Local Settings\Application Data\Temp
2009-10-29 00:20 . 2009-10-29 00:20 -------- d-----w- c:\documents and settings\mcampbell\Local Settings\Application Data\Deployment
2009-10-29 00:16 . 2009-10-29 00:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-29 00:16 . 2009-10-29 00:16 -------- d-----w- C:\.bzvol
2009-10-29 00:16 . 2009-10-29 00:16 -------- d-----w- c:\program files\Backblaze
2009-10-29 00:16 . 2009-10-29 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Backblaze
2009-10-29 00:10 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-10-29 00:10 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2009-10-29 00:10 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-10-29 00:10 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-10-29 00:09 . 2009-10-29 00:09 -------- d-sh--w- c:\documents and settings\mcampbell\PrivacIE
2009-10-29 00:08 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-10-29 00:08 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-10-28 23:46 . 2009-11-11 20:01 -------- d-----w- c:\windows\system32\NtmsData
2009-10-28 23:43 . 2009-10-28 23:43 -------- d-sh--w- c:\documents and settings\mcampbell\IETldCache
2009-10-28 23:39 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-28 23:31 . 2009-10-28 23:31 -------- d-----w- c:\windows\ie8updates
2009-10-28 23:31 . 2009-08-29 08:08 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-28 23:31 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-28 23:31 . 2009-08-29 08:08 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-28 23:31 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-28 23:31 . 2009-08-29 08:08 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-28 23:30 . 2009-10-28 23:30 -------- d-sh--w- c:\documents and settings\chrisq\IECompatCache
2009-10-28 23:29 . 2009-10-28 23:29 -------- d-sh--w- c:\documents and settings\chrisq\PrivacIE
2009-10-28 23:28 . 2009-10-28 23:28 -------- d-sh--w- c:\documents and settings\chrisq\IETldCache
2009-10-28 23:14 . 2009-10-28 23:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-10-28 23:13 . 2009-10-28 23:14 -------- dc-h--w- c:\windows\ie8
2009-10-28 22:51 . 2009-10-28 22:51 -------- d-sh--w- c:\documents and settings\chrisq\UserData
2009-10-28 22:36 . 2009-10-28 22:36 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-28 22:36 . 2009-10-28 22:36 -------- d-----w- c:\program files\MSBuild
2009-10-28 22:35 . 2009-10-28 22:35 -------- d-----w- c:\program files\Reference Assemblies
2009-10-28 22:35 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-28 22:35 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-28 22:35 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-28 22:35 . 2009-10-28 22:35 -------- d-----w- C:\f59fe0d474751aa62eb1c9774a75
2009-10-28 22:35 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-28 22:35 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-28 22:35 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-28 22:35 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-28 22:30 . 2009-10-28 22:30 -------- d-----w- c:\program files\Dell_HostCD
2009-10-28 22:30 . 2004-01-23 16:57 311296 ----a-w- c:\windows\system32\lexlog.dll
2009-10-28 22:01 . 2009-10-28 22:01 -------- d-----w- c:\windows\system32\scripting
2009-10-28 22:01 . 2009-10-28 22:01 -------- d-----w- c:\windows\l2schemas
2009-10-28 22:01 . 2009-10-28 22:01 -------- d-----w- c:\windows\system32\en
2009-10-28 22:01 . 2009-10-28 22:01 -------- d-----w- c:\windows\system32\bits
2009-10-28 21:44 . 2009-10-28 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-28 21:44 . 2009-10-28 21:44 -------- d-----w- c:\documents and settings\chrisq\Application Data\Apple Computer
2009-10-28 21:44 . 2009-10-28 21:44 -------- d-----w- c:\program files\Bonjour
2009-10-28 21:43 . 2009-10-28 21:44 -------- d-----w- c:\program files\QuickTime
2009-10-28 21:42 . 2009-10-28 21:42 -------- d-----w- c:\program files\Apple Software Update
2009-10-28 21:42 . 2009-10-28 21:42 -------- d-----w- c:\documents and settings\chrisq\Local Settings\Application Data\Apple
2009-10-28 21:42 . 2009-08-29 02:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-10-28 21:42 . 2009-08-29 02:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-10-28 21:33 . 2009-10-28 21:33 -------- d-----w- c:\documents and settings\mcampbell\Local Settings\Application Data\Mozilla
2009-10-28 21:24 . 2009-10-28 21:24 0 ----a-w- c:\windows\nsreg.dat
2009-10-28 21:24 . 2009-10-28 21:24 -------- d-----w- c:\documents and settings\chrisq\Local Settings\Application Data\Mozilla
2009-10-28 21:24 . 2009-11-17 17:45 -------- d-----w- c:\program files\IrfanView
2009-10-28 21:23 . 2009-10-28 21:23 -------- d-----w- c:\documents and settings\chrisq\Application Data\Malwarebytes
2009-10-28 21:23 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 21:23 . 2009-10-28 21:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 21:23 . 2009-10-28 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-12 18:46 . 2008-05-18 19:30 84344 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 09:00 . 2009-11-16 22:22 84912 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\NAVENG.SYS
2009-11-11 09:00 . 2009-11-16 22:22 259440 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\ECMSVR32.DLL
2009-11-11 09:00 . 2009-11-16 22:22 177520 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\NAVENG32.DLL
2009-11-11 09:00 . 2009-11-16 22:22 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\NAVEX32A.DLL
2009-11-11 09:00 . 2009-11-16 22:22 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\NAVEX15.SYS
2009-11-11 09:00 . 2009-11-16 22:22 84912 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\NAVENG.SYS
2009-11-11 09:00 . 2009-11-16 22:22 259440 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\ECMSVR32.DLL
2009-11-11 09:00 . 2009-11-16 22:22 177520 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\NAVENG32.DLL
2009-11-11 09:00 . 2009-11-16 22:22 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\NAVEX32A.DLL
2009-11-11 09:00 . 2009-11-16 22:22 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\NAVEX15.SYS
2009-11-03 00:35 . 2008-05-18 19:26 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-01 21:57 . 2008-05-28 21:43 -------- d-----w- c:\program files\Common Files\Apple
2009-11-01 21:30 . 2008-05-28 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-29 17:49 . 2009-10-29 17:49 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-10-29 17:45 . 2008-05-18 18:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-29 15:46 . 2008-05-18 19:28 -------- d-----w- c:\program files\Google
2009-10-29 00:09 . 2009-10-29 00:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-10-29 00:09 . 2009-10-29 00:09 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-10-28 22:03 . 2004-08-11 22:14 88319 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-28 21:44 . 2008-05-28 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-10-14 00:06 . 2009-11-16 22:22 371248 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\EECTRL.SYS
2009-10-14 00:06 . 2009-11-16 22:22 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\CCERASER.DLL
2009-10-14 00:06 . 2009-11-16 22:22 102448 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\ERASER.SYS
2009-10-14 00:06 . 2009-11-16 22:22 371248 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\EECTRL.SYS
2009-10-14 00:06 . 2009-11-16 22:22 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\CCERASER.DLL
2009-10-14 00:06 . 2009-11-16 22:22 102448 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\ERASER.SYS
2009-10-08 21:57 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 21:57 . 2004-08-11 22:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:56 . 2004-08-11 22:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-09-25 05:37 . 2009-09-25 05:37 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2004-08-11 22:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-11 22:00 916480 ------w- c:\windows\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\System32\drivers\atapi.sys ---
Company: Microsoft Corporation
File Description: IDE/ATAPI Port Driver
File Version: 5.1.2600.5512 (xpsp.080413-2108)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: atapi.sys
File size: 96512
Created time: 2004-08-04 03:59
Modified time: 2008-04-13 18:40
MD5: 9F3A2F5AA6875C72BF062C712CFA2674
SHA1: A719156E8AD67456556A02C34E762944234E7A44


(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

[7] 9F3A2F5AA6875C72BF062C712CFA2674 96512 c:\windows\ERDNT\cache\atapi.sys
[7] 9F3A2F5AA6875C72BF062C712CFA2674 96512 \RP2\A0000493.sys
[7] 9F3A2F5AA6875C72BF062C712CFA2674 96512 \RP3\A0007939.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-11-17_05.38.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-11 22:00 . 2009-11-25 02:53 72978 c:\windows\system32\perfc009.dat
- 2004-08-11 22:00 . 2009-11-17 05:18 72978 c:\windows\system32\perfc009.dat
+ 2008-05-28 16:33 . 2009-11-25 02:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-28 16:33 . 2009-11-17 05:14 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-28 16:33 . 2009-11-17 05:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-28 16:33 . 2009-11-25 02:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-11-17 00:25 . 2009-11-25 02:48 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-11-17 00:25 . 2009-11-17 05:14 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2008-05-28 16:33 . 2009-11-17 05:14 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-28 16:33 . 2009-11-25 02:48 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2000-07-15 08:00 . 2000-07-15 08:00 101888 c:\windows\system32\VB6STKIT.DLL
- 2004-08-11 22:00 . 2009-11-17 05:18 445938 c:\windows\system32\perfh009.dat
+ 2004-08-11 22:00 . 2009-11-25 02:53 445938 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Backblaze"="c:\program files\Backblaze\bzbui.exe" [2009-10-29 416768]
"Google Update"="c:\documents and settings\mcampbell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-29 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-25 53408]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-10-09 100888]

c:\documents and settings\mcampbell\Start Menu\Programs\Startup\
CaptureWiz.lnk - c:\program files\CaptureWiz\Pro\CaptureWiz.exe [2009-11-17 3086528]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-5-28 113664]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"PromptRunasInstallNetPath"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk
backup=c:\windows\pss\SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [11/18/2009 10:20 AM 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 10:44 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 10:44 AM 74480]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 11:21 AM 79432]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/15/2006 12:40 AM 115952]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 9:32 AM 97536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [10/28/2009 1:40 PM 102448]
S2 bzserv;Backblaze Service;c:\program files\Backblaze\bzserv.exe [10/28/2009 4:16 PM 217600]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 10:44 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-11-11 c:\windows\Tasks\backup.job
- c:\windows\system32\ntbackup.exe [2004-08-11 00:12]

2009-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321466456-79445294-927750060-8024Core.job
- c:\documents and settings\mcampbell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-29 00:20]

2009-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321466456-79445294-927750060-8024UA.job
- c:\documents and settings\mcampbell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-29 00:20]

2009-11-17 c:\windows\Tasks\User_Feed_Synchronization-{A7A5D478-78DE-44BA-9677-61CE98018850}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\mcampbell\Application Data\Mozilla\Firefox\Profiles\x43l60y3.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\documents and settings\mcampbell\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-24 20:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A774170]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9ef3852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1788)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(1856)
c:\windows\system32\WININET.dll
.
Completion time: 2009-11-24 20:57
ComboFix-quarantined-files.txt 2009-11-25 04:57
ComboFix2.txt 2009-11-25 03:17
ComboFix3.txt 2009-11-17 18:08
ComboFix4.txt 2009-11-17 05:45

Pre-Run: 273,021,702,144 bytes free
Post-Run: 273,007,022,080 bytes free

- - End Of File - - E5E29FFA6D7042CF7405F53CA7C2D2AA

#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 25 November 2009 - 12:36 AM

Let's continue... :(
  • Please run this special tool.
    • Download TDSSKiller.rar and save it to your desktop.
    • Extract the rar file to your desktop.
    • Double click on TDSSKiller.exe to run it.
    • When it finished press any key to continue.
    • If needed reboot the computer.
  • Go to Start => Run and copy/paste the following line and click OK.

    cmd /c mbr.exe -t >log.txt&start log.txt

    A log file opens. Please post the content to your reply.
==========

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *atapi.sys
    *iaStor.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

==========

With your next post please provide:

* Log.txt
* Systemlook log
* Are you still getting redirected?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#10 michaelpc

michaelpc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 25 November 2009 - 01:21 AM

Whoa! It seems to be fixed, AND my wifi is back! Wow. I'm so thankful!!!

Reports below. What was it??



SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 22:11 on 24/11/2009 by mcampbell (Administrator - Elevation successful)

========== filefind ==========

Searching for "*atapi.sys"
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c 95360 bytes [21:56 28/10/2009] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 96512 bytes [05:41 17/11/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------ 96512 bytes [20:24 28/10/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\dllcache\atapi.sys --a--- 96512 bytes [03:59 04/08/2004] [19:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys --a--- 96512 bytes [03:59 04/08/2004] [19:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys --a--- 95360 bytes [18:42 18/05/2008] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys --a--- 95360 bytes [18:43 18/05/2008] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

Searching for "*iaStor.sys"
No files found.

-=End Of File=-



Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 25 November 2009 - 09:58 AM

Nasty rootkit!! Very new and quite a problem. Invisible to most all standard detection methods. Info here.

==========

:( Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! :(

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::
C:\WINDOWS\ServicePackFiles\i386\atapi.sys | C:\WINDOWS\system32\drivers\atapi.sys


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


==========

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
==========

Right click and delete your current copy of OTL from Geekstogo please.

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.Posted Image
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
==========

With your next post please provide:

* Combofix.txt
* ESET log
* OTL.txt
* Extra.txt
* How's it running?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 michaelpc

michaelpc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 25 November 2009 - 01:25 PM

Thank you again.

The hijack is gone and everything seems to be running great.

Reports attached (save for ESET - nothing to report and it didn't generate a report)

Combofix report in next reply


OTL Extras logfile created on: 11/25/2009 10:15:34 AM - Run 1
OTL by OldTimer - Version 3.1.10.1 Folder = C:\Documents and Settings\mcampbell\My Documents\Downloads\Antivirus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.45% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 6044 6044 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 254.09 Gb Free Space | 85.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 12102.87 Gb Total Space | 7147.52 Gb Free Space | 59.06% Space Free | Partition Type: NTFS
Drive R: | 200.00 Gb Total Space | 58.29 Gb Free Space | 29.14% Space Free | Partition Type: NTFS
Drive Z: | 200.00 Gb Total Space | 58.29 Gb Free Space | 29.14% Space Free | Partition Type: NTFS

Computer Name: DESIGN-2224
Current User Name: mcampbell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-321466456-79445294-927750060-8024\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Cisco Systems VPN Client 5.0.01.0600
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}" = Symantec AntiVirus
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AAB061B3-99A6-4EE5-93F4-6EB1F60295C4}" = Adobe Production Studio
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B3B7836C-A1AD-4A56-811C-C18ABDE5EAAD}" = Adobe Video Suite Extras
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B74D4E10-0000-0000-0000-EDED00000102}" = Adobe ExtendScript Toolkit 1.0
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.0 Standard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Backblaze" = Backblaze
"Barracuda Networks Outlook Plugin_is1" = Barracuda Networks Outlook Plugin 0.9d
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Core FTP LE 2.1" = Core FTP LE 2.1
"Dell_HostCD" = Dell Printer Software Uninstall
"DSMT6" = MathType 6
"FileZilla Client" = FileZilla Client 3.2.8.1
"Free Video Converter_is1" = Free Video Converter V 2.3
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"ProInst" = Intel® PROSet/Wireless Software
"SetFileDate_is1" = SetFileDate 2.0
"Universal Extractor_is1" = Universal Extractor 1.5
"VLC media player" = VLC media player 1.0.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-321466456-79445294-927750060-8024\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/3/2009 8:10:06 PM | Computer Name = DESIGN-2224 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8307.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/3/2009 8:10:07 PM | Computer Name = DESIGN-2224 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8307.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/3/2009 8:54:06 PM | Computer Name = DESIGN-2224 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8307.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/4/2009 3:19:50 AM | Computer Name = DESIGN-2224 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 11/4/2009 12:18:44 PM | Computer Name = DESIGN-2224 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 11/4/2009 1:55:02 PM | Computer Name = DESIGN-2224 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 11/4/2009 3:55:11 PM | Computer Name = DESIGN-2224 | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 1248 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 11/4/2009 3:55:11 PM | Computer Name = DESIGN-2224 | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 11/4/2009 9:54:28 PM | Computer Name = DESIGN-2224 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 11/5/2009 12:09:37 PM | Computer Name = DESIGN-2224 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ System Events ]
Error - 11/15/2009 2:32:49 PM | Computer Name = DESIGN-2224 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 11/15/2009 3:02:49 PM | Computer Name = DESIGN-2224 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 11/15/2009 4:02:50 PM | Computer Name = DESIGN-2224 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 11/15/2009 4:35:41 PM | Computer Name = DESIGN-2224 | Source = PlugPlayManager | ID = 12
Description = The device 'Broadcom NetXtreme 57xx Gigabit Controller' (PCI\VEN_14E4&DEV_1673&SUBSYS_01F91028&REV_02\4&1e93a591&0&00E5)
disappeared from the system without first being prepared for removal.

