Browser hijack - out of ideas here

The other day I noticed my browser had been hijacked. I have spent the better part of the last two days trying to clean it up. I tried a system restore, while this helped, it did not correct. At this point I have uninstalled FireFox and started using the Windows version of Safari (which has also been hijacked). I have tried the following:

Ad-aware scans - not finding anything
McAfee Scans - not finding anything
Advanced System Care scans - finding things, but it doesn't tell me what, but also isn't getting rid of this
MalewareBytes scans - not finding anything
CWShreddering - didn't find anything

I am out of ideas I have posted the HiJackThis log if that helps. I am running Vista... also if that helps.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:10 PM, on 2/27/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\Windows\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DpAgent] "C:\Program Files\DigitalPersona\Bin\dpagent.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 8068 bytes


savegreys in Illinois

Hi savegreys, Welcome to Bleeping Computer


Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Thanks SO much for replying! I ran OLT and GMER. GMER locked up the system the first time I ran it, then the system crashed the second time. I went ahead and ran it in safe mode. The results are attached.

Sorry for the delay,

Can you post the OTL logs as well? Thanks

Not a problem... I work with a charity... I know how volunteering and real life stuff can conflict.

Here is the OLT log. The only other thing I have found is Avast found a problem with a LoaderX.class file within Sun (during a boot test). I have updated my java package but have not had a chance to rerun boot test.

Thanks again!

Hi savegreys,

You're welcome.



Run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  CODE
  :Files
  C:\Program Files\IObit
  C:\Users\jcbeans\AppData\Roaming\IObit
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done

We note you are using one or more products from IOBit.
IOBit has been accused by Malwarebytes of illegally using their intellectual property without permission.
Please see this for additional information on these allegations: http://www.malwarebytes.org/forums/index.php?showtopic=29681.
Additionally, both WOT and SiteAdvisor have flagged IOBit's site.

A thread in the IOBit's forum responded to the accusations from MalwareBytes.
It is noteworthy that several responses from users raising specific questions about IOBit's response and finding it unsatisfactory were deleted and the thread was closed.
The bottom line from IOBit was: "No hard proof shows that IObit stole database of Malwarebytes."

At least until the issues of possible database theft and spyware packaging is resolved, I recommend against the use of IOBit products.





Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Edited by SpySentinel, 05 March 2010 - 02:10 PM.

Ok... ran both OTL and ran Malawarebytes quick scan.

Here is the log from Malawarebytes.

Malwarebytes' Anti-Malware 1.44
Database version: 3828
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/6/2010 10:42:03 AM
mbam-log-2010-03-06 (10-42-03).txt

Scan type: Quick Scan
Objects scanned: 105907
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi savegreys


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.




Run ESET Online Scan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the button.
13. Push

You can refer to this animation by neomage if needed.

Ok... I ran both ATF Cleaner and ESET Online Scan. Neither found anything and ESET didn't give me the option to view a list of threats, I suppose because it didn't find any.

Frustrating eh?

Hi savegreys,

How is your computer running?

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Hey SpySentinel,

Things I have learned since originally posting:

1. My system will lock up periodically for about three minutes. Afterward which I get the error "Host process for windows service has stopped working and was closed. It appears to be with svchost.exe. After this my graphics appear funky, everything appears to work, although not pretty. I am also using the system at a limited capacity, only using standalone apps and surfing for solutions for this. The work around for hijacking currently is to open everything in a separate window. Around the time this lockup happens I get several errors in my event viewer.

2. Periodically my java apps will just stop working and I have to reinstall to make them functional.

3. Avast reported the following error with the following file when performing a boot test/scan (still getting it when I do a boot test):
C:\usr\jcbeans\cache\6.0\18\109bffd2-69ec0afe1>myf\y\Loaderx.class

4. There are several tasks in my task scheduler that appear suspicious (lots of numbers and letters in the task name). When I open my task scheduler I get the error message: The task image is corrupt or or tampered with.mcupdate

5. Last night/this morning Avast put an htm file from the following location in it's chest:
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6T09AKA
The Virus Description was: JS:FakeAV-EF[Trj]

6. Back on 2/26 and 2/27 I found that McAfee quarantined several files:
Many have gobbly gook names (lots of numbers and letters), but the detection names with these are: Exploit-PDF.q.gen!stream and Exploit-PDFCVE2008-5353. These files were located either in a Java Sun directory or in the IE Temporary Internet files.
In addition to these files, the atapi.sys file from my C:\Windows\System32\drivers folder was quarantined. This also correlates to the error with this file that was displayed in the GMER file we ran earlier.

