Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Google Redirect - maybe something else?


  • This topic is locked This topic is locked
20 replies to this topic

#1 tribefanOH

tribefanOH

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 09 December 2009 - 03:35 PM

Hi, all. Thanks in advance for your help.

I've been manually removing viruses for years, just through the help of Google searches, etc., and I've always been able to get rid of them. This is the first virus I've encountered on this computer, and it's a doozy.

About 2 or 3 weeks ago, I got the dreaded "Google Redirect Virus". Needless to say, after about 13 hours or so of working to try to remove it, I think I have it MOSTLY gone. However, every 2 or 3 days, I'll get redirected to a page, just once, and my TrendMicro Internet Security Pro keeps my browser from going there. I'll hit back, just once, and when I click on the result again, it's fine. It remains fine for another 2 or 3 days. So, everything is running MUCH better than what it was shortly after getting the virus. But, I just want to be rid of it, once and for all.

Today, a very odd thing happened. I tried going to the weather channel website by typing in the url into the address bar in Firefox. I got redirected to a site whose URL I did not recognize (which was blocked by TM). I googled the URL, and it turns out it was a porn site. I'd had redirects from google results after getting this virus, but never got redirected when typing the URL directly into the address bar until today. So, needless to say, it kind of freaked me out. :(

A brief summary of what I've done to get it running how it is now (which again, is pretty smooth, but still get the redirects now and then):
- Ran TM scan several times (always clean results)(
- Ran MalwareBytes several times (found 2 trojans once, removed them, has been clean since)
- Ran ComboFix once (after running CF, it's been running like it is now ever since...pretty smooth, redirect every couple days or so)

But, after today's redirect, coupled with a google redirect yesterday, I thought I'd admit defeat and just come post here for some much needed help. :(

As a starting point, here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:09 PM, on 12/9/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\(I removed the name from here because I'm perhaps overly cautious)\Program Files\DNA\btdna.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\(I removed the name from here because I'm perhaps overly cautious)\Program Files\DNA\btdna.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9124 bytes

Any help is GREATLY appreciated!

Thanks!

Edited by tribefanOH, 09 December 2009 - 03:36 PM.


BC AdBot (Login to Remove)

 


#2 tribefanOH

tribefanOH
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 16 December 2009 - 08:29 AM

I hate to bring it back up, because I know it says you guys work on a first come, first serve kind of basis. I only bring it back up because yesterday I encountered another "new" redirect that I hadn't yet seen, and the whole thing is just starting to freak me out a bit. :( I was redirected to "lowpriceshopper.com". After going back to google just once and clicking the link again, I was taken to the actual site.

I'm really having trouble getting this thing off of here. I think it's MOSTLY gone, but there are still some traces. But, it's just another random occurance of the redirect that has me concerned. Please, please help! I've tried everything I can think of...

And again, I know you guys are very busy, and I really appreciate the help. I'm just at my wits' end with this thing.

Here is a fresh HJT log from today:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:09 PM, on 12/9/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\(removed my name because I'm overly cautious)\Program Files\DNA\btdna.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\(removed my name because I'm overly cautious)\Program Files\DNA\btdna.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9124 bytes

Edited by tribefanOH, 16 December 2009 - 08:34 AM.


#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:01 PM

Posted 16 December 2009 - 06:00 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT




  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.


=============

The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 tribefanOH

tribefanOH
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 16 December 2009 - 08:14 PM

Ok, I've run all the scans that have been requested. Also, I'm (perhaps overly) cautious when it comes to putting things online, so on my OTL reports, I put (name removed) wherever my first name was in the report. I didn't figure that was necessary information for something like this, probably. :( I should maybe also mention that after running gmer, as I was replying here, the computer locked up. When I opened the task manager, I just got a black screen and had to do a hard reboot.

Here are the OTL reports, starting with OTL.Txt:
OTL logfile created on: 12/16/2009 7:51:42 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\(Name Removed)\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 57.65% Memory free
3.98 Gb Paging File | 3.13 Gb Available in Paging File | 78.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.95 Gb Total Space | 63.00 Gb Free Space | 45.34% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.35 Gb Free Space | 53.46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: (name removed)
Current User Name: (removed)
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/16 19:45:38 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\(name removed)\Desktop\OTL.exe
PRC - [2009/11/13 08:53:20 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\(name removed)\Program Files\DNA\btdna.exe
PRC - [2009/11/06 10:52:28 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/27 04:30:02 | 00,083,280 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
PRC - [2009/06/05 12:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/02/03 23:58:34 | 00,729,088 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/03 09:30:51 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/11/01 15:11:25 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/03 08:43:28 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2008/07/03 08:43:26 | 03,563,520 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2008/07/03 08:42:08 | 02,654,208 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
PRC - [2008/06/24 00:42:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2008/03/27 08:27:34 | 01,029,416 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/03/27 08:27:34 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/02/22 17:01:38 | 01,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/04/24 07:31:14 | 00,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/04/24 07:31:10 | 00,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2006/11/03 18:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/10/22 23:24:02 | 00,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2006/10/11 16:48:50 | 00,532,480 | ---- | M] ( ) -- C:\Windows\System32\dlcxcoms.exe


========== Modules (SafeList) ==========

MOD - [2009/12/16 19:45:38 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\(name removed)\Desktop\OTL.exe
MOD - [2008/01/20 21:33:14 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/25 10:52:20 | 00,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2009/11/25 10:52:20 | 00,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/11/25 10:52:20 | 00,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/11/25 10:52:19 | 00,715,368 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/08/07 09:31:40 | 00,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/01 08:58:27 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/03 23:58:34 | 00,729,088 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/03 09:30:51 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/03 08:14:05 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/07/03 08:43:28 | 00,024,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2008/06/24 00:42:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2008/01/20 21:33:00 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/24 07:31:10 | 00,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2006/10/11 16:48:50 | 00,532,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)
SRV - [2005/04/04 18:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2190242007-3043411645-2820999077-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
IE - HKU\S-1-5-21-2190242007-3043411645-2820999077-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2190242007-3043411645-2820999077-1002\S-1-5-21-2190242007-3043411645-2820999077-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2190242007-3043411645-2820999077-1002\S-1-5-21-2190242007-3043411645-2820999077-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.espn.com"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:4.2
FF - prefs.js..extensions.enabledItems: {854F5AE6-D854-4F51-B10D-100ED07AFE71}:1.9.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.0.20090922023629
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 10:52:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/06 10:52:35 | 00,000,000 | ---D | M]

[2009/02/13 16:09:06 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Mozilla\Extensions
[2009/02/13 16:09:06 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2009/12/16 09:03:35 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\y2vyo0k2.default\extensions
[2009/11/27 03:12:03 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\(name removed)\AppData\Roaming\Mozilla\Firefox\Profiles\y2vyo0k2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/11 15:16:48 | 00,000,000 | ---D | M] (No name found) -- C:\Users\(name removed)\AppData\Roaming\Mozilla\Firefox\Profiles\y2vyo0k2.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2009/04/14 11:48:55 | 00,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\y2vyo0k2.default\extensions\moveplayer@movenetworks.com
[2009/03/30 22:14:32 | 00,000,682 | ---- | M] () -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\y2vyo0k2.default\searchplugins\ask.xml
[2009/11/25 20:47:10 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 19:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/08/05 13:20:29 | 00,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nphssb.dll
[2009/08/31 22:56:02 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O3 - HKU\S-1-5-21-2190242007-3043411645-2820999077-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2190242007-3043411645-2820999077-1002\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2190242007-3043411645-2820999077-1002..\Run: [BitTorrent DNA] C:\Users\Brandon\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2190242007-3043411645-2820999077-1002..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2190242007-3043411645-2820999077-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2190242007-3043411645-2820999077-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2190242007-3043411645-2820999077-1002_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 21:46:39 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/16 19:45:29 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Users\(name removed)\Desktop\OTL.exe
[2008/10/31 15:41:23 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2008/10/31 15:41:23 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll
[2008/10/31 15:41:22 | 00,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2008/10/31 15:41:22 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2008/10/31 15:41:21 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2008/10/31 15:41:21 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2008/10/31 15:41:20 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2008/10/31 15:41:20 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2008/10/31 15:41:20 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2008/10/31 15:41:18 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[2008/10/31 15:41:16 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2008/10/31 15:41:16 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll

========== Files - Modified Within 14 Days ==========

[2009/12/16 19:51:32 | 03,145,728 | -HS- | M] () -- C:\Users\Brandon\ntuser.dat
[2009/12/16 19:46:40 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/16 19:46:40 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/16 19:46:40 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/16 19:45:38 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\(name removed)\Desktop\OTL.exe
[2009/12/16 19:40:15 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/16 19:40:15 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/16 19:40:12 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/16 19:40:08 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/16 19:40:04 | 20,112,17920 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/16 17:10:04 | 00,524,288 | -HS- | M] () -- C:\Users\(name removed)\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2009/12/16 17:10:04 | 00,065,536 | -HS- | M] () -- C:\Users\(name removed)\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2009/12/16 17:09:41 | 03,493,634 | -H-- | M] () -- C:\Users\(name removed)\AppData\Local\IconCache.db
[2009/12/15 15:23:50 | 00,008,358 | ---- | M] () -- C:\Users\(name removed)\AppData\Roaming\wklnhst.dat
[2009/12/09 15:22:25 | 00,001,876 | ---- | M] () -- C:\Users\(name removed)\Desktop\HijackThis.lnk
[2009/12/09 14:28:04 | 00,000,000 | ---- | M] () -- C:\Users\(name removed)\Desktop\settings.dat

========== Files Created - No Company Name ==========

[2009/12/09 15:22:25 | 00,001,876 | ---- | C] () -- C:\Users\(name removed)\Desktop\HijackThis.lnk
[2009/12/09 14:28:04 | 00,000,000 | ---- | C] () -- C:\Users\(name removed)\Desktop\settings.dat
[2009/11/25 09:26:56 | 00,000,120 | ---- | C] () -- C:\Users\(name removed)\AppData\Local\Oqaqafekuteg.dat
[2009/11/25 09:26:56 | 00,000,000 | ---- | C] () -- C:\Users\(name removed)\AppData\Local\Lqexadevipejided.bin
[2009/10/02 08:05:36 | 00,000,254 | ---- | C] () -- C:\Users\(name removed)\AppData\Local\AutobahnAcceleratorInstall.txt
[2009/02/04 00:00:07 | 00,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2008/12/22 18:53:37 | 00,000,680 | ---- | C] () -- C:\Users\(name removed)\AppData\Local\d3d9caps.dat
[2008/11/10 10:16:21 | 00,019,968 | ---- | C] () -- C:\Users\(name removed)\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/03 15:25:07 | 00,008,358 | ---- | C] () -- C:\Users\(name removed)\AppData\Roaming\wklnhst.dat
[2008/10/31 15:47:27 | 00,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2008/10/31 15:42:42 | 00,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2008/10/31 15:42:41 | 00,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2008/10/31 15:41:23 | 00,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2008/10/31 15:41:22 | 00,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2008/10/31 15:41:19 | 00,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2008/10/31 15:41:19 | 00,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2008/10/31 15:41:19 | 00,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2008/10/31 15:41:19 | 00,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2008/10/31 15:41:18 | 00,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2008/10/31 15:41:17 | 00,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2008/10/31 15:41:17 | 00,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2008/10/31 15:41:17 | 00,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2008/10/31 15:41:14 | 00,073,728 | ---- | C] () -- C:\Windows\System32\DLCXcfg.dll
[2008/10/31 13:16:48 | 00,000,052 | ---- | C] () -- C:\Windows\intuprof.ini
[2008/10/31 13:16:44 | 00,000,665 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2008/10/21 00:03:16 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/10/21 00:03:14 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/10/21 00:03:08 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/10/20 21:39:42 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/10/20 21:32:31 | 00,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/10/20 21:23:02 | 00,006,656 | ---- | C] () -- C:\Windows\System32\stacutil.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/22 06:42:38 | 00,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2006/08/08 14:58:04 | 00,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2006/04/24 14:09:58 | 00,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2006/03/19 19:03:04 | 00,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll

========== LOP Check ==========

[2009/07/18 23:32:50 | 00,000,000 | ---D | M] -- C:\Users\(name removed)\AppData\Roaming\BitTorrent
[2009/12/16 19:50:49 | 00,000,000 | ---D | M] -- C:\Users\(name removed)\AppData\Roaming\DNA
[2009/09/22 12:58:18 | 00,000,000 | ---D | M] -- C:\Users\(name removed)\AppData\Roaming\Eltima Software
[2009/07/31 14:17:32 | 00,000,000 | ---D | M] -- C:\Users\(name removed)\AppData\Roaming\Free&Easy Font Viewer
[2008/11/24 14:24:39 | 00,000,000 | ---D | M] -- C:\Users\(name removed)\AppData\Roaming\GlobalSCAPE
[2009/12/12 14:45:04 | 00,000,000 | ---D | M] -- C:\Users\(name removed)\AppData\Roaming\Hoyle Casino
[2009/09/20 20:55:21 | 00,000,000 | ---D | M] -- C:\Users\(name removed)\AppData\Roaming\Hoyle FaceCreator
[2009/03/31 08:26:52 | 00,000,000 | ---D | M] -- C:\Users\(name removed)\AppData\Roaming\ImgBurn
[2009/03/27 22:33:13 | 00,000,000 | ---D | M] -- C:\Users\(name removed)\AppData\Roaming\iWin
[2009/11/15 22:19:36 | 00,000,000 | ---D | M] -- C:\Users\(name removed)\AppData\Roaming\LimeWire
[2009/06/22 07:32:42 | 00,000,000 | ---D | M] -- C:\Users\(name removed)\AppData\Roaming\Opera
[2008/11/03 15:25:11 | 00,000,000 | ---D | M] -- C:\Users\(name removed)\AppData\Roaming\Template
[2009/02/13 16:08:58 | 00,000,000 | ---D | M] -- C:\Users\(name removed)\AppData\Roaming\TomTom
[2009/12/16 17:10:28 | 00,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 21:32:22 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/20 21:32:22 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:32:22 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:32:22 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:32:22 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/10/20 23:49:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\ERDNT\cache\atapi.sys
[2008/10/20 23:49:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008/10/20 23:49:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/10/20 23:49:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:32:21 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:32:21 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/10/20 23:49:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 21:32:49 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:32:49 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:32:49 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:33:41 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008/01/20 21:33:41 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/20 21:33:41 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:34:39 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll
[2008/01/20 21:34:39 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/20 21:34:39 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >


And here's the "Extras.Txt" file:
OTL Extras logfile created on: 12/16/2009 7:51:42 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\Brandon\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 57.65% Memory free
3.98 Gb Paging File | 3.13 Gb Available in Paging File | 78.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.95 Gb Total Space | 63.00 Gb Free Space | 45.34% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.35 Gb Free Space | 53.46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: (name removed)
Current User Name: (name removed)
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2190242007-3043411645-2820999077-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Adobe\Adobe GoLive CS2\GoLive.exe" "%1" (Adobe Systems Incorporated)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0108E16A-6AE3-47C4-8EF1-0F4C425216F5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0A480F19-65EE-48FA-B159-1DBA2612AE14}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{0F24C153-CB82-421C-9145-BDC744032778}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{1AFA914F-222A-410B-9158-CA38965FC0AE}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{2C5112C0-0100-4839-A2E5-9CDCB3AF57FD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{35F9A8EA-ADFB-47B0-A7E1-37A6E318BDC1}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{3BF7B446-01E7-4D07-B3B4-D47013945F5C}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{51E78D93-4AB6-475C-B23B-1F08C77AEBED}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{5A791555-98BC-4E48-888C-363DD2E29A81}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{6CE19B92-D745-4C5A-96FB-9D3F17E27D25}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{70E8EE3C-9EE2-4DD7-AD9E-F01A1805D7F9}" = protocol=17 | dir=in | app=f:\globalscape\cuteftp professional\cuteftppro.exe |
"{A4723005-51E0-4910-A1E4-B4CEB08372E2}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{BE752A39-8165-4261-BB12-99BA8D856D94}" = protocol=6 | dir=in | app=f:\globalscape\cuteftp professional\cuteftppro.exe |
"{C5F62F31-B745-4360-96CD-7BA239BD6527}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe |
"{CEA7E443-5B2F-41E3-A37A-CEB88EBEABA6}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{D33F85C7-F867-46B2-9B6E-8CDC6DB39C0C}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{D592DA62-50FC-479D-AC93-BEF9A8295CA0}" = protocol=17 | dir=in | app=f:\globalscape\cuteftp professional\ftpte.exe |
"{DAF9C668-E9C7-4A38-9505-0B74B08F7917}" = protocol=6 | dir=in | app=f:\globalscape\cuteftp professional\ftpte.exe |
"{DD52E219-68A1-4769-8D44-163916785A8E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E2299B4B-DF56-4203-93BB-47BF2F72E4DA}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe |
"{E7ADADFC-8D3A-436F-AA3C-2360C57FD722}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{EC8C0594-A42A-499B-BD8A-B49494ED7B73}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ED626A3F-1732-4B49-A979-36D3802EE6E2}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{F219E49B-80AA-4519-83C3-3DD6FA8214BC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F3CBF9DB-DB51-4012-90CA-D3ED38C033E0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F43BFFFF-B610-4115-B80C-930D05F50FF6}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{091D8BE2-5908-493C-802E-D446E70A426F}C:\users\(name removed)\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\brandon\program files\dna\btdna.exe |
"TCP Query User{140F5860-9836-4E8E-B859-104393ABBC1A}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{1E5F66C2-087E-44A3-BB10-83E3AE9C1700}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{35151952-3B2B-4EEB-85A9-1DDEC5D5B99C}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{38EDADD1-05E1-4179-BAD6-FD5F96443F45}C:\users\(name removed)\documents\ind projects\xampp\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\brandon\documents\ind projects\xampp\xampplite\mysql\bin\mysqld.exe |
"TCP Query User{3BB4AF9B-2558-40C1-862A-A7CFAFD8E14D}C:\users\(name removed)\documents\ind projects\xampp\xampplite\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\brandon\documents\ind projects\xampp\xampplite\apache\bin\httpd.exe |
"TCP Query User{5B4D415B-E298-44CE-969C-32E84165C18E}C:\users\(name removed)\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\brandon\program files\dna\btdna.exe |
"TCP Query User{8CB20CA4-B711-4750-A364-EB80417BFA5E}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{CB4BE723-C944-4F58-BD56-20810B9B2845}C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe |
"TCP Query User{D63338BD-183C-48D9-B081-FF00C8E41915}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{FC1091BA-E923-49C6-AC21-F73FF10C999A}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{0BE5AC5E-699B-404A-A728-E46CAF671AD5}C:\users\brandon\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\brandon\program files\dna\btdna.exe |
"UDP Query User{19CEE8A6-B934-498F-B210-F449DDEFBB1C}C:\users\brandon\documents\ind projects\xampp\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\brandon\documents\ind projects\xampp\xampplite\mysql\bin\mysqld.exe |
"UDP Query User{37454F5B-496B-43D9-B0E7-59FA28AB94DC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{70865023-AE01-4B4B-B9DF-59EE2EA2C42E}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{975EECDF-C0DC-4E48-BA60-CD6EB745656B}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{98919E09-593A-45A9-8357-405B71854F3D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A0642EFE-53C0-4B49-A946-0F1D74CE23FF}C:\users\brandon\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\brandon\program files\dna\btdna.exe |
"UDP Query User{AB27C099-D97F-4418-BFD1-FF7878FF1B4C}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{B124FF76-9AB1-4824-BB34-A0E79245E56F}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{C0734B66-5733-4A16-B381-BA7FD931D6DE}C:\users\(name removed)\documents\ind projects\xampp\xampplite\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\brandon\documents\ind projects\xampp\xampplite\apache\bin\httpd.exe |
"UDP Query User{D22A189C-3433-4A25-AB5E-F1C2CFF7E6D5}C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0ED1A22E-39F3-0B9A-FFDC-33ABCEE505C0}" = Skins
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = The Sims Deluxe Edition
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3F99D180-34C3-4151-8C6C-86FC5D7BDFBD}" = Hoyle Casino
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{48A34EA8-695B-48BE-B900-C0C44D5D518A}" = Photo Viewer
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5A3E8FF2-F163-2B00-9B47-D8C84CF12C7A}" = Catalyst Control Center InstallProxy
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6468C32A-026A-37DD-A013-C8A8B0995B52}" = Catalyst Control Center Graphics Light
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{67A58A97-9612-C607-0245-F3F417EFDB6D}" = Catalyst Control Center Core Implementation
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69F6B6BC-D64C-BE30-6334-C7A76E9FF2AD}" = CCC Help English
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{6F2A00E1-46C9-6DAE-E6E3-BEE4C9D5A0C3}" = ccc-core-static
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security Pro
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83DD27C9-CDC2-489A-87FA-8622C1F8F8EC}" = Debugging Tools for Windows (x86)
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9D1DE3AD-75C5-9C43-3F07-206600BB2D30}" = Catalyst Control Center Graphics Full New
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security Pro
"{9F827E95-123C-EAA5-6CCD-9D9E8FC2A80E}" = ATI Catalyst Install Manager
"{A035580E-3EDF-EA34-F229-0E17DF3A6E7C}" = ccc-utility
"{A3797713-6859-379F-4E0C-ADCB3BE3C87E}" = Catalyst Control Center Graphics Previews Common
"{A38048C6-89D1-44EC-BC95-E95DD4A19B5E}" = QuarkXPress 7.3
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AFF84D5E-EB68-728E-1BD5-10BCFDCF25FF}" = Catalyst Control Center HydraVision Full
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}" = Hoyle Card Games 2005
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}" = Product Support Launcher
"{C357E7BE-A832-CFAF-A1B2-23EC0C08011E}" = Catalyst Control Center Graphics Previews Vista
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D244622B-F2BC-AD1E-6BA6-40345EC55BAA}" = Catalyst Control Center Graphics Full Existing
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}" = ATI PCI Express (3GIO) Filter Driver
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Audacity_is1" = Audacity 1.2.6
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Free&Easy Font Viewer_is1" = Free&Easy Font Viewer 2.0
"HijackThis" = HijackThis 2.0.2
"Homestead SiteBuilder" = Homestead SiteBuilder
"HourGuard" = HourGuard Time Sheet
"ImgBurn" = ImgBurn
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monopoly by Parker Brothers" = Monopoly by Parker Brothers
"Monopoly Here & Now Edition" = Monopoly Here & Now Edition
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Quicken 2002 New User Edition" = Quicken 2002 New User Edition
"RegAce_mp1" = RegAce V1.2
"RSKDL" = Risk (remove only)
"SCRABBLE" = SCRABBLE
"SopCast" = SopCast 3.0.3
"SynTPDeinstKey" = Dell Touchpad
"TomTom HOME" = TomTom HOME 2.7.0.1785
"Uninstall_is1" = Uninstall 1.0.0.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2190242007-3043411645-2820999077-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/27/2009 5:20:23 AM | Computer Name = (name removed) | Source = WinMgmt | ID = 10
Description =

Error - 11/27/2009 5:27:58 AM | Computer Name = (name removed) | Source = EventSystem | ID = 4621
Description =

Error - 11/28/2009 11:32:53 AM | Computer Name = (name removed) | Source = WinMgmt | ID = 10
Description =

Error - 11/28/2009 11:33:19 AM | Computer Name = (name removed) | Source = RasClient | ID = 20227
Description =

Error - 11/28/2009 12:05:26 PM | Computer Name = (name removed) | Source = WinMgmt | ID = 10
Description =

Error - 11/28/2009 12:32:06 PM | Computer Name = (name removed) | Source = RasClient | ID = 20227
Description =

Error - 11/29/2009 6:29:39 PM | Computer Name = (name removed) | Source = WinMgmt | ID = 10
Description =

Error - 12/2/2009 5:55:03 PM | Computer Name = (name removed) | Source = WinMgmt | ID = 10
Description =

Error - 12/4/2009 4:31:26 PM | Computer Name = (name removed) | Source = Application Error | ID = 1000
Description = Faulting application WinMail.exe, version 6.0.6001.18000, time stamp
0x47918ed8, faulting module html.iec, version 2017.0.0.18319, time stamp 0x4a966dc3,
exception code 0xc0000005, fault offset 0x0004d50b, process id 0xe80, application
start time 0x01ca739a7abfe3bc.

Error - 12/4/2009 8:17:09 PM | Computer Name = (name removed) | Source = Application Hang | ID = 1002
Description = The program Photoshop.exe version 9.0.2.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1204 Start Time: 01ca7430de7267e6 Termination Time: 390

[ Broadcom Wireless LAN Events ]
Error - 10/28/2009 8:53:37 AM | Computer Name = (name removed) | Source = WLAN-Tray | ID = 0
Description = 08:53:30, Wed, Oct 28, 09 Error - Unable to gain access to user store


Error - 10/30/2009 8:53:24 AM | Computer Name = (name removed) | Source = WLAN-Tray | ID = 0
Description = 08:53:24, Fri, Oct 30, 09 Error - Unable to gain access to user store


Error - 11/7/2009 12:51:30 PM | Computer Name = (name removed) | Source = WLAN-Tray | ID = 0
Description = 11:51:30, Sat, Nov 07, 09 Error - Unable to gain access to user store


[ System Events ]
Error - 7/9/2009 9:26:13 AM | Computer Name = (name removed) | Source = DCOM | ID = 10016
Description =

Error - 7/9/2009 9:26:13 AM | Computer Name = (name removed) | Source = DCOM | ID = 10016
Description =

Error - 7/15/2009 11:39:43 PM | Computer Name = (name removed) | Source = Service Control Manager | ID = 7011
Description =

Error - 7/16/2009 3:17:12 AM | Computer Name = (name removed) | Source = HTTP | ID = 15016
Description =

Error - 7/26/2009 10:45:32 AM | Computer Name = (name removed) | Source = bowser | ID = 8003
Description =

Error - 7/26/2009 8:49:19 PM | Computer Name = (name removed) | Source = BROWSER | ID = 8032
Description =

Error - 7/30/2009 3:19:52 AM | Computer Name = (name removed) | Source = HTTP | ID = 15016
Description =

Error - 8/1/2009 11:19:47 PM | Computer Name = (name removed) | Source = Service Control Manager | ID = 7011
Description =

Error - 8/5/2009 9:01:49 PM | Computer Name = (name removed) | Source = HTTP | ID = 15016
Description =

Error - 8/10/2009 8:39:52 AM | Computer Name = (name removed) | Source = HTTP | ID = 15016
Description =


< End of report >

Edited by tribefanOH, 16 December 2009 - 08:16 PM.