Error - 11/15/2009 4:36:28 PM | Computer Name = DESIGN-2224 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.103 for the Network Card with network
address 001B77D8C542 has been denied by the DHCP server 192.168.180.1 (The DHCP
Server sent a DHCPNACK message).

Error - 11/15/2009 4:36:35 PM | Computer Name = DESIGN-2224 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 11/15/2009 4:52:28 PM | Computer Name = DESIGN-2224 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 11/15/2009 4:52:32 PM | Computer Name = DESIGN-2224 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 11/15/2009 5:07:35 PM | Computer Name = DESIGN-2224 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 11/15/2009 5:37:35 PM | Computer Name = DESIGN-2224 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.


< End of report >















OTL logfile created on: 11/25/2009 10:15:33 AM - Run 1
OTL by OldTimer - Version 3.1.10.1 Folder = C:\Documents and Settings\mcampbell\My Documents\Downloads\Antivirus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.45% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 6044 6044 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 254.09 Gb Free Space | 85.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 12102.87 Gb Total Space | 7147.52 Gb Free Space | 59.06% Space Free | Partition Type: NTFS
Drive R: | 200.00 Gb Total Space | 58.29 Gb Free Space | 29.14% Space Free | Partition Type: NTFS
Drive Z: | 200.00 Gb Total Space | 58.29 Gb Free Space | 29.14% Space Free | Partition Type: NTFS

Computer Name: DESIGN-2224
Current User Name: mcampbell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/25 10:03:33 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcampbell\My Documents\Downloads\Antivirus\OTL.exe
PRC - [2009/11/11 15:11:40 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/11/11 15:11:40 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/11/11 15:11:40 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/11/11 15:11:40 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/28 16:16:12 | 01,704,960 | ---- | M] () -- C:\Program Files\Backblaze\bztransmit.exe
PRC - [2009/10/28 16:16:12 | 00,217,600 | ---- | M] () -- C:\Program Files\Backblaze\bzserv.exe
PRC - [2009/10/26 15:45:46 | 00,542,272 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/27 16:19:10 | 00,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/02/06 02:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/22 09:40:20 | 00,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/07/25 13:41:42 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 13:32:34 | 00,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 13:29:38 | 00,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/07/25 13:22:44 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/07/16 10:58:02 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/01/01 13:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/12/19 11:21:48 | 00,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/09/11 01:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/06/15 00:40:34 | 00,124,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/06/15 00:40:28 | 00,115,952 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2006/06/15 00:40:24 | 01,805,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/06/15 00:40:16 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/04/11 16:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/03/24 16:14:58 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/03/24 16:14:52 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/03/24 16:14:48 | 00,053,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe


========== Modules (SafeList) ==========

MOD - [2009/11/25 10:03:33 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcampbell\My Documents\Downloads\Antivirus\OTL.exe
MOD - [2008/04/13 16:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 16:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/30 09:21:31 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/29 09:49:02 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/28 16:16:12 | 00,217,600 | ---- | M] () -- C:\Program Files\Backblaze\bzserv.exe -- (bzserv)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/02/22 09:40:20 | 00,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/07/25 13:41:42 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/07/25 13:32:34 | 00,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/07/25 13:29:38 | 00,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/07/25 13:22:44 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/07/16 10:58:02 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/07/11 06:33:28 | 00,069,632 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/12/19 11:21:48 | 00,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2006/10/26 11:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/06/15 00:40:28 | 00,115,952 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/06/15 00:40:24 | 01,805,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/06/15 00:40:16 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/04/11 16:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/03/24 16:14:58 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/03/24 16:14:52 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/02/23 10:41:02 | 02,045,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/01/24 19:06:58 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)


========== Driver Services (SafeList) ==========

DRV - File not found -- -- (catchme)
DRV - [2009/11/25 09:00:16 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091125.018\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/11/25 09:00:16 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091125.018\NAVENG.SYS -- (NAVENG)
DRV - [2009/11/11 10:44:50 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/11 10:44:48 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/11 10:44:46 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/10/13 16:06:48 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl)
DRV - [2009/10/13 16:06:48 | 00,102,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/06/30 09:37:16 | 00,028,552 | ---- | M] (Panda Security, S.L.) -- C:\windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/05/18 11:01:54 | 00,021,393 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2008/04/13 10:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\windows\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 10:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\windows\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 08:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/05 14:24:44 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/12/02 15:26:28 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2007/12/02 15:26:22 | 00,989,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 15:26:20 | 00,731,136 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 15:26:20 | 00,211,200 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/28 13:18:24 | 00,062,208 | ---- | M] (O2Micro) -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/09 05:09:02 | 00,032,280 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/10/09 05:09:00 | 00,032,152 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/08/12 15:05:34 | 02,211,456 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/07/26 00:00:00 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/07/23 12:05:20 | 00,009,104 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 12:04:58 | 00,037,360 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 12:04:56 | 00,098,448 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 12:04:56 | 00,093,552 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 12:04:54 | 00,027,216 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 12:04:52 | 00,032,848 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 12:04:52 | 00,016,304 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 12:04:50 | 00,108,752 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 11:55:44 | 00,099,808 | ---- | M] (Sonic Solutions) -- C:\windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/07/23 11:49:44 | 00,030,064 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 11:49:44 | 00,014,576 | ---- | M] (Roxio) -- C:\windows\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/07/23 11:43:42 | 00,052,000 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/07/16 10:57:12 | 00,306,299 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/05/29 12:29:30 | 00,012,416 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/18 08:45:40 | 05,707,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/04/26 11:29:30 | 00,041,856 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/04/26 11:29:28 | 00,073,600 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/04/26 11:29:28 | 00,064,896 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/04/26 11:29:28 | 00,018,612 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2007/04/26 11:29:26 | 00,113,920 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/04/26 11:29:26 | 00,036,480 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/04/26 11:29:24 | 00,041,600 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2007/04/26 11:29:24 | 00,003,712 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2007/03/12 20:26:06 | 00,160,256 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/17 03:00:42 | 00,132,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/01/31 12:45:06 | 00,127,376 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 14:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/12/19 11:21:52 | 00,010,480 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/11/02 09:32:32 | 00,097,536 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2006/05/05 15:19:50 | 00,107,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/04/11 16:13:34 | 00,389,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/01/24 19:06:36 | 00,195,776 | ---- | M] (Symantec Corporation) -- C:\windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/01/24 19:06:32 | 00,024,768 | ---- | M] (Symantec Corporation) -- C:\windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/12/19 19:41:58 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 19:41:56 | 00,337,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/08/12 13:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\windows\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/01/26 08:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/08/04 02:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 19:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 11:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\windows\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 11:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\windows\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 11:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\windows\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 11:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\windows\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 11:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\windows\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 10:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\windows\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 10:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\windows\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 10:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\windows\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 10:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\windows\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 10:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\windows\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 10:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\windows\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 10:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\windows\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 10:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\windows\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 10:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\windows\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 10:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\windows\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 09:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4080518
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4080518


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4080518
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4080518
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-321466456-79445294-927750060-8024\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-321466456-79445294-927750060-8024\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-321466456-79445294-927750060-8024\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-321466456-79445294-927750060-8024\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig
IE - HKU\S-1-5-21-321466456-79445294-927750060-8024\S-1-5-21-321466456-79445294-927750060-8024\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.startup.homepage: "http://google.com/ig"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.3
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/28 15:01:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/10 08:40:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/10 08:40:14 | 00,000,000 | ---D | M]