So.. that is where I am. Getting really familiar with my system (or moreso than I was), but not really getting any closer to getting rid of this darned thing.

I am sure these logs show what I found plus... I just feel foolish not being able to do anything so apparently running around in circles chasing this things makes me feel productive.

Thanks again for taking time our of your personal life to help a goofball like me fish her system out of the mud!

Here are the logs you requested.

savegreys

Hi sorry for the delay, I will be replying to your log tomorrow.

Hey SpySentinel,

Well, last night things got mission critical. After having scanned with about everything I could think of and really nothing would take care of it I did the unmentionalbe, I downloaded and ran ComboFix.

Upon running it completely crashed my system... blue screen of death flashed and it went into reboot mode. While rebooting it was unable to load the OS and was unable to repair itself. Tried in safe mode... same thing. Tried to restore... something had deleted all of my restore points so no go. Booted with last known good configuration and boom... that got me back into my system. Then I noticed that my browser hijacker wasn't taking over. So, I did an Avast Boot scan and finally... I found a name of a virus. Apparently ComboFix found it and quarantined Win32:Alureon-FR. I deleted this virus file via Avast. I found the ComboFix listing of items it quarantined and it did find quite a few in addition:

Registry_backups\AddRemove-Advanced SystemCare 3_is1.reg.dat
Registry_backups\MSConfigStartUp-mcagent_exe.reg.dat
Registry_backups\SafeBoot-MCODS.reg.dat
Registry_backups\SafeBoot-mcmscsvc.reg.dat
Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
Registry_backups\tcpip.reg
catchme.log
C\Windows\System32\drivers\atapi.sys.vir
C\Users\jcbeans\AppData\Roaming\DataSafeDotNet.exe.vir
C\Windows\System32\oem8.inf.vir
C\Windows\System32\license.rtf.vir

All but the atapi.sys.vir are still in the quarantine directory.

I have removed a bunch of scanning software to clean up my system and removed some of the apps that I don't use/like to reduce security risks due to lack of updates. And then I ran ATF Cleaner.

So, at this point my browser is I don't know if I have have a clean system or not.

I realize this activity may nullify this thread, but it was getting pretty bad as my graphics were getting worse and worse and system performance was really degrading. I would still like to know if my system is clean. I am also noticing that my Task Scheduler is throwing an error that mcupdate has corrupted it, not sure if this is related or not. If another thread(s) are needed please let me know.

Regards,

savegreys

Hello savegreys,

I'll be assisting you while SpySentinel is otherwise occupied with other matters.
Your system had a rootkit infection. I'll need to see copy of C:\Combofix.txt

and also start a new (fresh) run of RSIT.
Please do NOT use the attach feature. Do a Copy & Paste of the logs into body of the reply.

Reply with copy of C:\Combofix.txt
Log.txt
Info.txt

Hey Maurice,

Thanks for subbing!

I ran RSIT, but it seems to only be producting a log file. I realize the info is supposed to be minimized, but does not seem to be showing as minimized or saved to desktop?!

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Here is combofix.txt:

ComboFix 10-03-16.03 - jcbeans 03/17/2010 2:43.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3066.2027 [GMT -5:00]
Running from: c:\users\jcbeans\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1724977159-380299639-1857515196-500
c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\users\jcbeans\AppData\Roaming\DataSafeDotNet.exe
c:\windows\system32\license.rtf
c:\windows\system32\oem8.inf

.
((((((((((((((((((((((((( Files Created from 2010-02-17 to 2010-03-17 )))))))))))))))))))))))))))))))
.