#5 tribefanOH

tribefanOH
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 16 December 2009 - 08:22 PM

I'm getting ready to try the gmer scan again, but I wanted to mention this. When I tried running it a minute ago, I got a blue screen (with all the gibberish) while it was running. Restarted, came back here, and am posting now.

I'm going to try to run the scan again now, and if it works fine, I'll just edit this reply and put the gmer log. If it blue screens on me again, I'll edit this reply and say as much.

*EDIT*
Posting from a different computer now. The computer getting the gmer scan has been hung up for about 10 minutes now while saying "\Device\HardDiskVolumeShadowCopy1". I'm a bit apprehensive about stopping the program mid-scan, but I'm not sure if it's supposed to scan on that status for so long or not. So far there is only 1 item showing up in the gmer scan...

*EDIT 2*
Tried to stop the gmer scan since it was hung up for so long on the above. Froze. Called up task manager. Before ever even bringing up task manager, got a black screen again. Hard reboot again. gmer doesn't seem to like scanning on my system. :(

Edited by tribefanOH, 16 December 2009 - 08:44 PM.


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:01 PM

Posted 17 December 2009 - 08:43 AM

Ok, we'll leave Gmer out of it for now.

Please download ComboFix from here:

Link 1

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 tribefanOH

tribefanOH
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 17 December 2009 - 10:38 AM

Here is the ComboFix log:

ComboFix 09-12-16.05 - Brandon 12/17/2009 10:13:41.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1917.1080 [GMT -5:00]
Running from: c:\users\Brandon\Desktop\KittyFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-11-17 to 2009-12-17 )))))))))))))))))))))))))))))))
.