[2009/10/28 13:36:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\Mozilla\Extensions
[2009/10/28 13:36:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/24 10:41:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\Mozilla\Firefox\Profiles\x43l60y3.default\extensions
[2009/10/28 16:32:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\Mozilla\Firefox\Profiles\x43l60y3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/02 16:59:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\Mozilla\Firefox\Profiles\x43l60y3.default\extensions\firebug@software.joehewitt.com
[2009/11/10 08:42:19 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/10 08:40:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/10 08:40:06 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/10 08:40:06 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/30 15:29:22 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/11/10 08:40:09 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/10/28 13:44:03 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/10/28 13:44:03 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/10/28 13:44:03 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/10/28 13:44:03 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/10/28 13:44:03 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/10/28 13:44:03 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/10/28 13:44:03 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/10/16 09:58:44 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/16 09:58:44 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/16 09:58:44 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/16 09:58:44 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/16 09:58:44 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/16 09:58:44 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/11/10 09:06:14 | 00,000,875 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-321466456-79445294-927750060-8024\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-321466456-79445294-927750060-8024..\Run: [Backblaze] C:\Program Files\Backblaze\bzbui.exe ()
O4 - HKU\S-1-5-21-321466456-79445294-927750060-8024..\Run: [Google Update] C:\Documents and Settings\mcampbell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-321466456-79445294-927750060-8024..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\mcampbell\Start Menu\Programs\Startup\CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe (PixelMetrics)
O4 - Startup: C:\Documents and Settings\Old mcampbell Profile\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Old mcampbell Profile\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = JAKKS Usage Policy
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = [String data over 1000 bytes]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-321466456-79445294-927750060-8024\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-321466456-79445294-927750060-8024\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-321466456-79445294-927750060-8024\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1
O7 - HKU\S-1-5-21-321466456-79445294-927750060-8024\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-321466456-79445294-927750060-8024\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-321466456-79445294-927750060-8024_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1256772607468 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.126.22 192.168.125.98
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jakkspacificinc.local
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\windows\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 14:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/11/24 18:42:59 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/25 08:47:36 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/25 08:44:58 | 00,000,000 | ---D | C] -- C:\windows\temp
[2009/11/25 08:34:56 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/11/24 20:43:30 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eventlog.dll
[2009/11/24 20:43:30 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\eventlog.dll
[2009/11/24 18:44:21 | 00,000,000 | -H-D | C] -- C:\windows\PIF
[2009/11/24 18:42:59 | 00,000,000 | R--D | C] -- C:\autorun.inf
[2009/11/24 10:08:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Desktop\prepme_files
[2009/11/19 17:14:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Desktop\Final UFC ads_
[2009/11/19 17:14:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Desktop\Final UFC ads
[2009/11/19 17:13:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Desktop\UFC Ads
[2009/11/18 21:03:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GoldWave
[2009/11/18 20:33:35 | 00,000,000 | ---D | C] -- C:\Program Files\GoldWave
[2009/11/18 19:46:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Desktop\Scripts
[2009/11/18 15:46:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Desktop\UFC Approvals
[2009/11/18 10:20:12 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\windows\System32\drivers\pavboot.sys
[2009/11/17 13:44:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\My Documents\CaptureWiz
[2009/11/17 13:44:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Application Data\PixelMetrics
[2009/11/17 13:44:46 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Adapter v615
[2009/11/17 13:44:46 | 00,000,000 | ---D | C] -- C:\PixelMetrics Logs
[2009/11/17 13:44:40 | 00,000,000 | ---D | C] -- C:\Program Files\CaptureWiz
[2009/11/17 13:35:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Application Data\Longfine Software
[2009/11/17 13:35:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\My Documents\Easy Screen Capture
[2009/11/17 13:28:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Desktop\Hello Kitty Screen Caps
[2009/11/17 13:26:30 | 00,000,000 | ---D | C] -- C:\Program Files\ScreenPrint32 v3
[2009/11/17 13:26:20 | 00,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\Setup1.exe
[2009/11/17 13:26:19 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\ST6UNST.EXE
[2009/11/17 13:25:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Desktop\Screen Capture
[2009/11/17 11:53:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Desktop\GooredFix Backups
[2009/11/17 10:54:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/11/17 10:34:52 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/17 10:34:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/11/17 10:13:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Application Data\AVG8
[2009/11/16 21:57:11 | 00,000,000 | ---D | C] -- C:\HaxFix
[2009/11/16 21:23:44 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/16 21:21:28 | 00,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2009/11/16 21:21:27 | 00,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2009/11/16 21:21:27 | 00,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2009/11/16 21:21:27 | 00,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2009/11/16 21:20:45 | 00,000,000 | ---D | C] -- C:\windows\ERDNT
[2009/11/16 21:20:08 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/16 19:14:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/11/16 19:14:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Application Data\SUPERAntiSpyware.com
[2009/11/16 19:14:24 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/11/16 19:14:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/11/16 19:09:26 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/11/13 13:25:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Application Data\WinRAR
[2009/11/13 13:20:47 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/11/13 11:26:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Desktop\Walmart
[2009/11/12 10:45:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Desktop\fonts
[2009/11/11 10:43:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Desktop\Headers & Brand Pages
[2009/11/10 08:54:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Application Data\Malwarebytes
[2009/11/06 10:25:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Application Data\FreeVideoConverter
[2009/11/06 10:25:36 | 00,000,000 | ---D | C] -- C:\Program Files\Free Video Converter
[2009/11/06 10:21:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\My Documents\Emicsoft Studio
[2009/11/06 10:11:35 | 00,000,000 | ---D | C] -- C:\windows\System32\windows media
[2009/11/06 10:11:04 | 00,000,000 | -H-D | C] -- C:\windows\msdownld.tmp
[2009/11/06 10:10:57 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2009/11/05 13:17:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\My Documents\Updater5
[2009/11/04 16:17:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/11/04 09:35:40 | 00,000,000 | ---D | C] -- C:\Program Files\Design Science
[2009/11/03 21:06:20 | 00,000,000 | ---D | C] -- C:\Program Files\SetFileDate
[2009/11/03 15:59:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Desktop\SAT
[2009/11/03 11:57:02 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ptpusb.dll
[2009/11/03 11:57:01 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbscan.sys
[2009/11/03 11:57:01 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\usbscan.sys
[2009/11/03 11:57:00 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ptpusd.dll
[2009/11/03 07:26:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Desktop\What Its Like To Be
[2009/11/02 16:17:11 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2009/11/02 16:17:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2009/11/01 13:57:37 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/11/01 13:57:35 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/11/01 11:39:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\Apple
[2009/11/01 09:28:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Application Data\Apple Computer
[2009/10/31 11:46:10 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/10/31 10:30:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Application Data\vlc
[2009/10/30 17:55:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Application Data\Design Science
[2009/10/30 13:04:59 | 00,000,000 | ---D | C] -- C:\Program Files\MathType
[2009/10/29 10:35:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Application Data\Download Manager
[2009/10/29 10:35:14 | 00,000,000 | ---D | C] -- C:\windows\Sun
[2009/10/29 10:35:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Application Data\Sun
[2009/10/29 10:15:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Application Data\FileZilla
[2009/10/29 10:13:11 | 00,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2009/10/29 10:10:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\My Documents\Updater
[2009/10/29 09:54:18 | 00,000,000 | ---D | C] -- C:\windows\System32\Adobe
[2009/10/29 09:51:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adobe PDF
[2009/10/29 09:50:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2009/10/29 09:49:49 | 00,000,000 | ---D | C] -- C:\windows\RegisteredPackages
[2009/10/29 09:49:12 | 01,230,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msvidctl.dll
[2009/10/29 09:49:12 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\nabtsfec.sys
[2009/10/29 09:49:12 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\nabtsfec.sys
[2009/10/29 09:49:12 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wstdecod.dll
[2009/10/29 09:49:12 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\wstcodec.sys
[2009/10/29 09:49:12 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wstcodec.sys
[2009/10/29 09:49:12 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\streamip.sys
[2009/10/29 09:49:12 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\streamip.sys
[2009/10/29 09:49:12 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\slip.sys
[2009/10/29 09:49:12 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\slip.sys
[2009/10/29 09:49:12 | 00,010,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ndisip.sys
[2009/10/29 09:49:12 | 00,010,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ndisip.sys
[2009/10/29 09:49:11 | 00,285,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kstvtune.ax
[2009/10/29 09:49:11 | 00,285,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\kstvtune.ax
[2009/10/29 09:49:11 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kswdmcap.ax
[2009/10/29 09:49:11 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\kswdmcap.ax
[2009/10/29 09:49:11 | 00,052,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\msdv.sys
[2009/10/29 09:49:11 | 00,052,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msdv.sys
[2009/10/29 09:49:11 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ksxbar.ax
[2009/10/29 09:49:11 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ksxbar.ax
[2009/10/29 09:49:11 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\bdaplgin.ax
[2009/10/29 09:49:11 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bdaplgin.ax
[2009/10/29 09:49:11 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ccdecode.sys
[2009/10/29 09:49:11 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ccdecode.sys
[2009/10/29 09:49:11 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\mpe.sys
[2009/10/29 09:49:11 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mpe.sys
[2009/10/29 09:49:11 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ipsink.ax
[2009/10/29 09:49:11 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ipsink.ax
[2009/10/29 09:49:11 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ksolay.ax
[2009/10/29 09:49:11 | 00,011,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\bdasup.sys
[2009/10/29 09:49:11 | 00,011,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\bdasup.sys
[2009/10/29 09:49:11 | 00,010,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dxapi.sys
[2009/10/29 09:49:11 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\mstee.sys
[2009/10/29 09:49:11 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mstee.sys
[2009/10/29 09:49:10 | 01,201,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\d3d8.dll
[2009/10/29 09:49:10 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dxdiag.exe
[2009/10/29 09:49:10 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dinput8.dll
[2009/10/29 09:49:10 | 00,590,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\d3dramp.dll
[2009/10/29 09:49:10 | 00,491,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dsdmoprp.dll
[2009/10/29 09:49:10 | 00,467,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\diactfrm.dll
[2009/10/29 09:49:10 | 00,436,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\d3dim.dll
[2009/10/29 09:49:10 | 00,381,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpvoice.dll
[2009/10/29 09:49:10 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\d3drm.dll
[2009/10/29 09:49:10 | 00,186,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dsdmo.dll
[2009/10/29 09:49:10 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dmime.dll
[2009/10/29 09:49:10 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dmusic.dll
[2009/10/29 09:49:10 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpvvox.dll
[2009/10/29 09:49:10 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dmsynth.dll
[2009/10/29 09:49:10 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dmstyle.dll
[2009/10/29 09:49:10 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpvsetup.exe
[2009/10/29 09:49:10 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dmscript.dll
[2009/10/29 09:49:10 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dmcompos.dll
[2009/10/29 09:49:10 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\d3dxof.dll
[2009/10/29 09:49:10 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxdllreg.exe
[2009/10/29 09:49:10 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dimap.dll
[2009/10/29 09:49:10 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\d3dpmesh.dll
[2009/10/29 09:49:10 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dmloader.dll
[2009/10/29 09:49:10 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dmband.dll
[2009/10/29 09:49:10 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpvacm.dll
[2009/10/29 09:49:10 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dswave.dll
[2009/10/29 09:49:09 | 01,294,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dsound3d.dll
[2009/10/29 09:49:09 | 01,189,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dx8vb.dll
[2009/10/29 09:49:09 | 00,797,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\d3dim700.dll
[2009/10/29 09:49:09 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpnet.dll
[2009/10/29 09:49:09 | 00,648,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dinput.dll
[2009/10/29 09:49:09 | 00,602,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dx7vb.dll
[2009/10/29 09:49:09 | 00,381,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dsound.dll
[2009/10/29 09:49:09 | 00,292,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ddraw.dll
[2009/10/29 09:49:09 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dplayx.dll
[2009/10/29 09:49:09 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\gcdef.dll
[2009/10/29 09:49:09 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\joy.cpl
[2009/10/29 09:49:09 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpwsockx.dll
[2009/10/29 09:49:09 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpmodemx.dll
[2009/10/29 09:49:09 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpnhupnp.dll
[2009/10/29 09:49:09 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpnhpast.dll
[2009/10/29 09:49:09 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\pid.dll
[2009/10/29 09:49:09 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dplaysvr.exe
[2009/10/29 09:49:09 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ddrawex.dll
[2009/10/29 09:49:09 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpnsvr.exe
[2009/10/29 09:49:09 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\d3d8thk.dll
[2009/10/29 09:49:09 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpnlobby.dll
[2009/10/29 09:49:09 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpnaddr.dll
[2009/10/29 09:49:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2009/10/29 09:47:50 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml4r.dll
[2009/10/29 08:58:10 | 00,000,000 | ---D | C] -- C:\Save
[2009/10/28 20:27:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\My Documents\Downloads
[2009/10/28 16:20:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\Temp
[2009/10/28 16:20:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\Deployment
[2009/10/28 16:16:13 | 00,000,000 | ---D | C] -- C:\.bzvol
[2009/10/28 16:16:03 | 00,000,000 | ---D | C] -- C:\Program Files\Backblaze
[2009/10/28 16:16:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Backblaze
[2009/10/28 16:15:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Application Data\Macromedia
[2009/10/28 16:10:49 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\hidserv.dll
[2009/10/28 16:10:49 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\hidserv.dll
[2009/10/28 16:10:47 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\kbdhid.sys
[2009/10/28 16:10:47 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\kbdhid.sys
[2009/10/28 16:09:34 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\mcampbell\PrivacIE
[2009/10/28 16:08:38 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\mouhid.sys
[2009/10/28 16:08:38 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mouhid.sys
[2009/10/28 15:46:09 | 00,000,000 | ---D | C] -- C:\windows\System32\NtmsData
[2009/10/28 15:43:39 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\mcampbell\IETldCache
[2009/10/28 15:39:57 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\iecompat.dll
[2009/10/28 15:31:39 | 00,000,000 | ---D | C] -- C:\windows\ie8updates
[2009/10/28 15:31:21 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msfeeds.dll
[2009/10/28 15:31:20 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ieproxy.dll
[2009/10/28 15:31:20 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msfeedsbs.dll
[2009/10/28 15:31:20 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\xpshims.dll
[2009/10/28 15:31:19 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\iertutil.dll
[2009/10/28 15:18:23 | 26,768,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MRT.exe
[2009/10/28 15:14:42 | 00,000,000 | ---D | C] -- C:\windows\WBEM
[2009/10/28 15:13:38 | 00,000,000 | -H-D | C] -- C:\windows\ie8
[2009/10/28 14:52:04 | 00,015,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll.mui
[2009/10/28 14:36:04 | 00,000,000 | ---D | C] -- C:\windows\System32\XPSViewer