2010-03-17 07:49 . 2010-03-17 07:50 -------- d-----w- c:\users\jcbeans\AppData\Local\temp
2010-03-17 07:49 . 2010-03-17 07:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-17 07:42 . 2010-03-17 07:42 -------- d-----w- C:\32788R22FWJFW
2010-03-17 07:38 . 2010-02-24 15:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-17 04:23 . 2010-03-17 04:23 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-17 04:15 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2010-03-17 04:14 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-03-17 04:14 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-03-17 04:14 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-03-12 00:53 . 2010-03-17 00:43 -------- d-----w- c:\users\jcbeans\AppData\Local\Adobe
2010-03-12 00:51 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-12 00:51 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-12 00:51 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-12 00:51 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-12 00:51 . 2010-03-09 11:08 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-03-12 00:51 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-12 00:51 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-11 06:40 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 06:40 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 06:40 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 00:32 . 2010-03-10 00:32 -------- d-----w- C:\rsit
2010-03-09 02:37 . 2010-03-09 02:37 -------- d-----w- c:\users\jcbeans\AppData\Local\Apple
2010-03-07 09:09 . 2010-03-07 09:09 -------- d-----w- c:\programdata\Downloaded Installations
2010-03-07 01:25 . 2010-03-07 01:25 -------- d-----w- c:\program files\ESET
2010-03-06 16:26 . 2010-03-06 16:26 -------- d-----w- C:\_OTL
2010-03-05 05:17 . 2010-03-05 05:33 -------- d-----w- c:\programdata\PC Tools
2010-03-05 05:07 . 2010-03-05 05:07 52224 ----a-w- c:\users\jcbeans\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-05 05:07 . 2010-03-16 00:33 117760 ----a-w- c:\users\jcbeans\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-05 05:06 . 2010-03-05 05:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-03-05 05:06 . 2010-03-05 18:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-05 05:06 . 2010-03-05 05:06 -------- d-----w- c:\users\jcbeans\AppData\Roaming\SUPERAntiSpyware.com
2010-03-05 05:06 . 2010-03-05 05:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-05 03:34 . 2009-12-17 23:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-05 01:51 . 2010-03-05 01:51 -------- d-----w- c:\programdata\Alwil Software
2010-03-05 01:51 . 2010-03-12 00:51 -------- d-----w- c:\program files\Alwil Software
2010-02-27 23:38 . 2010-02-27 23:38 120460 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-27 02:10 . 2010-02-27 02:10 2 --shatr- c:\windows\winstart.bat
2010-02-27 01:14 . 2010-02-27 01:14 -------- d-----w- c:\users\jcbeans\AppData\Roaming\Malwarebytes
2010-02-27 01:14 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-27 01:14 . 2010-02-27 01:14 -------- d-----w- c:\programdata\Malwarebytes
2010-02-27 01:14 . 2010-02-27 01:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-27 01:14 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-27 00:53 . 2010-02-27 00:53 -------- d-----w- c:\program files\Trend Micro
2010-02-26 23:21 . 2010-02-26 23:21 -------- d-----w- c:\users\jcbeans\AppData\Roaming\Uniblue
2010-02-26 19:13 . 2010-02-26 19:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-26 19:11 . 2010-03-17 07:17 -------- d-----w- c:\programdata\Lavasoft
2010-02-26 17:57 . 2010-02-26 17:58 -------- d-----w- c:\windows\system32\ca-ES
2010-02-26 17:57 . 2010-02-26 17:58 -------- d-----w- c:\windows\system32\eu-ES
2010-02-26 17:57 . 2010-02-26 17:58 -------- d-----w- c:\windows\system32\vi-VN
2010-02-26 17:31 . 2010-02-26 17:31 -------- d-----w- c:\windows\system32\EventProviders
2010-02-26 14:20 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-26 10:10 . 2010-02-26 10:10 -------- d-----w- c:\program files\Mozilla Firefox(45)
2010-02-26 06:20 . 2010-02-26 13:31 -------- d-----w- c:\program files\a-squared Anti-Malware
2010-02-26 05:45 . 2010-02-26 05:45 -------- d-----w- c:\users\jcbeans\AppData\Roaming\AVG8
2010-02-26 02:49 . 2010-02-26 02:49 -------- d-----w- c:\windows\Sun
2010-02-22 00:33 . 2010-02-22 00:33 -------- d-----w- c:\program files\Ancestry(0)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-17 07:36 . 2008-11-26 03:28 -------- d-----w- c:\programdata\McAfee
2010-03-17 04:28 . 2009-01-22 00:17 69504 ----a-w- c:\users\jcbeans\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-17 04:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-17 04:22 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-17 04:21 . 2010-03-17 04:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-17 00:08 . 2010-03-16 23:54 -------- d-----w- c:\programdata\SecTaskMan
2010-03-16 11:45 . 2009-03-15 02:07 -------- d-----w- c:\program files\VS Revo Group
2010-03-12 20:52 . 2009-01-28 03:46 626 ----a-w- c:\users\jcbeans\jobq.dat
2010-03-11 06:54 . 2009-04-21 15:10 7512 ----a-w- c:\users\jcbeans\AppData\Local\d3d9caps.dat