2009-12-17 15:23 . 2009-12-17 15:24 -------- d-----w- c:\users\(name removed)\AppData\Local\temp
2009-12-17 15:23 . 2009-12-17 15:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-17 15:23 . 2009-12-17 15:23 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp
2009-12-17 15:23 . 2009-12-17 15:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-09 23:50 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 23:50 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-09 23:22 . 2009-11-03 22:17 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 23:22 . 2009-11-03 22:15 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 23:22 . 2009-11-03 19:53 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 16:17 . 2009-12-09 16:17 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb88CE.tmp.exe
2009-12-02 20:34 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-02 20:34 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 20:34 . 2009-12-02 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-01 05:06 . 2009-11-19 16:48 43008 ----a-w- c:\users\(name removed)\AppData\Roaming\Mozilla\Firefox\Profiles\y2vyo0k2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-01 05:06 . 2009-11-19 16:48 872960 ----a-w- c:\users\(name removed)\AppData\Roaming\Mozilla\Firefox\Profiles\y2vyo0k2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-01 05:06 . 2009-11-19 16:48 340480 ----a-w- c:\users\(name removed)\AppData\Roaming\Mozilla\Firefox\Profiles\y2vyo0k2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-01 05:06 . 2009-11-19 16:48 346624 ----a-w- c:\users\(name removed)\AppData\Roaming\Mozilla\Firefox\Profiles\y2vyo0k2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-30 22:38 . 2009-11-30 22:38 -------- d-----w- c:\users\(name removed)\AppData\Local\Apple
2009-11-28 16:12 . 2009-11-28 16:12 -------- d-----w- c:\users\(name removed)\AppData\Local\Apple Computer
2009-11-27 05:16 . 2009-11-27 05:16 -------- d-----w- c:\programdata\ATI
2009-11-27 03:04 . 2009-11-27 03:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-11-27 03:03 . 2009-11-27 03:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-27 03:03 . 2009-11-27 03:03 -------- d-----w- c:\users\(name removed)\AppData\Roaming\SUPERAntiSpyware.com
2009-11-25 19:33 . 2009-11-25 19:33 -------- d-----w- c:\programdata\Simply Super Software
2009-11-25 18:31 . 2009-11-25 18:31 -------- d-----w- c:\programdata\RegAce
2009-11-25 18:31 . 2009-11-27 08:11 -------- d-----w- c:\program files\RegAce
2009-11-25 18:12 . 2009-11-25 18:12 -------- d-----w- c:\users\(name removed)\AppData\Roaming\Malwarebytes
2009-11-25 18:12 . 2009-11-25 18:12 -------- d-----w- c:\programdata\Malwarebytes
2009-11-25 16:16 . 2009-11-25 16:16 -------- d-----w- c:\users\(name removed)\AppData\Local\Trend Micro
2009-11-25 16:00 . 2009-11-27 05:14 -------- d-----w- c:\windows\system32\Service
2009-11-25 16:00 . 2009-11-25 16:05 -------- d-----w- c:\programdata\Trend Micro
2009-11-25 15:59 . 2009-12-09 20:22 -------- d-----w- c:\program files\Trend Micro
2009-11-25 15:52 . 2009-11-25 15:52 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2009-11-25 15:52 . 2009-11-25 15:52 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2009-11-25 15:52 . 2009-11-25 15:52 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2009-11-25 15:52 . 2009-11-25 15:52 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-11-25 15:52 . 2009-11-25 15:52 283152 ----a-w- c:\windows\system32\drivers\tmwfp.sys
2009-11-25 15:52 . 2009-11-25 15:52 225808 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-11-25 15:52 . 2009-11-25 15:52 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-25 15:52 . 2009-11-25 15:52 146448 ----a-w- c:\windows\system32\drivers\tmlwf.sys
2009-11-25 15:52 . 2009-11-25 15:52 1223832 ----a-w- c:\windows\system32\drivers\vsapint.sys
2009-11-25 14:55 . 2009-11-27 08:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-25 14:55 . 2009-11-25 15:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-25 14:48 . 2009-11-27 08:11 -------- d-----w- c:\program files\Common Files\Scanner
2009-11-25 14:48 . 2009-11-27 08:11 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-11-25 14:26 . 2009-11-25 14:26 120 ----a-w- c:\users\(name removed)\AppData\Local\Oqaqafekuteg.dat
2009-11-25 14:26 . 2009-11-25 14:26 0 ----a-w- c:\users\(name removed)\AppData\Local\Lqexadevipejided.bin
2009-11-25 14:26 . 2009-11-27 08:12 -------- d-----w- c:\users\(name removed)\AppData\Local\{854F5AE6-D854-4F51-B10D-100ED07AFE71}
2009-11-25 08:03 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 23:47 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 23:47 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 15:24 . 2009-03-30 19:36 -------- d-----w- c:\users\(name removed)\AppData\Roaming\DNA
2009-12-15 20:23 . 2008-11-03 20:25 8358 ----a-w- c:\users\(name removed)\AppData\Roaming\wklnhst.dat
2009-12-12 19:45 . 2009-09-21 01:54 -------- d-----w- c:\users\(name removed)\AppData\Roaming\Hoyle Casino
2009-12-10 08:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 22:18 . 2008-10-31 20:51 -------- d-----w- c:\program files\Dl_cats
2009-11-28 16:09 . 2009-01-20 14:30 -------- d-----w- c:\users\(name removed)\AppData\Roaming\Move Networks
2009-11-27 08:12 . 2008-11-03 14:30 -------- d-----w- c:\programdata\FLEXnet
2009-11-27 08:06 . 2009-03-01 20:22 -------- d-----w- c:\program files\ATI
2009-11-27 08:06 . 2008-10-21 02:29 -------- d-----w- c:\program files\ATI Technologies
2009-11-25 23:23 . 2008-10-31 19:27 -------- d-----w- c:\programdata\avg8
2009-11-16 03:19 . 2008-11-22 15:17 -------- d-----w- c:\users\(name removed)\AppData\Roaming\LimeWire
2009-11-03 01:42 . 2009-10-04 22:54 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-28 13:46 . 2008-12-22 23:53 680 ----a-w- c:\users\(name removed)\AppData\Local\d3d9caps.dat
2009-10-27 13:20 . 2009-12-09 23:23 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2009-12-09 23:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55 . 2009-12-09 23:23 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-06 04:18 . 2009-10-06 04:18 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb7E7A.tmp.exe
2009-09-29 13:17 . 2008-10-31 17:38 241560 ----a-w- c:\users\(name removed)\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-28 20:08 . 2009-09-21 02:46 877 ----a-w- c:\windows\eReg.dat
2008-10-21 04:50 . 2008-10-21 04:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-11-27_06.01.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-09 23:22 . 2009-11-03 21:55 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.22258_none_75ef2fe38adfadb0\nshhttp.dll
+ 2009-12-09 23:22 . 2009-11-03 21:43 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.18136_none_7579325c71b3a356\nshhttp.dll
+ 2009-12-09 23:22 . 2009-11-03 22:01 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.22556_none_7406bd678dbb25de\nshhttp.dll
+ 2009-12-09 23:22 . 2009-11-03 22:17 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.18356_none_737d1eb6749d88ed\nshhttp.dll
+ 2009-12-09 23:22 . 2009-11-03 12:49 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.21154_none_721e54699096985a\nshhttp.dll
+ 2009-12-09 23:22 . 2009-11-03 13:01 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.16951_none_7191de9e777b7949\nshhttp.dll
+ 2009-12-09 23:23 . 2009-10-27 13:14 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.21148_none_2a75ca2d813992d7\iebrshim.dll
+ 2009-12-09 23:23 . 2009-10-27 15:01 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16945_none_29e95462681e73c6\iebrshim.dll
+ 2009-12-09 23:23 . 2009-10-27 13:14 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21148_none_c450b3bd7a89bd7a\iesetup.dll
+ 2009-12-09 23:23 . 2009-10-27 13:14 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21148_none_c450b3bd7a89bd7a\iernonce.dll
+ 2009-12-09 23:23 . 2009-10-27 10:48 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21148_none_c450b3bd7a89bd7a\ie4uinit.exe
+ 2009-12-09 23:23 . 2009-10-27 15:01 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16945_none_c3c43df2616e9e69\iesetup.dll
+ 2009-12-09 23:23 . 2009-10-27 15:01 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16945_none_c3c43df2616e9e69\iernonce.dll
+ 2009-12-09 23:23 . 2009-10-27 12:27 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16945_none_c3c43df2616e9e69\ie4uinit.exe
+ 2009-12-09 23:23 . 2009-10-27 10:56 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22550_none_2fb594d03344a0e4\ieUnatt.exe
+ 2009-12-09 23:23 . 2009-10-27 10:55 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18349_none_2f3fc8a51a16cc11\ieUnatt.exe
+ 2009-12-09 23:23 . 2009-10-27 10:48 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21148_none_2de1fea2360ef4d5\ieUnatt.exe
+ 2009-12-09 23:23 . 2009-10-27 12:27 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16945_none_2d5588d71cf3d5c4\ieUnatt.exe
+ 2009-12-09 23:23 . 2009-10-27 13:14 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.21148_none_591b7dff804e7b31\icardie.dll
+ 2009-12-09 23:23 . 2009-10-27 15:01 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16945_none_588f083467335c20\icardie.dll
+ 2009-12-09 23:23 . 2009-10-27 10:56 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22550_none_f3c11b47d36cbc5c\mshtmler.dll
+ 2009-12-09 23:23 . 2009-10-27 13:05 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22550_none_f3c11b47d36cbc5c\ieencode.dll
+ 2006-11-02 07:33 . 2006-11-02 07:33 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18349_none_f34b4f1cba3ee789\mshtmler.dll
+ 2009-12-09 23:23 . 2009-10-27 13:16 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18349_none_f34b4f1cba3ee789\ieencode.dll
+ 2009-12-09 23:23 . 2009-10-27 09:23 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21148_none_f1ed8519d637104d\mshtmler.dll
+ 2009-12-09 23:23 . 2009-10-27 13:14 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21148_none_f1ed8519d637104d\ieencode.dll
+ 2009-12-09 23:23 . 2009-10-27 10:56 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16945_none_f1610f4ebd1bf13c\mshtmler.dll
+ 2009-12-09 23:23 . 2009-10-27 15:01 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16945_none_f1610f4ebd1bf13c\ieencode.dll
+ 2009-12-09 23:23 . 2009-10-27 13:03 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22550_none_ae85b694200c09a7\admparse.dll
+ 2008-01-21 02:33 . 2008-01-21 02:33 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18349_none_ae0fea6906de34d4\admparse.dll
+ 2009-12-09 23:23 . 2009-10-27 13:12 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21148_none_acb2206622d65d98\admparse.dll
+ 2009-12-09 23:23 . 2009-10-27 14:59 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16945_none_ac25aa9b09bb3e87\admparse.dll
+ 2009-12-09 23:23 . 2009-10-27 12:53 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22252_none_0424fac0b83db9d3\WininetPlugin.dll
+ 2009-12-09 23:23 . 2009-10-27 12:50 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22252_none_0424fac0b83db9d3\jsproxy.dll
+ 2009-06-09 18:28 . 2009-04-11 06:28 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18130_none_03aefd399f11af79\WininetPlugin.dll
+ 2009-06-09 18:28 . 2009-04-11 06:28 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18130_none_03aefd399f11af79\jsproxy.dll
+ 2009-12-09 23:23 . 2009-10-27 13:07 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22550_none_023c8844bb193201\WininetPlugin.dll
+ 2009-12-09 23:23 . 2009-10-27 13:05 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22550_none_023c8844bb193201\jsproxy.dll
+ 2008-10-21 04:59 . 2008-10-21 04:59 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18349_none_01c6bc19a1eb5d2e\WininetPlugin.dll
+ 2009-12-09 23:23 . 2009-10-27 13:16 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18349_none_01c6bc19a1eb5d2e\jsproxy.dll
+ 2009-12-09 23:23 . 2009-10-27 13:18 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21148_none_0068f216bde385f2\WininetPlugin.dll
+ 2009-12-09 23:23 . 2009-10-27 13:15 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21148_none_0068f216bde385f2\jsproxy.dll
+ 2009-12-09 23:23 . 2009-10-27 15:05 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16945_none_ffdc7c4ba4c866e1\WininetPlugin.dll
+ 2009-12-09 23:23 . 2009-10-27 15:02 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16945_none_ffdc7c4ba4c866e1\jsproxy.dll