[2009/10/28 14:36:02 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/10/28 14:35:57 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/10/28 14:35:38 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\printfilterpipelinesvc.exe
[2009/10/28 14:35:38 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prntvpt.dll
[2009/10/28 14:35:38 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\filterpipelineprintproc.dll
[2009/10/28 14:35:37 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xpssvcs.dll
[2009/10/28 14:35:37 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\xpssvcs.dll
[2009/10/28 14:35:37 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xpsshhdr.dll
[2009/10/28 14:35:37 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\xpsshhdr.dll
[2009/10/28 14:35:37 | 00,000,000 | ---D | C] -- C:\f59fe0d474751aa62eb1c9774a75
[2009/10/28 14:30:36 | 00,311,296 | ---- | C] (Lexmark International, Inc.) -- C:\windows\System32\lexlog.dll
[2009/10/28 14:30:36 | 00,000,000 | ---D | C] -- C:\Program Files\Dell_HostCD
[2009/10/28 14:27:02 | 00,000,000 | ---D | C] -- C:\windows\Prefetch
[2009/10/28 14:01:50 | 00,000,000 | ---D | C] -- C:\windows\System32\scripting
[2009/10/28 14:01:50 | 00,000,000 | ---D | C] -- C:\windows\l2schemas
[2009/10/28 14:01:50 | 00,000,000 | ---D | C] -- C:\windows\System32\en-us
[2009/10/28 14:01:49 | 00,000,000 | ---D | C] -- C:\windows\System32\en
[2009/10/28 14:01:49 | 00,000,000 | ---D | C] -- C:\windows\System32\bits
[2009/10/28 13:58:45 | 00,000,000 | ---D | C] -- C:\windows\network diagnostic
[2009/10/28 13:55:56 | 00,000,000 | -H-D | C] -- C:\windows\$NtServicePackUninstall$
[2009/10/28 13:52:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/10/28 13:44:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/28 13:44:21 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/10/28 13:43:48 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/10/28 13:42:46 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/10/28 13:42:18 | 02,065,696 | ---- | C] (Apple, Inc.) -- C:\windows\System32\usbaaplrc.dll
[2009/10/28 13:42:18 | 00,040,448 | ---- | C] (Apple, Inc.) -- C:\windows\System32\drivers\usbaapl.sys
[2009/10/28 13:33:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\Mozilla
[2009/10/28 13:33:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Application Data\Mozilla
[2009/10/28 13:24:05 | 00,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2009/10/28 13:23:12 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2009/10/28 13:23:11 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2009/10/28 13:23:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/28 13:23:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/28 13:19:40 | 00,107,696 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2009/10/28 13:19:40 | 00,087,808 | ---- | C] (Symantec Corporation) -- C:\windows\System32\S32EVNT1.DLL
[2009/10/28 13:19:21 | 00,000,000 | ---D | C] -- C:\TEMP
[2009/10/28 12:55:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2009/10/28 12:53:42 | 00,000,000 | ---D | C] -- C:\windows\Internet Logs
[2009/10/28 12:53:14 | 00,127,376 | ---- | C] (Deterministic Networks, Inc.) -- C:\windows\System32\drivers\dne2000.sys
[2009/10/28 12:53:14 | 00,101,904 | ---- | C] (Deterministic Networks, Inc.) -- C:\windows\System32\dneinobj.dll
[2009/10/28 12:53:01 | 00,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2009/10/28 12:51:38 | 00,000,000 | ---D | C] -- C:\Program Files\Universal Extractor
[2009/10/28 12:51:19 | 00,000,000 | ---D | C] -- C:\Program Files\CoreFTP
[2009/10/28 12:50:16 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/10/28 12:25:19 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xmllite.dll
[2009/10/28 12:25:18 | 04,874,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmp.dll
[2009/10/28 12:25:18 | 02,940,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmploc.dll
[2009/10/28 12:25:18 | 01,119,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmsdmoe2.dll
[2009/10/28 12:25:18 | 01,053,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\WMNetmgr.dll
[2009/10/28 12:25:18 | 01,001,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmvdmoe2.dll
[2009/10/28 12:25:18 | 00,897,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmspdmoe.dll
[2009/10/28 12:25:18 | 00,809,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmvdmod.dll
[2009/10/28 12:25:18 | 00,759,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmsdmod.dll
[2009/10/28 12:25:18 | 00,670,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmadmoe.dll
[2009/10/28 12:25:18 | 00,485,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmspdmod.dll
[2009/10/28 12:25:18 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmadmod.dll
[2009/10/28 12:25:18 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmstream.dll
[2009/10/28 12:25:18 | 00,278,559 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmv8ds32.ax
[2009/10/28 12:25:18 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmphoto.dll
[2009/10/28 12:25:18 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmvds32.ax
[2009/10/28 12:25:18 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpdxm.dll
[2009/10/28 12:25:18 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpns.dll
[2009/10/28 12:25:18 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmerror.dll
[2009/10/28 12:25:18 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmidx.dll
[2009/10/28 12:25:18 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmsdmoe.dll
[2009/10/28 12:25:18 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpasf.dll
[2009/10/28 12:25:18 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpshell.dll
[2009/10/28 12:25:18 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpband.dll
[2009/10/28 12:25:18 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmplayer.exe
[2009/10/28 12:25:18 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanapi.dll
[2009/10/28 12:25:18 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmdmlog.dll
[2009/10/28 12:25:18 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmdmps.dll
[2009/10/28 12:25:18 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpui.dll
[2009/10/28 12:25:18 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpcore.dll
[2009/10/28 12:25:18 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpcd.dll
[2009/10/28 12:25:18 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmp.ocx
[2009/10/28 12:25:17 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\windowscodecs.dll
[2009/10/28 12:25:17 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\windowscodecsext.dll
[2009/10/28 12:25:17 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vidcap.ax
[2009/10/28 12:25:17 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\windows\System32\drivers\watv10nt.sys
[2009/10/28 12:25:17 | 00,022,271 | ---- | C] (Intel® Corporation) -- C:\windows\System32\drivers\watv06nt.sys
[2009/10/28 12:25:17 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\wacompen.sys
[2009/10/28 12:25:17 | 00,011,935 | ---- | C] (Intel® Corporation) -- C:\windows\System32\drivers\wadv11nt.sys
[2009/10/28 12:25:17 | 00,011,871 | ---- | C] (Intel® Corporation) -- C:\windows\System32\drivers\wadv09nt.sys
[2009/10/28 12:25:17 | 00,011,807 | ---- | C] (Intel® Corporation) -- C:\windows\System32\drivers\wadv07nt.sys
[2009/10/28 12:25:17 | 00,011,325 | ---- | C] (Intel® Corporation) -- C:\windows\System32\drivers\vchnt5.dll
[2009/10/28 12:25:17 | 00,011,295 | ---- | C] (Intel® Corporation) -- C:\windows\System32\drivers\wadv08nt.sys
[2009/10/28 12:25:16 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\unregmp2.exe
[2009/10/28 12:25:16 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbvideo.sys
[2009/10/28 12:25:16 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\uagp35.sys
[2009/10/28 12:25:16 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usb8023x.sys
[2009/10/28 12:25:15 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll
[2009/10/28 12:25:15 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tspkg.dll
[2009/10/28 12:25:14 | 00,404,990 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\slntamr.sys
[2009/10/28 12:25:14 | 00,286,792 | ---- | C] (Smart Link) -- C:\windows\System32\slextspk.dll
[2009/10/28 12:25:14 | 00,188,508 | ---- | C] (Smart Link) -- C:\windows\System32\slgen.dll
[2009/10/28 12:25:14 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\shmedia.dll
[2009/10/28 12:25:14 | 00,129,535 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\slnt7554.sys
[2009/10/28 12:25:14 | 00,095,424 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\slnthal.sys
[2009/10/28 12:25:14 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\windows\System32\dllcache\sl_anet.acm
[2009/10/28 12:25:14 | 00,073,832 | ---- | C] (Smart Link) -- C:\windows\System32\slcoinst.dll
[2009/10/28 12:25:14 | 00,073,796 | ---- | C] (Smart Link) -- C:\windows\System32\slserv.exe
[2009/10/28 12:25:14 | 00,032,866 | ---- | C] (Smart Link) -- C:\windows\System32\slrundll.exe
[2009/10/28 12:25:14 | 00,032,866 | ---- | C] (Smart Link) -- C:\windows\slrundll.exe
[2009/10/28 12:25:14 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spupdwxp.exe
[2009/10/28 12:25:14 | 00,013,240 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\slwdmsup.sys
[2009/10/28 12:25:14 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spdwnwxp.exe
[2009/10/28 12:25:14 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\smbali.sys
[2009/10/28 12:25:14 | 00,003,901 | ---- | C] (Intel® Corporation) -- C:\windows\System32\drivers\siint5.dll
[2009/10/28 12:25:13 | 00,774,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\setup_wm.exe
[2009/10/28 12:25:13 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupn.exe
[2009/10/28 12:25:12 | 00,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\windows\System32\s3gnb.dll
[2009/10/28 12:25:12 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qagentrt.dll
[2009/10/28 12:25:12 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rhttpaa.dll
[2009/10/28 12:25:12 | 00,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\windows\System32\drivers\s3gnbm.sys
[2009/10/28 12:25:12 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qagent.dll
[2009/10/28 12:25:12 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qutil.dll
[2009/10/28 12:25:12 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qcliprov.dll
[2009/10/28 12:25:12 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rasqec.dll
[2009/10/28 12:25:12 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\rfcomm.sys
[2009/10/28 12:25:12 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\rndismpx.sys
[2009/10/28 12:25:12 | 00,013,776 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\recagent.sys
[2009/10/28 12:25:11 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\photometadatahandler.dll
[2009/10/28 12:25:11 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\onex.dll
[2009/10/28 12:25:10 | 00,180,360 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\ntmtlfax.sys
[2009/10/28 12:25:09 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\npwmsdrm.dll
[2009/10/28 12:25:08 | 00,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\windows\System32\dllcache\npdsplay.dll
[2009/10/28 12:25:08 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\npdrmv2.dll
[2009/10/28 12:25:07 | 01,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\windows\System32\mtxparhd.dll
[2009/10/28 12:25:07 | 00,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\windows\System32\drivers\mtxparhm.sys
[2009/10/28 12:25:07 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napmontr.dll
[2009/10/28 12:25:07 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napstat.exe
[2009/10/28 12:25:07 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napipsec.dll
[2009/10/28 12:25:07 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\mutohpen.sys
[2009/10/28 12:25:06 | 01,309,184 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\mtlstrm.sys
[2009/10/28 12:25:06 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml6.dll
[2009/10/28 12:25:06 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msxml6.dll
[2009/10/28 12:25:06 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mswmdm.dll
[2009/10/28 12:25:06 | 00,126,686 | ---- | C] (Smart Link) -- C:\windows\System32\drivers\mtlmnt5.sys
[2009/10/28 12:25:06 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml6r.dll
[2009/10/28 12:25:06 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msxml6r.dll
[2009/10/28 12:25:05 | 00,356,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msscp.dll
[2009/10/28 12:25:05 | 00,201,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mspmsp.dll
[2009/10/28 12:25:05 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssha.dll
[2009/10/28 12:25:05 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msshavmsg.dll
[2009/10/28 12:25:05 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msscds32.ax
[2009/10/28 12:25:05 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mspmsnsv.dll
[2009/10/28 12:25:04 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msnetobj.dll
[2009/10/28 12:25:00 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msaud32.acm
[2009/10/28 12:24:59 | 00,384,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mp4sdmod.dll
[2009/10/28 12:24:59 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mpvis.dll
[2009/10/28 12:24:59 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mp43dmod.dll
[2009/10/28 12:24:59 | 00,262,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mpg4ds32.ax
[2009/10/28 12:24:59 | 00,240,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mpg4dmod.dll
[2009/10/28 12:24:59 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msadds32.ax
[2009/10/28 12:24:59 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mplay32.exe
[2009/10/28 12:24:59 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcperf.exe
[2009/10/28 12:24:59 | 00,004,639 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mplayer2.exe
[2009/10/28 12:24:58 | 00,786,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\migrate.exe
[2009/10/28 12:24:58 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcex.dll
[2009/10/28 12:24:58 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\microsoft.managementconsole.dll
[2009/10/28 12:24:58 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcfxcommon.dll
[2009/10/28 12:24:57 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\logagent.exe
[2009/10/28 12:24:56 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\laprxy.dll
[2009/10/28 12:24:52 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\windows\System32\dllcache\l3codeca.acm
[2009/10/28 12:24:52 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kmsvc.dll
[2009/10/28 12:24:52 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\l2gpstore.dll
[2009/10/28 12:24:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdpash.dll
[2009/10/28 12:24:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdnepr.dll
[2009/10/28 12:24:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdiultn.dll
[2009/10/28 12:24:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdbhc.dll
[2009/10/28 12:24:47 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\smtpapi.dll
[2009/10/28 12:24:47 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rwnh.dll
[2009/10/28 12:24:46 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\irbus.sys
[2009/10/28 12:24:46 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\comsdupd.exe
[2009/10/28 12:24:45 | 01,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\windows\System32\drivers\hsfdpsp2.sys
[2009/10/28 12:24:45 | 00,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\windows\System32\drivers\hsfcxts2.sys
[2009/10/28 12:24:45 | 00,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\windows\System32\drivers\hsfbs2s2.sys
[2009/10/28 12:24:45 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\gagp30kx.sys
[2009/10/28 12:24:45 | 00,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\windows\System32\hsfcisp2.dll
[2009/10/28 12:24:45 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\hidbth.sys
[2009/10/28 12:24:45 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\hidir.sys
[2009/10/28 12:24:44 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapp3hst.dll
[2009/10/28 12:24:44 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapphost.dll
[2009/10/28 12:24:44 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eappcfg.dll
[2009/10/28 12:24:44 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eappgnui.dll
[2009/10/28 12:24:44 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapqec.dll
[2009/10/28 12:24:44 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eappprxy.dll
[2009/10/28 12:24:44 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapsvc.dll
[2009/10/28 12:24:44 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapolqec.dll
[2009/10/28 12:24:44 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\faxpatch.exe
[2009/10/28 12:24:43 | 00,695,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\drmv2clt.dll
[2009/10/28 12:24:43 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3ui.dll
[2009/10/28 12:24:43 | 00,299,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\drmclien.dll
[2009/10/28 12:24:43 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dlimport.exe
[2009/10/28 12:24:43 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3svc.dll
[2009/10/28 12:24:43 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\drmstor.dll
[2009/10/28 12:24:43 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3cfg.dll
[2009/10/28 12:24:43 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3msm.dll
[2009/10/28 12:24:43 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3gpclnt.dll
[2009/10/28 12:24:43 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dimsroam.dll
[2009/10/28 12:24:43 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3api.dll
[2009/10/28 12:24:43 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dimsntfy.dll
[2009/10/28 12:24:43 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3dlg.dll
[2009/10/28 12:24:42 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpqec.dll
[2009/10/28 12:24:42 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\custsat.dll
[2009/10/28 12:24:42 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\credssp.dll
[2009/10/28 12:24:40 | 01,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\System32\ati3duag.dll
[2009/10/28 12:24:40 | 00,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\System32\ati3d1ag.dll
[2009/10/28 12:24:40 | 00,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\windows\System32\ativvaxx.dll
[2009/10/28 12:24:40 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\blackbox.dll
[2009/10/28 12:24:40 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\bthport.sys
[2009/10/28 12:24:40 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroles.dll
[2009/10/28 12:24:40 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cewmdm.dll
[2009/10/28 12:24:40 | 00,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinrvxx.sys
[2009/10/28 12:24:40 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\bthpan.sys
[2009/10/28 12:24:40 | 00,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atintuxx.sys
[2009/10/28 12:24:40 | 00,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinxsxx.sys
[2009/10/28 12:24:40 | 00,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinbtxx.sys
[2009/10/28 12:24:40 | 00,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinraxx.sys
[2009/10/28 12:24:40 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\bthmodem.sys
[2009/10/28 12:24:40 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\bthprint.sys
[2009/10/28 12:24:40 | 00,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ativtmxx.dll
[2009/10/28 12:24:40 | 00,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinxbxx.sys
[2009/10/28 12:24:40 | 00,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinsnxx.sys
[2009/10/28 12:24:40 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\windows\System32\drivers\atv04nt5.dll
[2009/10/28 12:24:40 | 00,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ativmvxx.ax
[2009/10/28 12:24:40 | 00,021,183 | ---- | C] (Intel® Corporation) -- C:\windows\System32\drivers\atv01nt5.dll
[2009/10/28 12:24:40 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\bthusb.sys
[2009/10/28 12:24:40 | 00,017,279 | ---- | C] (Intel® Corporation) -- C:\windows\System32\drivers\atv10nt5.dll
[2009/10/28 12:24:40 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\bthenum.sys
[2009/10/28 12:24:40 | 00,015,423 | ---- | C] (Intel® Corporation) -- C:\windows\System32\drivers\ch7xxnt5.dll
[2009/10/28 12:24:40 | 00,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinpdxx.sys
[2009/10/28 12:24:40 | 00,014,143 | ---- | C] (Intel® Corporation) -- C:\windows\System32\drivers\atv06nt5.dll