2010-03-07 09:12 . 2008-11-26 03:31 -------- d-----w- c:\program files\DigitalPersona
2010-03-05 05:17 . 2010-01-30 22:28 -------- d-----w- c:\users\jcbeans\AppData\Roaming\GetRightToGo
2010-03-05 03:44 . 2008-11-26 03:21 -------- d-----w- c:\program files\Common Files\Java
2010-03-05 03:44 . 2008-11-26 03:21 -------- d-----w- c:\program files\Java
2010-02-27 02:31 . 2008-11-26 03:28 -------- d-----w- c:\program files\Google
2010-02-26 17:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-02-26 17:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-02-26 17:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-02-26 17:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-02-26 17:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-02-26 17:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-02-26 17:57 . 2009-09-18 04:19 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-26 17:57 . 2009-09-18 04:19 21560 ----a-w- c:\windows\system32\drivers\atapi.svs
2010-02-26 13:52 . 2009-03-12 02:49 -------- d-----w- c:\users\jcbeans\AppData\Roaming\The Master Genealogist v7
2010-02-26 13:52 . 2009-11-17 23:45 -------- d-----w- c:\program files\Ancestry
2010-02-07 23:46 . 2010-02-07 23:46 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb7126.tmp.exe
2010-02-01 23:13 . 2010-01-29 21:43 -------- d-----w- c:\program files\iTunes
2010-02-01 23:12 . 2010-02-01 23:12 -------- d-----w- c:\program files\iPod
2010-02-01 23:12 . 2009-03-13 01:58 -------- d-----w- c:\program files\Common Files\Apple
2010-02-01 23:07 . 2010-02-01 23:07 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-30 22:01 . 2010-01-30 20:57 -------- d-----w- c:\program files\Common Files\Real
2010-01-30 21:15 . 2010-01-30 20:44 -------- d-----w- c:\program files\AVS4YOU
2010-01-30 21:14 . 2010-01-30 21:14 -------- d-----w- c:\users\jcbeans\AppData\Roaming\NCH Software
2010-01-30 21:09 . 2010-01-30 21:09 -------- d-----w- c:\programdata\NCH Swift Sound
2010-01-30 21:09 . 2010-01-30 21:09 -------- d-----w- c:\users\jcbeans\AppData\Roaming\NCH Swift Sound
2010-01-30 20:45 . 2010-01-30 20:45 -------- d-----w- c:\programdata\AVS4YOU
2010-01-30 20:45 . 2010-01-30 20:45 -------- d-----w- c:\users\jcbeans\AppData\Roaming\AVS4YOU
2010-01-30 20:45 . 2010-01-30 20:44 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-01-30 19:41 . 2009-03-13 02:08 -------- d-----w- c:\users\jcbeans\AppData\Roaming\Apple Computer
2010-01-30 19:21 . 2009-03-13 01:58 -------- d-----w- c:\programdata\Apple
2010-01-29 21:44 . 2010-01-29 21:43 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-29 21:41 . 2010-01-29 21:41 -------- d-----w- c:\program files\QuickTime
2010-01-29 21:32 . 2010-01-29 21:32 -------- d-----w- c:\program files\Safari
2010-01-29 21:30 . 2010-01-29 21:30 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2010-01-25 12:00 . 2010-03-17 03:18 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-03-17 03:18 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-03-17 03:18 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-03-17 03:18 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-03-17 03:18 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-03-17 03:18 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-03-17 03:18 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-03-17 03:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-03-17 03:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-15 19:00 . 2010-01-30 22:31 23096 ----a-w- c:\windows\system32\drivers\SndTAudio.sys
2010-01-15 18:55 . 2010-01-30 21:42 23096 ----a-w- c:\windows\system32\drivers\CamdAudio.sys
2010-01-15 18:51 . 2010-01-30 23:05 23096 ----a-w- c:\windows\system32\drivers\DrmCAudio.sys
2010-01-06 15:39 . 2010-03-17 03:18 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-03-17 03:18 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-03-17 03:18 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-03-17 03:18 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-03-17 03:18 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-03-17 03:18 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-03-17 03:18 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-02 06:38 . 2010-01-21 22:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 22:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 22:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 22:34 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-11-26 03:35 . 2008-11-26 03:35 76 --sh--r- c:\windows\CT4CET.bin
2008-11-26 04:46 . 2008-11-26 04:45 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-26 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-07-17 442433]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-05-12 842816]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-26 03:40 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2009-07-07 15:23 1779952 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-03-05 18:11 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:b0,a4,66,22,0e,b7,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1724977159-380299639-1857515196-1000]
"EnableNotificationsRef"=dword:00000001