+ 2009-12-09 23:23 . 2009-10-27 13:17 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.21148_none_ec466dc22f79e7fb\pngfilt.dll
+ 2009-12-09 23:23 . 2009-10-27 15:04 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16945_none_ebb9f7f7165ec8ea\pngfilt.dll
+ 2009-12-09 23:22 . 2009-11-03 21:53 30720 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6002.22258_none_f7ee45feb3b119ca\httpapi.dll
+ 2009-12-09 23:22 . 2009-11-03 21:42 30720 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6002.18136_none_f77848779a850f70\httpapi.dll
+ 2009-12-09 23:22 . 2009-11-03 22:00 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.22556_none_f605d382b68c91f8\httpapi.dll
+ 2009-12-09 23:22 . 2009-11-03 22:15 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.18356_none_f57c34d19d6ef507\httpapi.dll
+ 2009-12-09 23:22 . 2009-11-03 12:46 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.21154_none_f41d6a84b9680474\httpapi.dll
+ 2009-12-09 23:22 . 2009-11-03 12:57 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.16951_none_f390f4b9a04ce563\httpapi.dll
+ 2008-01-21 01:58 . 2009-12-17 00:41 51566 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-12-17 13:05 79462 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-01 00:16 . 2009-12-17 13:05 12606 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2190242007-3043411645-2820999077-1002_UserData.bin
- 2009-10-21 22:36 . 2009-08-27 13:29 28160 c:\windows\System32\jsproxy.dll
+ 2009-12-09 23:23 . 2009-10-27 13:16 28160 c:\windows\System32\jsproxy.dll
+ 2008-02-03 15:42 . 2009-12-17 13:08 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-03 15:42 . 2009-11-27 04:43 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-03 15:42 . 2009-11-27 04:43 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-03 15:42 . 2009-12-17 13:08 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-03 15:42 . 2009-12-17 13:08 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-02-03 15:42 . 2009-11-27 04:43 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-04 22:21 . 2009-12-09 19:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-04 22:21 . 2009-12-09 19:50 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-04 22:21 . 2009-12-09 19:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-01 00:12 . 2009-12-02 21:53 3034 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-11-01 00:12 . 2009-11-11 08:24 3034 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-11-28 16:56 . 2009-11-28 16:56 9560 c:\windows\System32\networklist\icons\{9C9EFF72-FA8E-4295-9C6A-D13AB8134F20}_48.bin
+ 2009-11-28 16:56 . 2009-11-28 16:56 4280 c:\windows\System32\networklist\icons\{9C9EFF72-FA8E-4295-9C6A-D13AB8134F20}_32.bin
+ 2009-11-28 16:56 . 2009-11-28 16:56 2456 c:\windows\System32\networklist\icons\{9C9EFF72-FA8E-4295-9C6A-D13AB8134F20}_24.bin
+ 2009-12-17 00:43 . 2009-12-17 00:43 9560 c:\windows\System32\networklist\icons\{40D8DD56-7F27-43B1-933E-0C254A101612}_48.bin
+ 2009-12-17 00:43 . 2009-12-17 00:43 4280 c:\windows\System32\networklist\icons\{40D8DD56-7F27-43B1-933E-0C254A101612}_32.bin
+ 2009-12-17 00:43 . 2009-12-17 00:43 2456 c:\windows\System32\networklist\icons\{40D8DD56-7F27-43B1-933E-0C254A101612}_24.bin
- 2009-11-27 04:43 . 2009-11-27 05:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-12-17 13:03 . 2009-12-17 13:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-12-17 13:03 . 2009-12-17 13:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-11-27 04:43 . 2009-11-27 05:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-09 23:23 . 2009-08-24 11:50 377344 c:\windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6002.22208_none_27461209d860183c\winhttp.dll
+ 2009-12-09 23:23 . 2009-08-24 11:36 377344 c:\windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6002.18096_none_26592378bf8d4416\winhttp.dll
+ 2009-12-09 23:23 . 2009-08-24 11:51 378368 c:\windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.22504_none_255b9ef9db3d5dbc\winhttp.dll
+ 2009-12-09 23:23 . 2009-08-24 12:16 378368 c:\windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.18315_none_24c830a6c226f613\winhttp.dll
+ 2009-12-09 23:23 . 2009-08-24 12:34 378880 c:\windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.21113_none_23696659de200580\winhttp.dll
+ 2009-12-09 23:23 . 2009-08-24 12:47 378368 c:\windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.16913_none_22dff16cc5023274\winhttp.dll
+ 2009-12-09 23:50 . 2009-10-07 12:18 243712 c:\windows\winsxs\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6002.22240_none_6eaa02896688399b\rastls.dll
+ 2009-12-09 23:50 . 2009-10-07 11:36 243712 c:\windows\winsxs\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6002.18116_none_6e46d73e4d4cde08\rastls.dll
+ 2009-12-09 23:50 . 2009-10-07 12:18 243200 c:\windows\winsxs\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6001.22536_none_6cd4624969546090\rastls.dll
+ 2009-12-09 23:50 . 2009-10-07 12:41 244224 c:\windows\winsxs\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6001.18336_none_6c4ac3985036c39f\rastls.dll
+ 2009-12-09 23:50 . 2009-10-07 12:31 232960 c:\windows\winsxs\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6000.21134_none_6aebf94b6c2fd30c\rastls.dll
+ 2009-12-09 23:50 . 2009-10-07 12:47 232960 c:\windows\winsxs\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6000.16932_none_6a6083ca5313cd52\rastls.dll
+ 2009-12-09 23:50 . 2009-10-07 12:18 281600 c:\windows\winsxs\x86_microsoft-windows-raschap_31bf3856ad364e35_6.0.6001.22536_none_132e3960907cf729\raschap.dll
+ 2009-12-09 23:50 . 2009-10-07 12:41 281600 c:\windows\winsxs\x86_microsoft-windows-raschap_31bf3856ad364e35_6.0.6001.18336_none_12a49aaf775f5a38\raschap.dll
+ 2009-12-09 23:50 . 2009-10-07 12:31 274432 c:\windows\winsxs\x86_microsoft-windows-raschap_31bf3856ad364e35_6.0.6000.21134_none_1145d062935869a5\raschap.dll
+ 2009-12-09 23:50 . 2009-10-07 12:47 274432 c:\windows\winsxs\x86_microsoft-windows-raschap_31bf3856ad364e35_6.0.6000.16932_none_10ba5ae17a3c63eb\raschap.dll
+ 2009-12-09 23:23 . 2009-10-27 10:49 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.21148_none_0bc40cd3f02d913f\ieuser.exe
+ 2009-12-09 23:23 . 2009-10-27 12:27 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16945_none_0b379708d712722e\ieuser.exe
+ 2009-12-09 23:23 . 2009-10-27 10:49 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.21148_none_e71bd7b7adb2d18d\ieinstal.exe
+ 2009-12-09 23:23 . 2009-10-27 12:27 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16945_none_e68f61ec9497b27c\ieinstal.exe
+ 2009-12-09 23:23 . 2009-10-27 12:49 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22252_none_66de73e2c489b136\ieui.dll
+ 2009-12-09 23:23 . 2009-10-27 14:08 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18130_none_6668765bab5da6dc\ieui.dll
+ 2009-12-09 23:23 . 2009-10-27 13:05 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22550_none_64f60166c7652964\ieui.dll
+ 2008-01-21 02:34 . 2008-01-21 02:34 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18349_none_6480353bae375491\ieui.dll
+ 2009-12-09 23:23 . 2009-10-27 13:14 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21148_none_63226b38ca2f7d55\ieui.dll
+ 2009-12-09 23:23 . 2009-10-27 15:01 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16945_none_6295f56db1145e44\ieui.dll
+ 2009-12-09 23:23 . 2009-10-27 13:07 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22550_none_47f73f20a5ca505e\sqmapi.dll
+ 2009-12-09 23:23 . 2009-10-27 13:05 271360 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22550_none_47f73f20a5ca505e\iertutil.dll
+ 2008-01-21 02:34 . 2008-01-21 02:34 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18349_none_478172f58c9c7b8b\sqmapi.dll
+ 2009-12-09 23:23 . 2009-10-27 13:16 270848 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18349_none_478172f58c9c7b8b\iertutil.dll
+ 2009-12-09 23:23 . 2009-10-27 13:18 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21148_none_4623a8f2a894a44f\sqmapi.dll
+ 2009-12-09 23:23 . 2009-10-27 13:14 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21148_none_4623a8f2a894a44f\iertutil.dll
+ 2009-12-09 23:23 . 2009-10-27 15:04 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16945_none_459733278f79853e\sqmapi.dll
+ 2009-12-09 23:23 . 2009-10-27 15:01 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16945_none_459733278f79853e\iertutil.dll
+ 2009-12-09 23:23 . 2009-10-27 13:06 146432 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.22550_none_3779fcf32d6935cc\occache.dll
+ 2009-12-09 23:23 . 2009-10-27 13:18 146432 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.18349_none_370430c8143b60f9\occache.dll
+ 2009-12-09 23:23 . 2009-10-27 13:17 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.21148_none_35a666c5303389bd\occache.dll
+ 2009-12-09 23:23 . 2009-10-27 15:04 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.16945_none_3519f0fa17186aac\occache.dll
+ 2009-12-09 23:23 . 2009-10-27 13:11 634632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22550_none_2fb594d03344a0e4\iexplore.exe
+ 2009-12-09 23:23 . 2009-10-27 13:24 634632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18349_none_2f3fc8a51a16cc11\iexplore.exe
+ 2009-12-09 23:23 . 2009-10-27 13:22 634632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21148_none_2de1fea2360ef4d5\iexplore.exe
+ 2009-12-09 23:23 . 2009-10-27 15:11 634632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16945_none_2d5588d71cf3d5c4\iexplore.exe
+ 2009-12-09 23:23 . 2009-10-27 13:16 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.21148_none_46a8e8005f753900\mshtmled.dll
+ 2009-12-09 23:23 . 2009-10-27 15:03 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16945_none_461c7235465a19ef\mshtmled.dll
+ 2009-12-09 23:23 . 2009-10-27 13:06 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.22550_none_603a1f1353bc84b9\msfeeds.dll
+ 2009-12-09 23:23 . 2009-10-27 13:17 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.18349_none_5fc452e83a8eafe6\msfeeds.dll
+ 2009-12-09 23:23 . 2009-10-27 13:16 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.21148_none_5e6688e55686d8aa\msfeeds.dll
+ 2009-12-09 23:23 . 2009-10-27 15:03 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.16945_none_5dda131a3d6bb999\msfeeds.dll
+ 2009-12-09 23:23 . 2009-10-27 13:13 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21148_none_96464da89db48673\dxtrans.dll
+ 2009-12-09 23:23 . 2009-10-27 13:13 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21148_none_96464da89db48673\dxtmsft.dll
+ 2009-12-09 23:23 . 2009-10-27 15:00 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16945_none_95b9d7dd84996762\dxtrans.dll
+ 2009-12-09 23:23 . 2009-10-27 15:00 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16945_none_95b9d7dd84996762\dxtmsft.dll
+ 2009-12-09 23:23 . 2009-10-27 12:49 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6002.22252_none_fdce1d9a82293426\ieapfltr.dll
+ 2009-12-09 23:23 . 2009-10-27 14:08 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6002.18130_none_fd58201368fd29cc\ieapfltr.dll
+ 2009-12-09 23:23 . 2009-10-27 13:05 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.22550_none_fbe5ab1e8504ac54\ieapfltr.dll
+ 2009-12-09 23:23 . 2009-10-27 13:16 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.18349_none_fb6fdef36bd6d781\ieapfltr.dll
+ 2009-12-09 23:23 . 2009-10-27 13:14 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21148_none_fa1214f087cf0045\ieapfltr.dll
+ 2009-12-09 23:23 . 2009-10-27 15:01 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16945_none_f9859f256eb3e134\ieapfltr.dll
+ 2009-12-09 23:23 . 2009-10-27 13:05 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22550_none_ae85b694200c09a7\ieakui.dll
+ 2009-12-09 23:23 . 2009-10-27 13:05 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22550_none_ae85b694200c09a7\ieaksie.dll
+ 2006-11-02 07:27 . 2006-11-02 09:39 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18349_none_ae0fea6906de34d4\ieakui.dll
+ 2009-12-09 23:23 . 2009-10-27 13:16 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18349_none_ae0fea6906de34d4\ieaksie.dll
+ 2009-12-09 23:23 . 2009-10-27 13:14 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21148_none_acb2206622d65d98\ieakui.dll