[2009/10/28 12:24:40 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinttxx.sys
[2009/10/28 12:24:40 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\atinmdxx.sys
[2009/10/28 12:24:40 | 00,011,359 | ---- | C] (Intel® Corporation) -- C:\windows\System32\drivers\atv02nt5.dll
[2009/10/28 12:24:40 | 00,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ativdaxx.ax
[2009/10/28 12:24:40 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsprx4.dll
[2009/10/28 12:24:39 | 00,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati2mtag.sys
[2009/10/28 12:24:39 | 00,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ati2dvaa.dll
[2009/10/28 12:24:39 | 00,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati2mtaa.sys
[2009/10/28 12:24:39 | 00,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ati2cqag.dll
[2009/10/28 12:24:39 | 00,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\ati2dvag.dll
[2009/10/28 12:24:39 | 00,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1rvxx.sys
[2009/10/28 12:24:39 | 00,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1btxx.sys
[2009/10/28 12:24:39 | 00,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1tuxx.sys
[2009/10/28 12:24:39 | 00,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1xsxx.sys
[2009/10/28 12:24:39 | 00,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1raxx.sys
[2009/10/28 12:24:39 | 00,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1xbxx.sys
[2009/10/28 12:24:39 | 00,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1snxx.sys
[2009/10/28 12:24:39 | 00,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1ttxx.sys
[2009/10/28 12:24:39 | 00,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1pdxx.sys
[2009/10/28 12:24:39 | 00,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\windows\System32\drivers\ati1mdxx.sys
[2009/10/28 12:24:39 | 00,004,255 | ---- | C] (Intel® Corporation) -- C:\windows\System32\drivers\adv01nt5.dll
[2009/10/28 12:24:39 | 00,003,967 | ---- | C] (Intel® Corporation) -- C:\windows\System32\drivers\adv02nt5.dll
[2009/10/28 12:24:39 | 00,003,775 | ---- | C] (Intel® Corporation) -- C:\windows\System32\drivers\adv11nt5.dll
[2009/10/28 12:24:39 | 00,003,711 | ---- | C] (Intel® Corporation) -- C:\windows\System32\drivers\adv09nt5.dll
[2009/10/28 12:24:39 | 00,003,647 | ---- | C] (Intel® Corporation) -- C:\windows\System32\drivers\adv07nt5.dll
[2009/10/28 12:24:39 | 00,003,615 | ---- | C] (Intel® Corporation) -- C:\windows\System32\drivers\adv05nt5.dll
[2009/10/28 12:24:39 | 00,003,135 | ---- | C] (Intel® Corporation) -- C:\windows\System32\drivers\adv08nt5.dll
[2009/10/28 12:24:38 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll
[2009/10/28 11:57:29 | 00,000,000 | ---D | C] -- C:\Movies
[2009/10/28 11:08:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\My Documents\2Pac - The Acapella Archive
[2009/10/28 11:02:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\My Documents\Ableton
[2009/10/28 11:02:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\My Documents\Bome's Mouse Keyboard
[2009/10/28 11:02:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\My Documents\AdobeStockPhotos
[2009/10/28 11:01:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\My Documents\FBX Converter
[2009/10/28 11:01:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\My Documents\Cyberlink
[2009/10/28 11:01:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\My Documents\Cubase
[2009/10/28 11:01:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\My Documents\Google Talk Received Files
[2009/10/28 11:01:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\My Documents\My Digital Editions
[2009/10/28 10:56:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\My Documents\My Virtual Machines
[2009/10/28 10:56:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\My Documents\Reason
[2009/10/28 10:56:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\My Documents\Prodigy Sound
[2009/10/28 10:56:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\My Documents\Sonic Academy
[2009/10/28 10:56:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\My Documents\Yamaha Manual
[2009/10/28 10:46:14 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbstor.sys
[2009/10/28 10:39:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\Symantec
[2009/10/28 10:38:37 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\capicom.dll
[2009/10/28 10:38:37 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/10/28 10:38:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/10/28 10:38:34 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec AntiVirus
[2009/10/28 10:38:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/10/28 10:35:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\Apple Computer
[2009/10/28 10:35:33 | 00,000,000 | --SD | C] -- C:\Documents and Settings\mcampbell\Application Data\Microsoft
[2009/10/28 10:35:33 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\mcampbell\SendTo
[2009/10/28 10:35:33 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\mcampbell\Recent
[2009/10/28 10:35:33 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\mcampbell\Application Data
[2009/10/28 10:35:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\mcampbell\Start Menu
[2009/10/28 10:35:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\mcampbell\My Documents\My Videos
[2009/10/28 10:35:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\mcampbell\My Documents\My Pictures
[2009/10/28 10:35:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\mcampbell\My Documents\My Music
[2009/10/28 10:35:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\mcampbell\My Documents
[2009/10/28 10:35:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\mcampbell\Favorites
[2009/10/28 10:35:33 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\mcampbell\Cookies
[2009/10/28 10:35:33 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\mcampbell\Templates
[2009/10/28 10:35:33 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\mcampbell\PrintHood
[2009/10/28 10:35:33 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\mcampbell\NetHood
[2009/10/28 10:35:33 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\mcampbell\Local Settings
[2009/10/28 10:35:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\Wave Systems Corp
[2009/10/28 10:35:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Application Data\Wave Systems Corp
[2009/10/28 10:35:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\Toshiba
[2009/10/28 10:35:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\PowerDVD DX
[2009/10/28 10:35:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\My Documents\My Google Gadgets
[2009/10/28 10:35:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\Microsoft Help
[2009/10/28 10:35:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\Microsoft
[2009/10/28 10:35:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Application Data\Intel
[2009/10/28 10:35:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Application Data\InstallShield
[2009/10/28 10:35:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Application Data\Identities
[2009/10/28 10:35:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\Google
[2009/10/28 10:35:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Desktop
[2009/10/28 10:35:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\My Documents\Bluetooth
[2009/10/28 10:35:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\ApplicationHistory
[2009/10/28 10:35:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\Adobe
[2009/10/28 10:35:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Application Data\Adobe
[2009/10/28 10:35:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2009/10/28 10:33:29 | 00,000,000 | ---D | C] -- C:\windows\SchCache
[2009/10/28 10:32:30 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\bthport.sys
[2009/10/28 10:26:28 | 00,730,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\lsasrv.dll
[2009/10/28 10:26:28 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntdll.dll
[2009/10/28 10:26:28 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\advapi32.dll
[2009/10/28 10:26:28 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\fastprox.dll
[2009/10/28 10:26:28 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmiprvsd.dll
[2009/10/28 10:26:28 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\rpcss.dll
[2009/10/28 10:26:28 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\pdh.dll
[2009/10/28 10:26:28 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmiprvse.exe
[2009/10/28 10:26:28 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\services.exe
[2009/10/28 10:26:28 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\sc.exe
[2009/10/28 10:26:27 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntoskrnl.exe
[2009/10/28 10:26:27 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntkrnlmp.exe
[2009/10/28 10:26:27 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntkrpamp.exe
[2009/10/28 10:25:15 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\triedit.dll
[2009/10/28 10:18:59 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dhtmled.ocx
[2009/10/28 10:15:56 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\rmcast.sys
[2009/10/28 10:15:55 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mrxsmb.sys
[2009/10/28 10:13:30 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\srv.sys
[2009/10/28 10:13:17 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msadce.dll
[2009/10/28 10:13:04 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msoe.dll
[2009/10/28 10:12:37 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\inetcomm.dll
[2009/10/28 09:35:37 | 00,000,000 | ---D | C] -- C:\windows\ServicePackFiles
[2009/10/28 09:33:29 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mstscax.dll
[2009/10/28 09:32:25 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\netapi32.dll
[2009/10/28 09:31:49 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wordpad.exe
[2009/10/28 09:31:49 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xpsp4res.dll
[2009/10/28 09:22:30 | 00,000,000 | -HSD | C] -- C:\windows\CSC
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/25 10:15:00 | 00,000,424 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{A7A5D478-78DE-44BA-9677-61CE98018850}.job
[2009/11/25 09:32:02 | 00,000,994 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-321466456-79445294-927750060-8024UA.job
[2009/11/25 08:44:53 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/11/25 08:42:35 | 00,000,227 | ---- | M] () -- C:\windows\system.ini
[2009/11/25 08:24:54 | 03,407,872 | -H-- | M] () -- C:\Documents and Settings\mcampbell\NTUSER.DAT
[2009/11/24 22:13:20 | 00,445,938 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2009/11/24 22:13:19 | 00,072,978 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2009/11/24 22:13:16 | 00,528,020 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2009/11/24 22:09:12 | 00,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2009/11/24 22:08:29 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2009/11/24 22:08:25 | 21,371,16672 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/24 22:07:42 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\mcampbell\ntuser.ini
[2009/11/24 11:27:01 | 12,525,558 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\prepme.bmp
[2009/11/24 11:25:56 | 08,971,254 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\knewton.bmp
[2009/11/24 10:08:11 | 00,031,381 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\prepme.htm
[2009/11/19 17:18:42 | 05,484,527 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\UFC Ads.zip
[2009/11/19 16:54:47 | 05,497,512 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\Final UFC ads.zip
[2009/11/18 19:46:52 | 00,001,954 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\blue-version.htm
[2009/11/18 17:24:28 | 00,016,716 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\cupcake.jpg
[2009/11/18 14:38:04 | 00,286,461 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\UFC_brandHeader.swf
[2009/11/18 14:33:58 | 00,136,273 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\JAKKS_investors_v1.jpg
[2009/11/18 14:25:39 | 00,489,224 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\Jakks-IR.jpg
[2009/11/18 13:46:23 | 06,074,838 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\Jakks-IR.bmp
[2009/11/17 20:13:42 | 00,098,816 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\IndContrInvoice.doc
[2009/11/17 13:44:59 | 00,000,722 | ---- | M] () -- C:\Documents and Settings\mcampbell\Start Menu\Programs\Startup\CaptureWiz.lnk
[2009/11/17 13:26:20 | 00,249,856 | ---- | M] (Microsoft Corporation) -- C:\windows\Setup1.exe
[2009/11/17 13:26:19 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\windows\ST6UNST.EXE
[2009/11/16 21:37:50 | 00,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2009/11/16 21:23:57 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/11/16 19:14:28 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/16 19:06:55 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\housecall.guid.cache
[2009/11/16 15:37:12 | 00,070,444 | -H-- | M] () -- C:\windows\System32\mlfcache.dat
[2009/11/16 13:32:03 | 00,000,942 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-321466456-79445294-927750060-8024Core.job
[2009/11/16 10:11:34 | 00,000,664 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2009/11/16 09:52:38 | 02,188,344 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\windows\PEV.exe
[2009/11/12 11:14:16 | 00,029,904 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\160x600_HD_high_tech_v1_DigTV_LP.swf
[2009/11/11 16:14:08 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2009/11/11 14:16:46 | 00,344,566 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\Disney-Princess-Musical-Vanity-2.jpg
[2009/11/11 14:15:30 | 00,352,571 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\Disney-Princess-Musical-Vanity.jpg
[2009/11/11 13:25:17 | 41,671,581 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\JakksCares09.flv
[2009/11/11 12:12:51 | 00,032,006 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\Jakks Cares.aep
[2009/11/11 12:01:15 | 00,000,846 | ---- | M] () -- C:\windows\tasks\backup.job
[2009/11/11 11:26:49 | 00,007,696 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\discovery-kids.png
[2009/11/11 10:48:54 | 57,638,397 | R--- | M] () -- C:\Documents and Settings\mcampbell\Desktop\JAKKS Cares Op Smile video HI RES.mp4
[2009/11/10 14:35:08 | 00,053,248 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\GG Legal updates.doc
[2009/11/10 11:08:05 | 00,315,904 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\Disney CP Ad Approval Form.doc
[2009/11/10 09:25:44 | 00,006,326 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\feature-site.png
[2009/11/10 08:45:52 | 00,012,171 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\Fairies Jakks com website information.docm
[2009/11/09 11:50:01 | 00,008,704 | ---- | M] () -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/09 11:49:59 | 05,043,078 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\Eyeclops-Mini-Projector.wmv
[2009/11/09 11:44:40 | 18,857,002 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\Comp 2.avi
[2009/11/09 09:58:22 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\PUTTY.RND
[2009/11/06 10:37:47 | 93,314,7870 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\Comp 1.avi
[2009/11/06 10:25:52 | 00,000,731 | ---- | M] () -- C:\windows\win.ini
[2009/11/06 10:11:33 | 00,316,640 | ---- | M] () -- C:\windows\WMSysPr9.prx
[2009/11/05 14:28:35 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\Nondisclosure_Agreement.doc
[2009/11/05 13:43:26 | 02,737,851 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\DOME-NDA.pdf
[2009/11/05 09:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MRT.exe
[2009/11/03 11:20:58 | 00,202,659 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\header-in-comp.png
[2009/11/03 11:07:21 | 00,054,198 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\header-slim2.png
[2009/11/03 10:35:35 | 00,057,418 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\header-slim.png
[2009/11/03 08:50:57 | 00,143,062 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\header.png
[2009/11/03 07:48:09 | 00,355,522 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\New-Header.jpg
[2009/11/02 16:34:52 | 01,987,759 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\New UFC.psd
[2009/11/02 16:17:11 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[2009/10/29 10:58:31 | 00,002,028 | ---- | M] () -- C:\Documents and Settings\mcampbell\Desktop\lr.gif
[2009/10/29 09:51:19 | 00,000,988 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2009/10/29 09:47:50 | 00,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msxml4r.dll
[2009/10/28 16:09:16 | 00,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2009/10/28 16:09:14 | 00,001,393 | ---- | M] () -- C:\windows\imsins.BAK
[2009/10/28 16:09:14 | 00,000,000 | -H-- | M] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2009/10/28 14:30:36 | 00,001,358 | ---- | M] () -- C:\windows\System32\LexFiles.ulf
[2009/10/28 14:30:36 | 00,001,084 | ---- | M] () -- C:\windows\DKAAP2DD.ini
[2009/10/28 14:30:36 | 00,000,823 | ---- | M] () -- C:\windows\System32\LexFiles.usr
[2009/10/28 13:58:36 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/10/28 13:40:49 | 00,054,156 | -H-- | M] () -- C:\windows\QTFont.qfn
[2009/10/28 13:24:14 | 00,000,000 | ---- | M] () -- C:\windows\nsreg.dat
[2009/10/28 12:55:47 | 00,001,594 | ---- | M] () -- C:\windows\VPNInstall.MIF
[2009/10/28 12:54:57 | 00,001,594 | ---- | M] () -- C:\windows\VPNUnInstall.MIF
[2009/10/28 12:17:39 | 00,000,376 | ---- | M] () -- C:\windows\ODBC.INI
[2009/10/28 10:46:39 | 00,000,000 | ---- | M] () -- C:\windows\VPC32.INI
[2009/10/28 10:35:35 | 00,004,204 | RHS- | M] () -- C:\Documents and Settings\mcampbell\ntuser.pol
[2009/10/28 10:21:35 | 00,025,814 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/10/28 02:09:50 | 00,000,210 | ---- | M] () -- C:\Boot.bak
[2009/10/27 10:56:43 | 00,012,292 | ---- | M] () -- C:\Documents and Settings\mcampbell\My Documents\.DS_Store
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/24 11:27:01 | 12,525,558 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\prepme.bmp
[2009/11/24 11:25:56 | 08,971,254 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\knewton.bmp
[2009/11/24 10:08:09 | 00,031,381 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\prepme.htm
[2009/11/19 17:18:42 | 05,484,527 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\UFC Ads.zip
[2009/11/19 16:54:47 | 05,497,512 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\Final UFC ads.zip
[2009/11/18 19:38:36 | 00,286,461 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\UFC_brandHeader.swf
[2009/11/18 19:34:51 | 00,001,954 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\blue-version.htm
[2009/11/18 17:24:35 | 00,016,716 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\cupcake.jpg
[2009/11/18 14:33:58 | 00,136,273 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\JAKKS_investors_v1.jpg
[2009/11/18 14:25:39 | 00,489,224 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\Jakks-IR.jpg
[2009/11/18 13:46:23 | 06,074,838 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\Jakks-IR.bmp
[2009/11/17 20:13:42 | 00,098,816 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\IndContrInvoice.doc
[2009/11/17 13:44:59 | 00,000,722 | ---- | C] () -- C:\Documents and Settings\mcampbell\Start Menu\Programs\Startup\CaptureWiz.lnk
[2009/11/16 21:23:57 | 00,000,210 | ---- | C] () -- C:\Boot.bak
[2009/11/16 21:23:47 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/16 21:21:28 | 00,077,312 | ---- | C] () -- C:\windows\MBR.exe
[2009/11/16 21:21:27 | 00,260,608 | ---- | C] () -- C:\windows\PEV.exe
[2009/11/16 21:21:27 | 00,098,816 | ---- | C] () -- C:\windows\sed.exe
[2009/11/16 21:21:27 | 00,080,412 | ---- | C] () -- C:\windows\grep.exe
[2009/11/16 21:21:27 | 00,068,096 | ---- | C] () -- C:\windows\zip.exe
[2009/11/16 19:14:28 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/16 19:06:55 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\housecall.guid.cache
[2009/11/12 11:14:11 | 00,029,904 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\160x600_HD_high_tech_v1_DigTV_LP.swf
[2009/11/11 14:16:45 | 00,344,566 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\Disney-Princess-Musical-Vanity-2.jpg
[2009/11/11 14:15:29 | 00,352,571 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\Disney-Princess-Musical-Vanity.jpg
[2009/11/11 12:21:34 | 00,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2009/11/11 12:13:13 | 41,671,581 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\JakksCares09.flv