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 135664]
R3 CamdAudio;CamdAudio;c:\windows\system32\drivers\CamdAudio.sys [2010-01-15 23096]
R3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\DrmCAudio.sys [2010-01-15 23096]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-03-05 12872]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2010-01-15 23096]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-03-05 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-03-05 66632]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [2008-07-17 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-05-05 1168632]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-07-03 475136]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-07-28 54784]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-05-29 203264]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-09-22 144672]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-09-22 277632]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 00:38]

2010-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 00:38]
.
.
------- Supplementary Scan -------
.
uStart Page = google.com
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
AddRemove-Advanced SystemCare 3_is1 - c:\program files\IObit\Advanced SystemCare 3\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-17 02:50
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(660)
c:\windows\system32\DPPWDFLT.dll
.
Completion time: 2010-03-17 02:52:27
ComboFix-quarantined-files.txt 2010-03-17 07:52

Pre-Run: 193,093,742,592 bytes free
Post-Run: 192,626,782,208 bytes free

Current=4 Default=4 Failed=1 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 462149316CFE7258CE73760D30771F3A


------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


And the results from RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by jcbeans at 2010-03-20 10:28:28
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 178 GB (78%) free of 228 GB
Total RAM: 3066 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:57 AM, on 3/20/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\WinSCP\WinSCP.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\jcbeans\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\jcbeans.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\Windows\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 7424 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
DigitalPersona Fingerprint Software Extension - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-05-12 1256512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-07 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-07 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-07 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2008-07-17 196608]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2008-08-05 3563520]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2008-01-14 132392]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-07-17 442433]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"DpAgent"=C:\Program Files\DigitalPersona\Bin\dpagent.exe [2009-05-12 842816]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2769336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-25 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [2009-07-07 1779952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-11-25 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-03-18 21:21:40 ----D---- C:\Program Files\Mozilla Firefox
2010-03-17 02:52:32 ----SHD---- C:\$RECYCLE.BIN
2010-03-17 02:52:27 ----A---- C:\ComboFix.txt
2010-03-17 02:49:48 ----D---- C:\Windows\temp
2010-03-17 02:42:16 ----A---- C:\Windows\SWXCACLS.exe