+ 2009-12-09 23:23 . 2009-10-27 13:14 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21148_none_acb2206622d65d98\ieaksie.dll
+ 2009-12-09 23:23 . 2009-10-27 15:01 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16945_none_ac25aa9b09bb3e87\ieakui.dll
+ 2009-12-09 23:23 . 2009-10-27 15:01 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16945_none_ac25aa9b09bb3e87\ieaksie.dll
+ 2009-12-09 23:23 . 2009-10-27 13:05 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.22550_none_74a4014070c352c8\iedkcs32.dll
+ 2009-12-09 23:23 . 2009-10-27 13:16 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.18349_none_742e351557957df5\iedkcs32.dll
+ 2009-12-09 23:23 . 2009-10-27 13:14 388608 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.21148_none_72d06b12738da6b9\iedkcs32.dll
+ 2009-12-09 23:23 . 2009-10-27 15:01 385024 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.16945_none_7243f5475a7287a8\iedkcs32.dll
+ 2009-12-09 23:23 . 2009-10-27 12:53 834048 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22252_none_0424fac0b83db9d3\wininet.dll
+ 2009-12-09 23:23 . 2009-10-27 14:11 834048 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18130_none_03aefd399f11af79\wininet.dll
+ 2009-12-09 23:23 . 2009-10-27 13:07 834048 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22550_none_023c8844bb193201\wininet.dll
+ 2009-12-09 23:23 . 2009-10-27 13:20 833024 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18349_none_01c6bc19a1eb5d2e\wininet.dll
+ 2009-12-09 23:23 . 2009-10-27 13:18 841216 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21148_none_0068f216bde385f2\wininet.dll
+ 2009-12-09 23:23 . 2009-10-27 15:05 832512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16945_none_ffdc7c4ba4c866e1\wininet.dll
+ 2009-12-09 23:23 . 2009-10-27 13:06 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22550_none_e1193b6b95b8cadd\mstime.dll
+ 2009-12-09 23:23 . 2009-10-27 13:17 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18349_none_e0a36f407c8af60a\mstime.dll
+ 2009-12-09 23:23 . 2009-10-27 13:16 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.21148_none_df45a53d98831ece\mstime.dll
+ 2009-12-09 23:23 . 2009-10-27 15:03 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16945_none_deb92f727f67ffbd\mstime.dll
+ 2009-12-09 23:22 . 2009-11-03 19:45 411648 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.22258_none_af0305482f402d0f\http.sys
+ 2009-12-09 23:22 . 2009-11-03 19:41 411648 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.18136_none_ae8d07c1161422b5\http.sys
+ 2009-12-09 23:22 . 2009-11-03 19:52 411136 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.22556_none_ad1a92cc321ba53d\http.sys
+ 2009-12-09 23:22 . 2009-11-03 19:53 411136 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.18356_none_ac90f41b18fe084c\http.sys
+ 2009-12-09 23:22 . 2009-11-03 10:31 398848 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.21154_none_ab3229ce34f717b9\http.sys
+ 2009-12-09 23:22 . 2009-11-03 10:37 396800 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.16951_none_aaa5b4031bdbf8a8\http.sys
+ 2009-12-09 23:23 . 2009-10-27 13:12 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.21148_none_aa4b64130ee101fc\advpack.dll
+ 2009-12-09 23:23 . 2009-10-27 14:59 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16945_none_a9beee47f5c5e2eb\advpack.dll
+ 2009-12-09 23:23 . 2009-08-24 12:16 378368 c:\windows\System32\winhttp.dll
+ 2008-11-01 16:18 . 2009-12-12 14:01 256600 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-12-17 13:09 622084 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-12-17 13:09 110554 c:\windows\System32\perfc009.dat
- 2009-10-21 22:36 . 2009-08-27 13:31 146432 c:\windows\System32\occache.dll
+ 2009-12-09 23:23 . 2009-10-27 13:18 146432 c:\windows\System32\occache.dll
- 2009-10-21 22:36 . 2009-08-27 13:30 671232 c:\windows\System32\mstime.dll
+ 2009-12-09 23:23 . 2009-10-27 13:17 671232 c:\windows\System32\mstime.dll
- 2009-10-21 22:36 . 2009-08-27 13:30 458240 c:\windows\System32\msfeeds.dll
+ 2009-12-09 23:23 . 2009-10-27 13:17 458240 c:\windows\System32\msfeeds.dll
- 2009-10-21 22:36 . 2009-08-27 13:29 270848 c:\windows\System32\iertutil.dll
+ 2009-12-09 23:23 . 2009-10-27 13:16 270848 c:\windows\System32\iertutil.dll
- 2009-10-21 22:36 . 2009-08-27 13:29 389120 c:\windows\System32\iedkcs32.dll
+ 2009-12-09 23:23 . 2009-10-27 13:16 389120 c:\windows\System32\iedkcs32.dll
+ 2009-12-09 23:23 . 2009-10-27 13:16 380928 c:\windows\System32\ieapfltr.dll
- 2009-10-21 22:36 . 2009-08-27 13:29 380928 c:\windows\System32\ieapfltr.dll
- 2009-10-21 22:36 . 2009-08-27 13:29 230400 c:\windows\System32\ieaksie.dll
+ 2009-12-09 23:23 . 2009-10-27 13:16 230400 c:\windows\System32\ieaksie.dll
+ 2009-12-09 23:22 . 2009-11-16 08:50 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22268_none_f4bf533781e7af0f\OESpamFilter.dat
+ 2009-12-09 23:22 . 2009-11-16 08:50 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18146_none_f44955b068bba4b5\OESpamFilter.dat
+ 2009-12-09 23:22 . 2009-11-16 08:48 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22564_none_f2d4e02784c4f48f\OESpamFilter.dat
+ 2009-12-09 23:22 . 2009-11-16 08:50 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18364_none_f24b41766ba7579e\OESpamFilter.dat
+ 2009-12-09 23:22 . 2009-11-16 08:49 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21162_none_f0ec772987a0670b\OESpamFilter.dat
+ 2009-12-09 23:22 . 2009-11-16 08:49 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16960_none_f06101a86e846151\OESpamFilter.dat
+ 2009-12-09 23:23 . 2009-10-27 12:49 6081536 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22252_none_66de73e2c489b136\ieframe.dll
+ 2009-12-09 23:23 . 2009-10-27 14:08 6079488 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18130_none_6668765bab5da6dc\ieframe.dll
+ 2009-12-09 23:23 . 2009-10-27 10:59 6072320 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22550_none_64f60166c7652964\ieframe.dll
+ 2009-12-09 23:23 . 2009-10-27 13:16 6069248 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18349_none_6480353bae375491\ieframe.dll
+ 2009-12-09 23:23 . 2009-10-27 13:14 6070784 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21148_none_63226b38ca2f7d55\ieframe.dll
+ 2009-12-09 23:23 . 2009-10-27 15:01 6067200 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16945_none_6295f56db1145e44\ieframe.dll
+ 2009-12-09 23:23 . 2009-10-27 12:50 3602944 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22252_none_157f19df38942309\mshtml.dll
+ 2009-12-09 23:23 . 2009-10-27 14:09 3599872 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18130_none_15091c581f6818af\mshtml.dll
+ 2009-12-09 23:23 . 2009-10-27 13:06 3587072 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22550_none_1396a7633b6f9b37\mshtml.dll
+ 2009-12-09 23:23 . 2009-10-27 13:17 3584000 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18349_none_1320db382241c664\mshtml.dll
+ 2009-12-09 23:23 . 2009-10-27 13:16 3602432 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21148_none_11c311353e39ef28\mshtml.dll
+ 2009-12-09 23:23 . 2009-10-27 15:03 3598336 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16945_none_11369b6a251ed017\mshtml.dll
+ 2009-07-29 11:50 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6002.22252_none_fdce1d9a82293426\ieapfltr.dat
+ 2009-07-29 11:50 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6002.18130_none_fd58201368fd29cc\ieapfltr.dat
+ 2009-07-29 11:50 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.22550_none_fbe5ab1e8504ac54\ieapfltr.dat
+ 2009-07-29 11:50 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.18349_none_fb6fdef36bd6d781\ieapfltr.dat
+ 2009-07-29 11:50 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21148_none_fa1214f087cf0045\ieapfltr.dat
+ 2009-07-29 11:50 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16945_none_f9859f256eb3e134\ieapfltr.dat
+ 2009-12-09 23:23 . 2009-10-27 12:53 1176064 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22252_none_b71f1f1eed349340\urlmon.dll
+ 2009-12-09 23:23 . 2009-10-27 14:11 1176064 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18130_none_b6a92197d40888e6\urlmon.dll
+ 2009-12-09 23:23 . 2009-10-27 13:07 1175040 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22550_none_b536aca2f0100b6e\urlmon.dll
+ 2009-12-09 23:23 . 2009-10-27 13:20 1174528 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18349_none_b4c0e077d6e2369b\urlmon.dll
+ 2009-12-09 23:23 . 2009-10-27 13:18 1170944 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21148_none_b3631674f2da5f5f\urlmon.dll
+ 2009-12-09 23:23 . 2009-10-27 15:05 1168384 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16945_none_b2d6a0a9d9bf404e\urlmon.dll
- 2009-10-21 22:36 . 2009-08-27 13:32 1174528 c:\windows\System32\urlmon.dll
+ 2009-12-09 23:23 . 2009-10-27 13:20 1174528 c:\windows\System32\urlmon.dll
+ 2006-11-02 10:22 . 2009-12-10 08:32 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-11-25 08:27 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-12-09 23:23 . 2009-10-27 13:17 3584000 c:\windows\System32\mshtml.dll
- 2009-11-04 10:17 . 2009-10-19 14:25 3584000 c:\windows\System32\mshtml.dll
+ 2009-12-09 23:23 . 2009-10-27 13:16 6069248 c:\windows\System32\ieframe.dll
- 2009-10-21 22:36 . 2009-08-27 13:29 6069248 c:\windows\System32\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-01 39408]
"BitTorrent DNA"="c:\users\(name removed)\Program Files\DNA\btdna.exe" [2009-11-13 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1029416]
"SigmatelSysTrayApp"="sttray.exe" [2007-04-24 303104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-11-25 1020248]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-11-3 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-20 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^(name removed)^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk]
path=c:\users\(name removed)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
backup=c:\windows\pss\MLB.TV NexDef Plug-in.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
2007-01-12 16:57 292336 ----a-w- c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 17:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HourGuard]
2009-09-17 14:51 397316 ----a-w- c:\program files\NCH Software\HourGuard\hourguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2006-11-03 22:04 304008 ----a-w- c:\program files\Dell Photo AIO Printer 926\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-02-26 15:57 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-04 03:21 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-08-07 14:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [11/25/2009 10:52 AM 146448]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 mrtRate;mrtRate;c:\windows\System32\drivers\MrtRate.sys [10/31/2008 1:16 PM 34712]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [11/25/2009 10:52 AM 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [11/25/2009 10:52 AM 283152]
S3 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [11/25/2009 10:52 AM 50704]
S3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [11/25/2009 11:01 AM 497008]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [11/25/2009 11:01 AM 689416]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/7/2009 9:31 AM 92008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.espn.com/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\(name removed)\AppData\Roaming\Mozilla\Firefox\Profiles\y2vyo0k2.default\
FF - prefs.js: browser.startup.homepage - www.espn.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - component: c:\users\(name removed)\AppData\Roaming\Mozilla\Firefox\Profiles\y2vyo0k2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\users\(name removed)\AppData\Roaming\Mozilla\Firefox\Profiles\y2vyo0k2.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\users\(name removed)\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-17 10:24
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2190242007-3043411645-2820999077-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c4,fb,26,df,85,f3,84,bb,ae,80,14,e7,8d,ea,46,3c,39,69,0b,79,cd,55,4f,
65,20,46,10,c9,9e,f4,57,47,d5,fb,1c,21,66,42,27,13,73,c6,00,da,18,7b,4c,c8,\
"??"=hex:7a,36,b9,3f,ef,c9,6c,1e,a6,eb,75,fc,68,cf,86,cb