[2009/11/11 12:12:51 | 00,032,006 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\Jakks Cares.aep
[2009/11/11 11:26:48 | 00,007,696 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\discovery-kids.png
[2009/11/11 10:48:54 | 57,638,397 | R--- | C] () -- C:\Documents and Settings\mcampbell\Desktop\JAKKS Cares Op Smile video HI RES.mp4
[2009/11/10 14:35:08 | 00,053,248 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\GG Legal updates.doc
[2009/11/10 09:25:44 | 00,006,326 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\feature-site.png
[2009/11/10 08:45:52 | 00,012,171 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\Fairies Jakks com website information.docm
[2009/11/10 08:45:50 | 00,315,904 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\Disney CP Ad Approval Form.doc
[2009/11/09 11:42:39 | 18,857,002 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\Comp 2.avi
[2009/11/09 09:58:22 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\PUTTY.RND
[2009/11/06 10:38:19 | 05,043,078 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\Eyeclops-Mini-Projector.wmv
[2009/11/06 10:35:20 | 93,314,7870 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\Comp 1.avi
[2009/11/06 10:25:37 | 00,290,816 | ---- | C] () -- C:\windows\System32\decdll.dll
[2009/11/05 13:43:26 | 02,737,851 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\DOME-NDA.pdf
[2009/11/05 12:43:14 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\Nondisclosure_Agreement.doc
[2009/11/05 09:42:24 | 00,070,444 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2009/11/03 11:20:56 | 00,202,659 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\header-in-comp.png
[2009/11/03 11:07:20 | 00,054,198 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\header-slim2.png
[2009/11/03 10:35:35 | 00,057,418 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\header-slim.png
[2009/11/03 08:50:56 | 00,143,062 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\header.png
[2009/11/03 07:48:08 | 00,355,522 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\New-Header.jpg
[2009/11/02 16:34:50 | 01,987,759 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\New UFC.psd
[2009/11/02 16:17:11 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[2009/10/30 08:42:53 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/29 10:58:31 | 00,002,028 | ---- | C] () -- C:\Documents and Settings\mcampbell\Desktop\lr.gif
[2009/10/29 09:54:19 | 00,016,384 | ---- | C] () -- C:\windows\System32\FileOps.exe
[2009/10/29 09:51:19 | 00,000,988 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2009/10/29 09:49:12 | 00,354,816 | ---- | C] () -- C:\windows\System32\psisdecd.dll
[2009/10/29 09:49:12 | 00,354,816 | ---- | C] () -- C:\windows\System32\dllcache\psisdecd.dll
[2009/10/29 09:49:12 | 00,052,224 | ---- | C] () -- C:\windows\System32\msdvbnp.ax
[2009/10/29 09:49:12 | 00,052,224 | ---- | C] () -- C:\windows\System32\dllcache\msdvbnp.ax
[2009/10/29 09:49:12 | 00,030,208 | ---- | C] () -- C:\windows\System32\psisrndr.ax
[2009/10/29 09:49:12 | 00,030,208 | ---- | C] () -- C:\windows\System32\dllcache\psisrndr.ax
[2009/10/29 09:49:11 | 01,798,144 | ---- | C] () -- C:\windows\System32\dllcache\qedit.dll
[2009/10/29 09:49:11 | 00,733,184 | ---- | C] () -- C:\windows\System32\dllcache\qedwipes.dll
[2009/10/29 09:49:11 | 00,470,528 | ---- | C] () -- C:\windows\System32\dllcache\qdvd.dll
[2009/10/29 09:49:11 | 00,316,928 | ---- | C] () -- C:\windows\System32\dllcache\qdv.dll
[2009/10/29 09:49:11 | 00,257,024 | ---- | C] () -- C:\windows\System32\dllcache\qcap.dll
[2009/10/29 09:49:11 | 00,173,056 | ---- | C] () -- C:\windows\System32\dllcache\qasf.dll
[2009/10/29 09:49:11 | 00,136,192 | ---- | C] () -- C:\windows\System32\dllcache\mpg2splt.ax
[2009/10/29 09:49:11 | 00,132,608 | ---- | C] () -- C:\windows\System32\dllcache\devenum.dll
[2009/10/29 09:49:11 | 00,064,512 | ---- | C] () -- C:\windows\System32\dllcache\amstream.dll
[2009/10/29 09:49:11 | 00,034,304 | ---- | C] () -- C:\windows\System32\dllcache\mciqtz32.dll
[2009/10/29 09:49:11 | 00,013,312 | ---- | C] () -- C:\windows\System32\dllcache\msdmo.dll
[2009/10/28 16:20:32 | 00,000,994 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-321466456-79445294-927750060-8024UA.job
[2009/10/28 16:20:31 | 00,000,942 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-321466456-79445294-927750060-8024Core.job
[2009/10/28 16:09:16 | 00,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2009/10/28 16:09:14 | 00,000,000 | -H-- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2009/10/28 15:51:09 | 00,000,846 | ---- | C] () -- C:\windows\tasks\backup.job
[2009/10/28 15:29:58 | 00,000,424 | -H-- | C] () -- C:\windows\tasks\User_Feed_Synchronization-{A7A5D478-78DE-44BA-9677-61CE98018850}.job
[2009/10/28 14:53:58 | 01,089,593 | ---- | C] () -- C:\windows\System32\dllcache\ntprint.cat
[2009/10/28 14:30:36 | 00,001,358 | ---- | C] () -- C:\windows\System32\LexFiles.ulf
[2009/10/28 14:30:36 | 00,001,084 | ---- | C] () -- C:\windows\DKAAP2DD.ini
[2009/10/28 14:30:36 | 00,000,823 | ---- | C] () -- C:\windows\System32\LexFiles.usr
[2009/10/28 13:24:14 | 00,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2009/10/28 12:54:17 | 00,001,594 | ---- | C] () -- C:\windows\VPNUnInstall.MIF
[2009/10/28 12:52:57 | 00,001,594 | ---- | C] () -- C:\windows\VPNInstall.MIF
[2009/10/28 12:25:18 | 00,613,334 | ---- | C] () -- C:\windows\System32\dllcache\wmplayer.chm
[2009/10/28 12:25:18 | 00,354,468 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud1.wav
[2009/10/28 12:25:18 | 00,343,204 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud7.wav
[2009/10/28 12:25:18 | 00,343,204 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud6.wav
[2009/10/28 12:25:18 | 00,172,196 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud9.wav
[2009/10/28 12:25:18 | 00,172,196 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud8.wav
[2009/10/28 12:25:18 | 00,172,196 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud3.wav
[2009/10/28 12:25:18 | 00,086,196 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud5.wav
[2009/10/28 12:25:18 | 00,086,180 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud4.wav
[2009/10/28 12:25:18 | 00,086,180 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud2.wav
[2009/10/28 12:25:18 | 00,067,374 | ---- | C] () -- C:\windows\System32\dllcache\wmplayer.adm
[2009/10/28 12:25:18 | 00,029,070 | ---- | C] () -- C:\windows\System32\dllcache\wmp.inf
[2009/10/28 12:25:18 | 00,023,195 | ---- | C] () -- C:\windows\System32\dllcache\wmplay.chm
[2009/10/28 12:25:18 | 00,017,272 | ---- | C] () -- C:\windows\System32\dllcache\wmdm.inf
[2009/10/28 12:25:18 | 00,010,457 | ---- | C] () -- C:\windows\System32\dllcache\wmptour.hta
[2009/10/28 12:25:18 | 00,008,677 | ---- | C] () -- C:\windows\System32\dllcache\wm7.gif
[2009/10/28 12:25:18 | 00,007,892 | ---- | C] () -- C:\windows\System32\dllcache\wm9.gif
[2009/10/28 12:25:18 | 00,007,636 | ---- | C] () -- C:\windows\System32\dllcache\wm2.gif
[2009/10/28 12:25:18 | 00,007,369 | ---- | C] () -- C:\windows\System32\dllcache\wm4.gif
[2009/10/28 12:25:18 | 00,006,769 | ---- | C] () -- C:\windows\System32\dllcache\wmfsdk.inf
[2009/10/28 12:25:18 | 00,006,241 | ---- | C] () -- C:\windows\System32\dllcache\wm3.gif
[2009/10/28 12:25:18 | 00,006,060 | ---- | C] () -- C:\windows\System32\dllcache\wm6.gif
[2009/10/28 12:25:18 | 00,005,789 | ---- | C] () -- C:\windows\System32\dllcache\wm1.gif
[2009/10/28 12:25:18 | 00,004,193 | ---- | C] () -- C:\windows\System32\dllcache\wm8.gif
[2009/10/28 12:25:18 | 00,002,477 | ---- | C] () -- C:\windows\System32\dllcache\wm5.gif
[2009/10/28 12:25:18 | 00,001,771 | ---- | C] () -- C:\windows\System32\dllcache\wmptour.css
[2009/10/28 12:25:18 | 00,000,855 | ---- | C] () -- C:\windows\System32\dllcache\wmpocm.inf
[2009/10/28 12:25:18 | 00,000,420 | ---- | C] () -- C:\windows\System32\dllcache\wmploc.js
[2009/10/28 12:25:17 | 00,300,969 | ---- | C] () -- C:\windows\System32\dllcache\viz.wmv
[2009/10/28 12:25:17 | 00,017,489 | ---- | C] () -- C:\windows\System32\dllcache\videobg.gif
[2009/10/28 12:25:17 | 00,005,290 | ---- | C] () -- C:\windows\System32\dllcache\vidsamp.gif
[2009/10/28 12:25:15 | 00,023,829 | ---- | C] () -- C:\windows\System32\dllcache\tourbg.gif
[2009/10/28 12:25:15 | 00,003,187 | ---- | C] () -- C:\windows\System32\dllcache\tour.js
[2009/10/28 12:25:15 | 00,002,469 | ---- | C] () -- C:\windows\System32\dllcache\tplay.gif
[2009/10/28 12:25:15 | 00,002,450 | ---- | C] () -- C:\windows\System32\dllcache\tpause.gif
[2009/10/28 12:25:15 | 00,002,375 | ---- | C] () -- C:\windows\System32\dllcache\tplayh.gif
[2009/10/28 12:25:15 | 00,002,371 | ---- | C] () -- C:\windows\System32\dllcache\tpauseh.gif
[2009/10/28 12:25:15 | 00,001,398 | ---- | C] () -- C:\windows\System32\dllcache\taon.gif
[2009/10/28 12:25:15 | 00,001,380 | ---- | C] () -- C:\windows\System32\dllcache\taonh.gif
[2009/10/28 12:25:15 | 00,001,380 | ---- | C] () -- C:\windows\System32\dllcache\taoff.gif
[2009/10/28 12:25:15 | 00,001,367 | ---- | C] () -- C:\windows\System32\dllcache\taoffh.gif
[2009/10/28 12:25:14 | 00,001,148 | ---- | C] () -- C:\windows\System32\dllcache\snd.htm
[2009/10/28 12:25:14 | 00,000,908 | ---- | C] () -- C:\windows\System32\dllcache\skins.inf
[2009/10/28 12:25:12 | 00,572,557 | ---- | C] () -- C:\windows\System32\dllcache\rtuner.wmv
[2009/10/28 12:25:12 | 00,066,725 | ---- | C] () -- C:\windows\System32\dllcache\revert.wmz
[2009/10/28 12:25:11 | 00,077,307 | ---- | C] () -- C:\windows\System32\dllcache\plyr_err.chm
[2009/10/28 12:25:11 | 00,001,477 | ---- | C] () -- C:\windows\System32\dllcache\plylst6.wpl
[2009/10/28 12:25:11 | 00,001,477 | ---- | C] () -- C:\windows\System32\dllcache\plylst5.wpl
[2009/10/28 12:25:11 | 00,001,474 | ---- | C] () -- C:\windows\System32\dllcache\plylst3.wpl
[2009/10/28 12:25:11 | 00,001,451 | ---- | C] () -- C:\windows\System32\dllcache\plylst12.wpl
[2009/10/28 12:25:11 | 00,001,448 | ---- | C] () -- C:\windows\System32\dllcache\plylst4.wpl
[2009/10/28 12:25:11 | 00,001,250 | ---- | C] () -- C:\windows\System32\dllcache\plylst1.wpl
[2009/10/28 12:25:11 | 00,001,049 | ---- | C] () -- C:\windows\System32\dllcache\plylst2.wpl
[2009/10/28 12:25:11 | 00,001,046 | ---- | C] () -- C:\windows\System32\dllcache\plylst7.wpl
[2009/10/28 12:25:11 | 00,001,036 | ---- | C] () -- C:\windows\System32\dllcache\plylst8.wpl
[2009/10/28 12:25:11 | 00,000,789 | ---- | C] () -- C:\windows\System32\dllcache\plylst11.wpl
[2009/10/28 12:25:11 | 00,000,787 | ---- | C] () -- C:\windows\System32\dllcache\plylst10.wpl
[2009/10/28 12:25:11 | 00,000,784 | ---- | C] () -- C:\windows\System32\dllcache\plylst9.wpl
[2009/10/28 12:25:11 | 00,000,783 | ---- | C] () -- C:\windows\System32\dllcache\plylst13.wpl
[2009/10/28 12:25:11 | 00,000,775 | ---- | C] () -- C:\windows\System32\dllcache\plylst14.wpl
[2009/10/28 12:25:11 | 00,000,733 | ---- | C] () -- C:\windows\System32\dllcache\plylst15.wpl
[2009/10/28 12:25:10 | 00,375,519 | ---- | C] () -- C:\windows\System32\dllcache\nuskin.wmv
[2009/10/28 12:25:08 | 00,067,866 | ---- | C] () -- C:\windows\System32\drivers\netwlan5.img
[2009/10/28 12:25:08 | 00,022,060 | ---- | C] () -- C:\windows\System32\dllcache\npds.zip
[2009/10/28 12:25:08 | 00,000,403 | ---- | C] () -- C:\windows\System32\dllcache\npdrmv2.zip
[2009/10/28 12:25:02 | 00,844,314 | ---- | C] () -- C:\windows\System32\dllcache\msdxm.ocx
[2009/10/28 12:25:02 | 00,004,126 | ---- | C] () -- C:\windows\System32\dllcache\msdxmlc.dll
[2009/10/28 12:24:59 | 00,097,117 | ---- | C] () -- C:\windows\System32\dllcache\mplayer2.hlp
[2009/10/28 12:24:59 | 00,018,286 | ---- | C] () -- C:\windows\System32\dllcache\mplayer2.inf
[2009/10/28 12:24:59 | 00,002,778 | ---- | C] () -- C:\windows\System32\dllcache\mplogoh.gif
[2009/10/28 12:24:59 | 00,002,545 | ---- | C] () -- C:\windows\System32\dllcache\mplogo.gif
[2009/10/28 12:24:59 | 00,001,885 | ---- | C] () -- C:\windows\System32\dllcache\mplayer2.cnt
[2009/10/28 12:24:57 | 00,457,607 | ---- | C] () -- C:\windows\System32\dllcache\mdlib.wmv
[2009/10/28 12:24:47 | 00,000,974 | ---- | C] () -- C:\windows\System32\pid.inf
[2009/10/28 12:24:44 | 00,005,971 | ---- | C] () -- C:\windows\System32\dllcache\events.js
[2009/10/28 12:24:42 | 00,381,425 | ---- | C] () -- C:\windows\System32\dllcache\copycd.wmv
[2009/10/28 12:24:42 | 00,184,959 | ---- | C] () -- C:\windows\System32\dllcache\compact.wmz
[2009/10/28 12:24:42 | 00,129,045 | ---- | C] () -- C:\windows\System32\drivers\cxthsfs2.cty
[2009/10/28 12:24:42 | 00,009,585 | ---- | C] () -- C:\windows\System32\dllcache\controls.css
[2009/10/28 12:24:42 | 00,008,298 | ---- | C] () -- C:\windows\System32\dllcache\contents.htm
[2009/10/28 12:24:42 | 00,006,878 | ---- | C] () -- C:\windows\System32\dllcache\controls.js
[2009/10/28 12:24:42 | 00,000,773 | ---- | C] () -- C:\windows\System32\dllcache\cnth.gif
[2009/10/28 12:24:42 | 00,000,773 | ---- | C] () -- C:\windows\System32\dllcache\cnt.gif
[2009/10/28 12:24:42 | 00,000,772 | ---- | C] () -- C:\windows\System32\dllcache\cntd.gif
[2009/10/28 12:24:42 | 00,000,760 | ---- | C] () -- C:\windows\System32\dllcache\cloapph.gif
[2009/10/28 12:24:42 | 00,000,717 | ---- | C] () -- C:\windows\System32\dllcache\cloapp.gif
[2009/10/28 12:24:40 | 00,064,352 | ---- | C] () -- C:\windows\System32\drivers\ativmc20.cod
[2009/10/28 12:24:40 | 00,000,999 | ---- | C] () -- C:\windows\System32\dllcache\bktrh.gif
[2009/10/28 10:56:07 | 00,012,292 | ---- | C] () -- C:\Documents and Settings\mcampbell\My Documents\.DS_Store
[2009/10/28 10:46:39 | 00,000,000 | ---- | C] () -- C:\windows\VPC32.INI
[2009/10/28 10:35:35 | 00,004,204 | RHS- | C] () -- C:\Documents and Settings\mcampbell\ntuser.pol
[2009/10/28 10:35:34 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\mcampbell\Application Data\desktop.ini
[2009/10/28 10:35:33 | 03,407,872 | -H-- | C] () -- C:\Documents and Settings\mcampbell\NTUSER.DAT
[2009/10/28 10:35:33 | 03,246,086 | -H-- | C] () -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\IconCache.db
[2009/10/28 10:35:33 | 00,068,848 | ---- | C] () -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/28 10:35:33 | 00,000,278 | -HS- | C] () -- C:\Documents and Settings\mcampbell\ntuser.ini
[2009/10/28 10:35:33 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\mcampbell\Local Settings\Application Data\WavXMapDrive.bat
[2009/10/28 10:21:35 | 00,025,814 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/10/28 10:05:18 | 21,371,16672 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/28 09:31:49 | 01,203,922 | ---- | C] () -- C:\windows\System32\dllcache\sysmain.sdb
[2008/05/28 11:55:01 | 00,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2008/05/18 11:37:13 | 00,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2008/05/18 11:34:51 | 00,000,000 | ---- | C] () -- C:\windows\tosOBEX.INI
[2008/05/18 11:20:56 | 00,000,234 | ---- | C] () -- C:\windows\wininit.ini
[2008/05/18 10:38:31 | 00,910,304 | ---- | C] () -- C:\windows\System32\igmedkrn.dll
[2008/05/18 10:38:31 | 00,204,800 | ---- | C] () -- C:\windows\System32\igfxCoIn_v4831.dll
[2008/05/18 10:37:02 | 00,001,120 | ---- | C] () -- C:\windows\System32\OEMINFO.INI
[2007/07/16 10:58:10 | 00,197,408 | ---- | C] () -- C:\windows\System32\vpnapi.dll
[2007/07/16 10:58:00 | 00,193,312 | ---- | C] () -- C:\windows\System32\CSGina.dll
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/09/02 11:44:08 | 00,110,592 | ---- | C] () -- C:\windows\System32\TosBtAcc.dll
[2005/07/22 18:30:20 | 00,065,536 | ---- | C] () -- C:\windows\System32\TosCommAPI.dll
[2004/08/11 14:24:19 | 00,000,791 | ---- | C] () -- C:\windows\orun32.ini
[2004/08/11 14:14:58 | 00,000,000 | ---- | C] () -- C:\windows\control.ini
[2004/08/11 14:12:00 | 00,000,037 | ---- | C] () -- C:\windows\vbaddin.ini
[2004/08/11 14:12:00 | 00,000,036 | ---- | C] () -- C:\windows\vb.ini
[2004/08/11 14:11:31 | 00,013,223 | ---- | C] () -- C:\windows\System32\tslabels.ini
[2004/08/11 14:11:31 | 00,001,931 | ---- | C] () -- C:\windows\System32\msdtcprf.ini
[2004/08/11 14:11:31 | 00,001,793 | ---- | C] () -- C:\windows\System32\fxsperf.ini
[2004/08/11 14:07:25 | 00,528,020 | ---- | C] () -- C:\windows\System32\PerfStringBackup.INI
[2004/08/11 14:07:24 | 00,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2004/08/11 14:07:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/11 14:00:52 | 00,498,742 | ---- | C] () -- C:\windows\System32\dxmasf.dll
[2004/08/11 14:00:52 | 00,004,126 | ---- | C] () -- C:\windows\System32\msdxmlc.dll
[2004/08/11 14:00:37 | 00,013,312 | ---- | C] () -- C:\windows\System32\win87em.dll
[2004/08/11 14:00:37 | 00,000,731 | ---- | C] () -- C:\windows\win.ini
[2004/08/11 14:00:35 | 00,053,478 | ---- | C] () -- C:\windows\System32\tcpmon.ini
[2004/08/11 14:00:35 | 00,015,360 | ---- | C] () -- C:\windows\System32\tsd32.dll
[2004/08/11 14:00:35 | 00,000,227 | ---- | C] () -- C:\windows\system.ini
[2004/08/11 14:00:30 | 00,270,848 | ---- | C] () -- C:\windows\System32\sbe.dll
[2004/08/11 14:00:30 | 00,010,240 | ---- | C] () -- C:\windows\System32\scriptpw.dll
[2004/08/11 14:00:29 | 01,291,264 | ---- | C] () -- C:\windows\System32\quartz.dll
[2004/08/11 14:00:29 | 00,733,696 | ---- | C] () -- C:\windows\System32\qedwipes.dll
[2004/08/11 14:00:29 | 00,562,176 | ---- | C] () -- C:\windows\System32\qedit.dll
[2004/08/11 14:00:29 | 00,386,048 | ---- | C] () -- C:\windows\System32\qdvd.dll
[2004/08/11 14:00:29 | 00,279,040 | ---- | C] () -- C:\windows\System32\qdv.dll
[2004/08/11 14:00:29 | 00,192,512 | ---- | C] () -- C:\windows\System32\qcap.dll
[2004/08/11 14:00:29 | 00,012,082 | ---- | C] () -- C:\windows\System32\rsvp.ini
[2004/08/11 14:00:29 | 00,003,458 | ---- | C] () -- C:\windows\System32\rasctrs.ini
[2004/08/11 14:00:28 | 00,006,877 | ---- | C] () -- C:\windows\System32\pschdprf.ini
[2004/08/11 14:00:28 | 00,002,891 | ---- | C] () -- C:\windows\System32\perfci.ini
[2004/08/11 14:00:28 | 00,002,732 | ---- | C] () -- C:\windows\System32\perfwci.ini
[2004/08/11 14:00:28 | 00,001,152 | ---- | C] () -- C:\windows\System32\perffilt.ini
[2004/08/11 14:00:28 | 00,000,343 | ---- | C] () -- C:\windows\System32\prodspec.ini
[2004/08/11 14:00:25 | 00,035,648 | ---- | C] () -- C:\windows\System32\ntio411.sys
[2004/08/11 14:00:25 | 00,035,424 | ---- | C] () -- C:\windows\System32\ntio412.sys
[2004/08/11 14:00:25 | 00,034,560 | ---- | C] () -- C:\windows\System32\ntio804.sys
[2004/08/11 14:00:25 | 00,034,560 | ---- | C] () -- C:\windows\System32\ntio404.sys
[2004/08/11 14:00:25 | 00,033,840 | ---- | C] () -- C:\windows\System32\ntio.sys
[2004/08/11 14:00:25 | 00,029,370 | ---- | C] () -- C:\windows\System32\ntdos411.sys
[2004/08/11 14:00:25 | 00,029,274 | ---- | C] () -- C:\windows\System32\ntdos412.sys
[2004/08/11 14:00:25 | 00,029,146 | ---- | C] () -- C:\windows\System32\ntdos804.sys
[2004/08/11 14:00:25 | 00,029,146 | ---- | C] () -- C:\windows\System32\ntdos404.sys
[2004/08/11 14:00:25 | 00,027,866 | ---- | C] () -- C:\windows\System32\ntdos.sys
[2004/08/11 14:00:24 | 00,002,656 | ---- | C] () -- C:\windows\System32\netware.drv
[2004/08/11 14:00:21 | 00,094,282 | ---- | C] () -- C:\windows\System32\msencode.dll
[2004/08/11 14:00:21 | 00,014,336 | ---- | C] () -- C:\windows\System32\msdmo.dll
[2004/08/11 14:00:21 | 00,001,405 | ---- | C] () -- C:\windows\msdfmap.ini
[2004/08/11 14:00:20 | 00,010,110 | ---- | C] () -- C:\windows\System32\mqperf.ini
[2004/08/11 14:00:18 | 00,042,809 | ---- | C] () -- C:\windows\System32\key01.sys
[2004/08/11 14:00:18 | 00,042,537 | ---- | C] () -- C:\windows\System32\keyboard.sys
[2004/08/11 14:00:18 | 00,035,328 | ---- | C] () -- C:\windows\System32\mciqtz32.dll
[2004/08/11 14:00:17 | 00,199,168 | ---- | C] () -- C:\windows\System32\ir32_32.dll
[2004/08/11 14:00:15 | 00,004,768 | ---- | C] () -- C:\windows\System32\himem.sys
[2004/08/11 14:00:13 | 01,015,477 | ---- | C] () -- C:\windows\System32\esentprf.ini
[2004/08/11 14:00:13 | 00,186,880 | ---- | C] () -- C:\windows\System32\encdec.dll
[2004/08/11 14:00:04 | 00,059,904 | ---- | C] () -- C:\windows\System32\devenum.dll
[2004/08/11 14:00:04 | 00,027,097 | ---- | C] () -- C:\windows\System32\country.sys
[2004/08/11 14:00:03 | 00,252,928 | ---- | C] () -- C:\windows\System32\compatui.dll
[2004/08/11 14:00:02 | 00,355,112 | ---- | C] () -- C:\windows\System32\msjetoledb40.dll
[2004/08/11 14:00:01 | 00,070,656 | ---- | C] () -- C:\windows\System32\amstream.dll
[2004/08/11 14:00:01 | 00,009,029 | ---- | C] () -- C:\windows\System32\ansi.sys
[2004/07/20 14:04:02 | 00,094,208 | ---- | C] () -- C:\windows\System32\TosBtHcrpAPI.dll
[2004/04/19 10:11:45 | 00,081,920 | ---- | C] () -- C:\windows\System32\BarracudaAddin.dll
[2004/01/15 11:43:28 | 00,114,688 | ---- | C] () -- C:\windows\System32\TBTMonUI.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
[2001/08/17 19:36:28 | 00,157,696 | ---- | C] () -- C:\windows\System32\paqsp.dll