2010-03-17 02:42:13 ----D---- C:\32788R22FWJFW
2010-03-17 02:38:33 ----N---- C:\Windows\system32\MpSigStub.exe
2010-03-16 23:23:21 ----D---- C:\Program Files\Windows Portable Devices
2010-03-16 23:16:33 ----A---- C:\Windows\system32\UIAnimation.dll
2010-03-16 23:16:32 ----A---- C:\Windows\system32\UIRibbonRes.dll
2010-03-16 23:16:32 ----A---- C:\Windows\system32\UIRibbon.dll
2010-03-16 23:16:01 ----A---- C:\Windows\system32\WMPhoto.dll
2010-03-16 23:16:00 ----A---- C:\Windows\system32\xpsservices.dll
2010-03-16 23:16:00 ----A---- C:\Windows\system32\XpsRasterService.dll
2010-03-16 23:16:00 ----A---- C:\Windows\system32\XpsPrint.dll
2010-03-16 23:16:00 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2010-03-16 23:16:00 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2010-03-16 23:16:00 ----A---- C:\Windows\system32\WindowsCodecs.dll
2010-03-16 23:16:00 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-03-16 23:16:00 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-03-16 23:16:00 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2010-03-16 23:16:00 ----A---- C:\Windows\system32\OpcServices.dll
2010-03-16 23:16:00 ----A---- C:\Windows\system32\FntCache.dll
2010-03-16 23:16:00 ----A---- C:\Windows\system32\dxdiagn.dll
2010-03-16 23:16:00 ----A---- C:\Windows\system32\dxdiag.exe
2010-03-16 23:16:00 ----A---- C:\Windows\system32\d3d10warp.dll
2010-03-16 23:16:00 ----A---- C:\Windows\system32\d2d1.dll
2010-03-16 23:16:00 ----A---- C:\Windows\system32\cdd.dll
2010-03-16 23:15:59 ----A---- C:\Windows\system32\dxgi.dll
2010-03-16 23:15:59 ----A---- C:\Windows\system32\DWrite.dll
2010-03-16 23:15:59 ----A---- C:\Windows\system32\d3d11.dll
2010-03-16 23:15:59 ----A---- C:\Windows\system32\d3d10level9.dll
2010-03-16 23:15:59 ----A---- C:\Windows\system32\d3d10core.dll
2010-03-16 23:15:59 ----A---- C:\Windows\system32\d3d10_1core.dll
2010-03-16 23:15:59 ----A---- C:\Windows\system32\d3d10_1.dll
2010-03-16 23:15:59 ----A---- C:\Windows\system32\d3d10.dll
2010-03-16 23:15:31 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2010-03-16 23:15:31 ----A---- C:\Windows\system32\wpdbusenum.dll
2010-03-16 23:15:31 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2010-03-16 23:15:28 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2010-03-16 23:15:27 ----A---- C:\Windows\system32\WPDSp.dll
2010-03-16 23:15:27 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2010-03-16 23:15:27 ----A---- C:\Windows\system32\wpdshext.dll
2010-03-16 23:15:27 ----A---- C:\Windows\system32\wpd_ci.dll
2010-03-16 23:15:27 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2010-03-16 23:15:27 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2010-03-16 23:15:27 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2010-03-16 23:15:27 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2010-03-16 23:14:17 ----A---- C:\Windows\system32\UIAutomationCore.dll
2010-03-16 23:14:17 ----A---- C:\Windows\system32\oleaccrc.dll
2010-03-16 23:14:17 ----A---- C:\Windows\system32\oleacc.dll
2010-03-16 22:18:47 ----A---- C:\Windows\system32\secproc_isv.dll
2010-03-16 22:18:47 ----A---- C:\Windows\system32\secproc.dll
2010-03-16 22:18:46 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-03-16 22:18:45 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-03-16 22:18:45 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-03-16 22:18:45 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-03-16 22:18:45 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-03-16 22:18:45 ----A---- C:\Windows\system32\RMActivate.exe
2010-03-16 22:18:45 ----A---- C:\Windows\system32\msdrm.dll
2010-03-16 22:18:40 ----A---- C:\Windows\system32\gameux.dll