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-17 10:27:04
ComboFix-quarantined-files.txt 2009-12-17 15:27
ComboFix2.txt 2009-11-27 06:03

Pre-Run: 67,528,818,688 bytes free
Post-Run: 67,524,898,816 bytes free

- - End Of File - - 903723182E85DCF39FF1897A318B7EDB

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:01 PM

Posted 17 December 2009 - 07:44 PM

Are the redirection only from Firefox? Or do you get them with IE also?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 tribefanOH

tribefanOH
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 17 December 2009 - 10:11 PM

I actually don't remember the last time I used IE, quite honestly. I can try and test out IE tomorrow, but, even in FireFox, the redirects have become pretty intermittent. As in, the only time I've seen it recently is 2 days in a row this week. Both times I made product related searches (once for t-shirts and once for laminates. Both were redirected to lowpriceshopper.com.

I guess the best test I can do as far as ie is to do the same searches and see what happens. Are the scans that have been done so far coming back pretty clean?

#10 tribefanOH

tribefanOH
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 18 December 2009 - 08:23 AM

Quick update -

It appears to be just in FireFox that I'm getting the redirect, and I got it again when I did a test just now.

I googled "Mannington Laminate" in both IE and Firefox. In IE, the first result (which is their actual site), took me right to their actual site. In Firefox, clicking on the same result gave me the TrendMicro "page is being blocked, may be dangerous, etc..." page. The other day it would actually take me to lowpriceshopper.com in FF when clicking the link.

Anyway, yeah....it appears to be just in Firefox.

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:01 PM

Posted 18 December 2009 - 08:39 AM

Open Firefox and click Tools -> Add-ons
Select the Extensions tab and let me know what extensions are listed there.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 tribefanOH

tribefanOH
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 18 December 2009 - 10:05 AM

Here is what is showing in the Firefox extensions window:
- DNA 10.0.0.1 - Delivery Network Accelerator for BitTorrent (don't know how many times I've tried to get BitTorrent and its other stuff off my computer with no success
- Google Toolbar for Firefox
- Microsoft .NET Framework assistant
- Move Media Player
- Multirow Bookmarks Toolbar
- XULRunner
- Yahoo Toolbar

Got another redirect when I searched for "computer not showing WD MyBook". When I clicked on the result that was supposed to go to a FixYa link or something, got the TrendMicro warning screen again. Clicked back, clicked the result again, and it was fine.

The frequency of the redirects seems to be picking up a bit again....UGH! This virus is a doozy...

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:01 PM

Posted 18 December 2009 - 06:52 PM

Disable XULRunner and let me know if you still get redirected.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 tribefanOH

tribefanOH
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 19 December 2009 - 10:39 AM

Hmmm....interestingly enough, disabling XULRunner seems to have worked. I tested out all the searches I did in the previous few days that had been redirecting me, and got redirected on none of them.

Is there any sort of way to just completely remove this XULRunner thing? Or is that coming up in the next step and I'm getting ahead of myself? :(

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:01 PM

Posted 19 December 2009 - 11:55 AM

You can read about XULRunner here and then decide if you want to disable it.
http://en.wikipedia.org/wiki/XULRunner

It does not appear to be a legitimate extension.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users