========== LOP Check ==========

[2008/05/18 11:28:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2008/05/28 13:44:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2004/08/11 14:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2008/05/28 09:46:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2008/05/18 11:01:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Intel
[2009/10/28 10:06:09 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2008/05/18 11:13:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp
[2009/10/30 09:28:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/10/29 09:50:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2009/11/01 13:30:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/10/28 13:44:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/10/28 16:16:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backblaze
[2008/05/18 11:00:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/05/18 11:28:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/11/18 21:03:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWave
[2008/05/28 09:25:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/05/18 11:20:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2008/05/18 11:01:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/11/17 10:54:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/10/28 13:23:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/04 16:17:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/11/02 16:17:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2008/05/28 11:54:07 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/05/28 09:28:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2004/08/11 14:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/05/18 11:20:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009/11/24 18:39:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/11/16 19:14:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/10/28 13:12:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2008/05/28 09:20:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2009/10/28 13:52:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/10/28 13:45:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/05/18 11:28:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\backup\Application Data\Adobe
[2004/08/11 14:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\backup\Application Data\Identities
[2008/05/18 11:20:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\backup\Application Data\InstallShield
[2008/05/18 11:01:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\backup\Application Data\Intel
[2008/05/18 10:59:48 | 00,000,000 | --SD | M] -- C:\Documents and Settings\backup\Application Data\Microsoft
[2008/05/18 11:13:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\backup\Application Data\Wave Systems Corp
[2009/10/28 15:30:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chrisq\Application Data\Adobe
[2009/10/28 13:44:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chrisq\Application Data\Apple Computer
[2004/08/11 14:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chrisq\Application Data\Identities
[2008/05/18 11:20:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chrisq\Application Data\InstallShield
[2008/05/18 11:01:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chrisq\Application Data\Intel
[2009/10/28 13:23:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chrisq\Application Data\Malwarebytes
[2009/10/28 13:25:07 | 00,000,000 | --SD | M] -- C:\Documents and Settings\chrisq\Application Data\Microsoft
[2009/10/28 13:24:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chrisq\Application Data\Mozilla
[2008/05/18 11:13:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\chrisq\Application Data\Wave Systems Corp
[2008/05/18 11:28:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Adobe
[2004/08/11 14:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Identities
[2008/05/18 11:20:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InstallShield
[2008/05/18 11:01:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Intel
[2008/05/18 10:59:48 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
[2008/05/18 11:13:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Wave Systems Corp
[2008/05/18 11:28:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jpadmin\Application Data\Adobe
[2008/05/28 09:12:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jpadmin\Application Data\Dell
[2004/08/11 14:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jpadmin\Application Data\Identities
[2008/05/18 11:20:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jpadmin\Application Data\InstallShield
[2008/05/18 11:01:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jpadmin\Application Data\Intel
[2008/05/28 09:12:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\jpadmin\Application Data\Microsoft
[2008/05/18 11:13:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jpadmin\Application Data\Wave Systems Corp
[2008/05/18 11:01:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2009/11/17 10:17:00 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/18 16:11:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\Adobe
[2009/11/06 10:27:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\Apple Computer
[2009/11/17 10:13:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\AVG8
[2009/10/30 17:55:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\Design Science
[2009/11/02 16:24:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\Download Manager
[2009/11/20 15:39:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\FileZilla
[2009/11/06 10:25:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\FreeVideoConverter
[2004/08/11 14:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\Identities
[2008/05/18 11:20:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\InstallShield
[2008/05/18 11:01:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\Intel
[2009/11/17 13:35:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\Longfine Software
[2009/10/28 16:15:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\Macromedia
[2009/11/10 08:54:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\Malwarebytes
[2009/11/06 10:13:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\mcampbell\Application Data\Microsoft
[2009/10/28 13:36:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\Mozilla
[2009/11/17 13:44:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\PixelMetrics
[2009/10/29 10:35:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\Sun
[2009/11/16 19:14:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\SUPERAntiSpyware.com
[2009/11/11 13:37:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\vlc
[2008/05/18 11:13:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\Wave Systems Corp
[2009/11/13 13:25:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mcampbell\Application Data\WinRAR
[2008/05/18 11:01:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2009/11/17 10:17:00 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/28 11:17:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\.purple
[2009/10/28 11:17:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Ableton
[2009/10/28 11:17:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Adobe
[2009/10/28 11:16:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Apple Computer
[2009/10/28 11:14:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\BitTorrent
[2009/10/28 11:14:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Command & Conquer 3 Tiberium Wars
[2009/10/28 11:14:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\CyberLink
[2009/10/28 11:14:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Design Science
[2009/10/28 11:14:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\DNA
[2009/10/28 11:14:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Elluminate
[2009/10/28 11:14:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\FileZilla
[2009/10/28 11:14:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\GetRightToGo
[2009/10/28 11:14:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Google
[2009/10/28 11:14:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\gtk-2.0
[2009/10/28 11:14:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\HandBrake
[2009/10/28 11:14:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Help
[2009/10/28 11:14:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\HotSync
[2009/10/28 11:14:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Identities
[2009/10/28 11:14:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\InstallShield
[2009/10/28 11:14:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Intel
[2009/10/28 11:14:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Intuit
[2009/10/28 11:14:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\iPhoneRingToneMaker
[2009/10/28 11:14:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Leadertech
[2009/10/28 11:14:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Macromedia
[2009/10/28 11:13:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Malwarebytes
[2009/10/28 11:13:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Media Player Classic
[2009/10/28 11:13:59 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Microsoft
[2009/10/28 11:13:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\mIRC
[2009/10/28 11:13:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Mozilla
[2009/10/28 11:13:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\MySQL
[2009/10/28 11:13:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\NewsLeecher
[2009/10/28 11:13:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Opera
[2009/10/28 11:13:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Palo Alto Software
[2009/10/28 11:13:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\PKWARE
[2009/10/28 11:13:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Propellerhead Software
[2009/10/28 11:13:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Real
[2009/10/28 11:13:14 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\SecuROM
[2009/10/28 11:13:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\skypePM
[2009/10/28 11:13:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Sonic
[2009/10/28 11:13:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Steinberg
[2009/10/28 11:13:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\StumbleUpon
[2009/10/28 11:12:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Sun
[2009/10/28 11:12:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\SUPERAntiSpyware.com
[2009/10/28 11:12:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\TeamViewer
[2009/10/28 11:12:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Thunderbird
[2009/10/28 11:12:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\U3
[2009/10/28 11:12:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\VMware
[2009/10/28 11:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\WinFF
[2009/10/28 11:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\WinRAR
[2009/10/28 11:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Old mcampbell Profile\Application Data\Yahoo!
[2009/11/11 16:14:08 | 00,000,284 | ---- | M] () -- C:\windows\Tasks\AppleSoftwareUpdate.job
[2009/11/11 12:01:15 | 00,000,846 | ---- | M] () -- C:\windows\Tasks\backup.job
[2004/08/04 02:00:00 | 00,000,065 | RH-- | M] () -- C:\windows\Tasks\desktop.ini
[2009/11/16 13:32:03 | 00,000,942 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321466456-79445294-927750060-8024Core.job
[2009/11/25 09:32:02 | 00,000,994 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321466456-79445294-927750060-8024UA.job
[2009/11/25 08:44:53 | 00,000,006 | -H-- | M] () -- C:\windows\Tasks\SA.DAT
[2009/11/25 10:15:00 | 00,000,424 | -H-- | M] () -- C:\windows\Tasks\User_Feed_Synchronization-{A7A5D478-78DE-44BA-9677-61CE98018850}.job

========== Purity Check ==========


< End of report >














By the way, with this virus do I need to worry about any passwords I passed through my browser to various sites?



Combo Fix report below:





ComboFix 09-11-24.02 - mcampbell 11/25/2009 8:36.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1379 [GMT -8:00]
Running from: c:\documents and settings\mcampbell\My Documents\Downloads\Antivirus\ComboFix.exe
Command switches used :: c:\documents and settings\mcampbell\My Documents\Downloads\Antivirus\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2009-10-25 to 2009-11-25 )))))))))))))))))))))))))))))))
.

2009-11-25 04:43 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\dllcache\eventlog.dll
2009-11-25 04:43 . 2008-04-14 00:11 56320 ------w- c:\windows\system32\eventlog.dll
2009-11-25 02:44 . 2009-11-25 02:44 -------- d--h--w- c:\windows\PIF
2009-11-19 05:03 . 2009-11-19 05:03 -------- d-----w- c:\documents and settings\All Users\Application Data\GoldWave
2009-11-19 05:03 . 2009-09-26 17:00 496640 ----a-w- c:\documents and settings\All Users\Application Data\GoldWave\lame_enc.dll
2009-11-19 04:33 . 2009-11-19 04:33 -------- d-----w- c:\program files\GoldWave
2009-11-18 18:20 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-11-17 21:44 . 2009-11-17 21:44 -------- d-----w- c:\documents and settings\mcampbell\Application Data\PixelMetrics
2009-11-17 21:44 . 2009-11-17 21:44 -------- d-----w- c:\program files\Windows Media Adapter v615
2009-11-17 21:44 . 2009-11-17 21:44 -------- d-----w- C:\PixelMetrics Logs
2009-11-17 21:44 . 2009-11-17 21:44 -------- d-----w- c:\program files\CaptureWiz
2009-11-17 21:35 . 2009-11-17 21:35 -------- d-----w- c:\documents and settings\mcampbell\Application Data\Longfine Software
2009-11-17 21:26 . 2009-11-17 21:34 -------- d-----w- c:\program files\ScreenPrint32 v3
2009-11-17 21:26 . 2009-11-17 21:26 249856 ------w- c:\windows\Setup1.exe
2009-11-17 21:26 . 2009-11-17 21:26 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-17 18:54 . 2009-11-17 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-11-17 18:34 . 2009-11-25 02:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 18:34 . 2009-11-25 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-17 18:13 . 2009-11-17 18:13 -------- d-----w- c:\documents and settings\mcampbell\Application Data\AVG8
2009-11-17 05:57 . 2009-11-17 06:10 -------- d-----w- C:\HaxFix
2009-11-17 03:14 . 2009-11-17 06:10 117760 ----a-w- c:\documents and settings\mcampbell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-17 03:14 . 2009-11-17 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-17 03:14 . 2009-11-17 03:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-17 03:14 . 2009-11-17 03:14 -------- d-----w- c:\documents and settings\mcampbell\Application Data\SUPERAntiSpyware.com
2009-11-17 03:14 . 2009-11-17 03:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-17 03:09 . 2009-11-17 03:09 -------- d-----w- c:\program files\Panda Security
2009-11-17 00:25 . 2009-11-17 00:25 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-11 20:21 . 2009-11-16 18:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-10 16:54 . 2009-11-10 16:54 -------- d-----w- c:\documents and settings\mcampbell\Application Data\Malwarebytes
2009-11-06 18:25 . 2009-01-22 22:28 290816 ----a-w- c:\windows\system32\decdll.dll
2009-11-06 18:25 . 2009-11-06 18:26 -------- d-----w- c:\program files\Free Video Converter
2009-11-06 18:25 . 2009-11-06 18:25 -------- d-----w- c:\documents and settings\mcampbell\Application Data\FreeVideoConverter
2009-11-06 18:11 . 2009-11-06 18:11 -------- d-----w- c:\windows\system32\windows media
2009-11-06 18:11 . 2009-11-06 18:11 -------- d--h--w- c:\windows\msdownld.tmp
2009-11-06 18:10 . 2009-11-06 18:10 -------- d-----w- c:\program files\Windows Media Components
2009-11-05 17:42 . 2009-11-16 23:37 70444 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-05 00:17 . 2009-11-05 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-04 17:35 . 2009-11-04 17:35 -------- d-----w- c:\program files\Design Science
2009-11-04 05:06 . 2009-11-04 05:06 -------- d-----w- c:\program files\SetFileDate
2009-11-03 19:57 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-03 19:57 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-03 19:57 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-03 19:57 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-11-03 00:17 . 2009-11-03 00:17 -------- d-----w- c:\program files\McAfee Security Scan
2009-11-03 00:17 . 2009-11-03 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-11-01 21:57 . 2009-11-01 21:57 -------- d-----w- c:\program files\iPod
2009-11-01 21:57 . 2009-11-01 21:58 -------- d-----w- c:\program files\iTunes
2009-11-01 21:44 . 2009-11-01 21:44 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-01 19:39 . 2009-11-01 19:39 -------- d-----w- c:\documents and settings\mcampbell\Local Settings\Application Data\Apple
2009-11-01 17:28 . 2009-11-06 18:27 -------- d-----w- c:\documents and settings\mcampbell\Application Data\Apple Computer
2009-10-31 19:46 . 2009-10-31 19:46 -------- d-----w- c:\program files\MSXML 4.0
2009-10-31 18:30 . 2009-11-11 21:37 -------- d-----w- c:\documents and settings\mcampbell\Application Data\vlc
2009-10-31 01:55 . 2009-10-31 01:55 -------- d-----w- c:\documents and settings\mcampbell\Application Data\Design Science
2009-10-30 21:04 . 2009-10-30 21:05 -------- d-----w- c:\program files\MathType
2009-10-29 18:35 . 2009-11-03 00:24 -------- d-----w- c:\documents and settings\mcampbell\Application Data\Download Manager
2009-10-29 18:35 . 2009-10-29 18:35 -------- d-----w- c:\windows\Sun
2009-10-29 18:15 . 2009-11-20 23:39 -------- d-----w- c:\documents and settings\mcampbell\Application Data\FileZilla
2009-10-29 18:13 . 2009-10-29 18:13 -------- d-----w- c:\program files\FileZilla FTP Client
2009-10-29 17:54 . 2004-08-17 00:40 16384 ----a-w- c:\windows\system32\FileOps.exe
2009-10-29 17:54 . 2009-10-29 17:54 -------- d-----w- c:\windows\system32\Adobe
2009-10-29 17:50 . 2009-10-29 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-10-29 17:47 . 2009-10-29 17:47 82432 ----a-w- c:\windows\system32\msxml4r.dll
2009-10-29 16:58 . 2009-10-31 23:42 -------- d-----w- C:\Save
2009-10-29 00:20 . 2009-11-16 22:32 -------- d-----w- c:\documents and settings\mcampbell\Local Settings\Application Data\Temp
2009-10-29 00:20 . 2009-10-29 00:20 -------- d-----w- c:\documents and settings\mcampbell\Local Settings\Application Data\Deployment
2009-10-29 00:16 . 2009-10-29 00:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-29 00:16 . 2009-10-29 00:16 -------- d-----w- C:\.bzvol
2009-10-29 00:16 . 2009-10-29 00:16 -------- d-----w- c:\program files\Backblaze
2009-10-29 00:16 . 2009-10-29 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Backblaze
2009-10-29 00:10 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-10-29 00:10 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2009-10-29 00:10 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-10-29 00:10 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-10-29 00:09 . 2009-10-29 00:09 -------- d-sh--w- c:\documents and settings\mcampbell\PrivacIE
2009-10-29 00:08 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-10-29 00:08 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-10-28 23:46 . 2009-11-11 20:01 -------- d-----w- c:\windows\system32\NtmsData
2009-10-28 23:43 . 2009-10-28 23:43 -------- d-sh--w- c:\documents and settings\mcampbell\IETldCache
2009-10-28 23:39 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-28 23:31 . 2009-10-28 23:31 -------- d-----w- c:\windows\ie8updates
2009-10-28 23:31 . 2009-08-29 08:08 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-28 23:31 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-28 23:31 . 2009-08-29 08:08 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-28 23:31 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-28 23:31 . 2009-08-29 08:08 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-28 23:30 . 2009-10-28 23:30 -------- d-sh--w- c:\documents and settings\chrisq\IECompatCache
2009-10-28 23:29 . 2009-10-28 23:29 -------- d-sh--w- c:\documents and settings\chrisq\PrivacIE
2009-10-28 23:28 . 2009-10-28 23:28 -------- d-sh--w- c:\documents and settings\chrisq\IETldCache
2009-10-28 23:14 . 2009-10-28 23:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-10-28 23:13 . 2009-10-28 23:14 -------- dc-h--w- c:\windows\ie8
2009-10-28 22:51 . 2009-10-28 22:51 -------- d-sh--w- c:\documents and settings\chrisq\UserData
2009-10-28 22:36 . 2009-10-28 22:36 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-28 22:36 . 2009-10-28 22:36 -------- d-----w- c:\program files\MSBuild
2009-10-28 22:35 . 2009-10-28 22:35 -------- d-----w- c:\program files\Reference Assemblies
2009-10-28 22:35 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-28 22:35 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-28 22:35 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-28 22:35 . 2009-10-28 22:35 -------- d-----w- C:\f59fe0d474751aa62eb1c9774a75
2009-10-28 22:35 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-28 22:35 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-28 22:35 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-28 22:35 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-28 22:30 . 2009-10-28 22:30 -------- d-----w- c:\program files\Dell_HostCD
2009-10-28 22:30 . 2004-01-23 16:57 311296 ----a-w- c:\windows\system32\lexlog.dll
2009-10-28 22:01 . 2009-10-28 22:01 -------- d-----w- c:\windows\system32\scripting
2009-10-28 22:01 . 2009-10-28 22:01 -------- d-----w- c:\windows\l2schemas
2009-10-28 22:01 . 2009-10-28 22:01 -------- d-----w- c:\windows\system32\en
2009-10-28 22:01 . 2009-10-28 22:01 -------- d-----w- c:\windows\system32\bits
2009-10-28 21:44 . 2009-10-28 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-28 21:44 . 2009-10-28 21:44 -------- d-----w- c:\documents and settings\chrisq\Application Data\Apple Computer
2009-10-28 21:44 . 2009-10-28 21:44 -------- d-----w- c:\program files\Bonjour
2009-10-28 21:43 . 2009-10-28 21:44 -------- d-----w- c:\program files\QuickTime
2009-10-28 21:42 . 2009-10-28 21:42 -------- d-----w- c:\program files\Apple Software Update
2009-10-28 21:42 . 2009-10-28 21:42 -------- d-----w- c:\documents and settings\chrisq\Local Settings\Application Data\Apple
2009-10-28 21:42 . 2009-08-29 02:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-10-28 21:42 . 2009-08-29 02:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-10-28 21:33 . 2009-10-28 21:33 -------- d-----w- c:\documents and settings\mcampbell\Local Settings\Application Data\Mozilla
2009-10-28 21:24 . 2009-10-28 21:24 0 ----a-w- c:\windows\nsreg.dat
2009-10-28 21:24 . 2009-10-28 21:24 -------- d-----w- c:\documents and settings\chrisq\Local Settings\Application Data\Mozilla
2009-10-28 21:24 . 2009-11-17 17:45 -------- d-----w- c:\program files\IrfanView
2009-10-28 21:23 . 2009-10-28 21:23 -------- d-----w- c:\documents and settings\chrisq\Application Data\Malwarebytes
2009-10-28 21:23 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 21:23 . 2009-10-28 21:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 21:23 . 2009-10-28 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-28 21:23 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-12 18:46 . 2008-05-18 19:30 84344 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 09:00 . 2009-11-16 22:22 84912 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\NAVENG.SYS
2009-11-11 09:00 . 2009-11-16 22:22 259440 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\ECMSVR32.DLL
2009-11-11 09:00 . 2009-11-16 22:22 177520 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\NAVENG32.DLL
2009-11-11 09:00 . 2009-11-16 22:22 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\NAVEX32A.DLL
2009-11-11 09:00 . 2009-11-16 22:22 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\NAVEX15.SYS
2009-11-11 09:00 . 2009-11-16 22:22 84912 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\NAVENG.SYS
2009-11-11 09:00 . 2009-11-16 22:22 259440 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\ECMSVR32.DLL
2009-11-11 09:00 . 2009-11-16 22:22 177520 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\NAVENG32.DLL
2009-11-11 09:00 . 2009-11-16 22:22 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\NAVEX32A.DLL
2009-11-11 09:00 . 2009-11-16 22:22 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\NAVEX15.SYS
2009-11-03 00:35 . 2008-05-18 19:26 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-01 21:57 . 2008-05-28 21:43 -------- d-----w- c:\program files\Common Files\Apple
2009-11-01 21:30 . 2008-05-28 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-29 17:49 . 2009-10-29 17:49 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-10-29 17:45 . 2008-05-18 18:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-29 15:46 . 2008-05-18 19:28 -------- d-----w- c:\program files\Google
2009-10-29 00:09 . 2009-10-29 00:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-10-29 00:09 . 2009-10-29 00:09 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-10-28 22:03 . 2004-08-11 22:14 88319 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-28 21:44 . 2008-05-28 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-10-14 00:06 . 2009-11-16 22:22 371248 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\EECTRL.SYS
2009-10-14 00:06 . 2009-11-16 22:22 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\CCERASER.DLL
2009-10-14 00:06 . 2009-11-16 22:22 102448 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee018.vdb\ERASER.SYS
2009-10-14 00:06 . 2009-11-16 22:22 371248 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\EECTRL.SYS
2009-10-14 00:06 . 2009-11-16 22:22 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\CCERASER.DLL
2009-10-14 00:06 . 2009-11-16 22:22 102448 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ee020.vdb\ERASER.SYS
2009-10-08 21:57 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 21:57 . 2004-08-11 22:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:56 . 2004-08-11 22:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-09-25 05:37 . 2009-09-25 05:37 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2004-08-11 22:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-11 22:00 916480 ------w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-17_05.38.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-11 22:00 . 2009-11-25 06:13 72978 c:\windows\system32\perfc009.dat
- 2004-08-11 22:00 . 2009-11-17 05:18 72978 c:\windows\system32\perfc009.dat
+ 2004-08-04 03:59 . 2008-04-13 18:40 96512 c:\windows\system32\dllcache\atapi.sys
+ 2008-05-28 16:33 . 2009-11-25 05:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-05-28 16:33 . 2009-11-17 05:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-11-17 00:25 . 2009-11-17 05:14 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-11-17 00:25 . 2009-11-25 05:06 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2008-05-28 16:33 . 2009-11-25 05:06 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-05-28 16:33 . 2009-11-17 05:14 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2000-07-15 08:00 . 2000-07-15 08:00 101888 c:\windows\system32\VB6STKIT.DLL
- 2004-08-11 22:00 . 2009-11-17 05:18 445938 c:\windows\system32\perfh009.dat
+ 2004-08-11 22:00 . 2009-11-25 06:13 445938 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Backblaze"="c:\program files\Backblaze\bzbui.exe" [2009-10-29 416768]
"Google Update"="c:\documents and settings\mcampbell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-29 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-25 53408]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-10-09 100888]

c:\documents and settings\mcampbell\Start Menu\Programs\Startup\
CaptureWiz.lnk - c:\program files\CaptureWiz\Pro\CaptureWiz.exe [2009-11-17 3086528]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-5-28 113664]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"PromptRunasInstallNetPath"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk
backup=c:\windows\pss\SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [11/18/2009 10:20 AM 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 10:44 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 10:44 AM 74480]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 11:21 AM 79432]
R2 bzserv;Backblaze Service;c:\program files\Backblaze\bzserv.exe [10/28/2009 4:16 PM 217600]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/15/2006 12:40 AM 115952]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 9:32 AM 97536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [10/28/2009 1:40 PM 102448]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 10:44 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-11-11 c:\windows\Tasks\backup.job
- c:\windows\system32\ntbackup.exe [2004-08-11 00:12]

2009-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321466456-79445294-927750060-8024Core.job
- c:\documents and settings\mcampbell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-29 00:20]

2009-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321466456-79445294-927750060-8024UA.job
- c:\documents and settings\mcampbell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-29 00:20]

2009-11-25 c:\windows\Tasks\User_Feed_Synchronization-{A7A5D478-78DE-44BA-9677-61CE98018850}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\mcampbell\Application Data\Mozilla\Firefox\Profiles\x43l60y3.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\documents and settings\mcampbell\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1780)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(1836)
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2009-11-25 08:44
ComboFix-quarantined-files.txt 2009-11-25 16:43
ComboFix2.txt 2009-11-25 04:57
ComboFix3.txt 2009-11-25 03:17
ComboFix4.txt 2009-11-17 18:08
ComboFix5.txt 2009-11-25 16:35

Pre-Run: 272,959,393,792 bytes free
Post-Run: 272,921,784,320 bytes free

- - End Of File - - D3BDF86B493A463DE3D510E6E8BCFE48

#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 25 November 2009 - 02:12 PM

Hi,

Not a backdoor infection. You got lucky! :(

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\BitTorrent\bittorrent.exe"=-
    
    :Commands
    [CREATERESTOREPOINT]
    [resethosts]
    [emptytemp]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
Thanks,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 michaelpc

michaelpc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 25 November 2009 - 02:33 PM

Thank you again..


Report below:

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (64424509440)
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: backup
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: chrisq
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3238683 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: jpadmin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: mcampbell
->Temp folder emptied: 66 bytes
->Temporary Internet Files folder emptied: 18469607 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 93525377 bytes
->Google Chrome cache emptied: 97782505 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Old mcampbell Profile
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 55937129 bytes
->Java cache emptied: 28986116 bytes
->FireFox cache emptied: 108088155 bytes
->Apple Safari cache emptied: 29837610 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 439 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 773942 bytes

Total Files Cleaned = 416.46 mb


OTL by OldTimer - Version 3.1.10.1 log created on 11252009_112956

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 25 November 2009 - 04:57 PM

Your most welcome. :(

Congratulations! You now appear clean!

**********

Please pay particularly close attention to the instructions that follow. To neglect these steps risk needless reinfection!!

**********

Are things running okay? Do you have any more questions?

**********

Uninstall Combofix
  • Press the Windows Key + R on your keyboard.
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    <Notice the space between the "x" and "/".>

    Posted Image

  • The following will implement some very important cleanup procedures as well as reset System Restore points.
**********

Run OTL again

We will now remove the tools we used during this fix using OTL.
  • Double click the OTL icon to start the program.
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
**********

Recommendations


Below are some recommendations to lower your chances of (re)infection.

  • Install an Anti-Spyware program, and update it regularly
    Malwarebytes' Anti-Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.

    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.

  • Prevention article : To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.


    Windows XP
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

  • Keep your other software up to date as well. Software does not need to be made by Microsoft to be insecure. Download Secunia Software Inspector to keep all your software up to date.

  • Consider Firefox as your primary browser. Its safer, fast and secure!

  • Install WOT. Never inadvertently surf to a dangerous website again.

  • Consider running your browser Sandboxed with Sandboxie. You decide what actually get's into your OS!!

  • Install NoScript. Pre-emptively blocks malicious scripts and allows JavaScript, Java and other potentially dangerous content only from sites you trust.

  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.
**********

System Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

**********

Good luck & safe surfing,
Kind Regards,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users