2010-03-16 22:18:39 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-03-16 22:18:39 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-03-16 22:18:24 ----A---- C:\Windows\system32\wmp.dll
2010-03-16 22:18:22 ----A---- C:\Windows\system32\unregmp2.exe
2010-03-16 22:18:20 ----A---- C:\Windows\system32\wmploc.DLL
2010-03-16 20:27:47 ----A---- C:\Windows\NIRCMD.exe
2010-03-16 20:27:47 ----A---- C:\Windows\MBR.exe
2010-03-16 20:27:44 ----A---- C:\Windows\zip.exe
2010-03-16 20:27:44 ----A---- C:\Windows\SWSC.exe
2010-03-16 20:27:44 ----A---- C:\Windows\SWREG.exe
2010-03-16 20:27:44 ----A---- C:\Windows\sed.exe
2010-03-16 20:27:44 ----A---- C:\Windows\PEV.exe
2010-03-16 20:27:44 ----A---- C:\Windows\grep.exe
2010-03-16 20:27:37 ----D---- C:\Windows\ERDNT
2010-03-16 20:22:59 ----D---- C:\Qoobox
2010-03-16 19:43:53 ----D---- C:\Config.Msi
2010-03-16 18:54:06 ----D---- C:\ProgramData\SecTaskMan
2010-03-11 19:51:29 ----A---- C:\Windows\system32\aswBoot.exe
2010-03-11 01:40:46 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-11 01:40:44 ----A---- C:\Windows\system32\httpapi.dll
2010-03-09 19:32:00 ----D---- C:\rsit
2010-03-07 04:12:44 ----ASH---- C:\Users\jcbeans\AppData\Roaming\desktop.ini
2010-03-07 04:12:25 ----D---- C:\Windows\system32\tr
2010-03-07 04:12:25 ----D---- C:\Windows\system32\sv
2010-03-07 04:12:25 ----D---- C:\Windows\system32\ru
2010-03-07 04:12:24 ----D---- C:\Windows\system32\no
2010-03-07 04:12:24 ----D---- C:\Windows\system32\da
2010-03-07 04:12:18 ----D---- C:\Windows\system32\ko
2010-03-07 04:12:18 ----D---- C:\Windows\system32\ja
2010-03-07 04:12:18 ----D---- C:\Windows\system32\it
2010-03-07 04:12:18 ----D---- C:\Windows\system32\fr
2010-03-07 04:12:18 ----D---- C:\Windows\system32\es
2010-03-07 04:12:18 ----D---- C:\Windows\system32\de
2010-03-07 04:12:15 ----D---- C:\Windows\DPDrv
2010-03-07 04:09:34 ----D---- C:\ProgramData\Downloaded Installations
2010-03-06 20:25:20 ----D---- C:\Program Files\ESET
2010-03-06 11:26:41 ----D---- C:\_OTL
2010-03-05 00:17:54 ----D---- C:\ProgramData\PC Tools
2010-03-05 00:06:55 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-03-05 00:06:49 ----D---- C:\Users\jcbeans\AppData\Roaming\SUPERAntiSpyware.com
2010-03-04 22:44:26 ----D---- C:\ProgramData\Sun
2010-03-04 22:44:10 ----A---- C:\Windows\system32\javaws.exe
2010-03-04 22:44:10 ----A---- C:\Windows\system32\javaw.exe
2010-03-04 22:44:10 ----A---- C:\Windows\system32\java.exe
2010-03-04 22:34:45 ----A---- C:\Windows\system32\deploytk.dll
2010-03-04 20:51:21 ----D---- C:\ProgramData\Alwil Software
2010-03-04 20:51:20 ----D---- C:\Program Files\Alwil Software
2010-02-27 20:15:54 ----A---- C:\Windows\ntbtlog.txt
2010-02-26 21:13:43 ----A---- C:\Windows\system32\PARTIZAN.TXT
2010-02-26 21:10:56 ----RASHOT---- C:\Windows\winstart.bat
2010-02-26 20:14:58 ----D---- C:\Users\jcbeans\AppData\Roaming\Malwarebytes
2010-02-26 20:14:53 ----D---- C:\ProgramData\Malwarebytes
2010-02-26 20:14:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-26 19:53:20 ----D---- C:\Program Files\Trend Micro
2010-02-26 18:21:03 ----D---- C:\Users\jcbeans\AppData\Roaming\Uniblue
2010-02-26 14:11:04 ----D---- C:\ProgramData\Lavasoft
2010-02-26 12:57:45 ----D---- C:\Windows\system32\eu-ES
2010-02-26 12:57:45 ----D---- C:\Windows\system32\ca-ES
2010-02-26 12:57:43 ----D---- C:\Windows\system32\vi-VN
2010-02-26 12:31:55 ----D---- C:\Windows\system32\EventProviders
2010-02-26 09:20:11 ----A---- C:\Windows\system32\jscript.dll
2010-02-26 09:20:00 ----A---- C:\Windows\system32\tzres.dll
2010-02-26 09:12:49 ----D---- C:\Windows\Minidump
2010-02-26 05:10:03 ----D---- C:\Program Files\Mozilla Firefox(45)
2010-02-26 01:20:58 ----D---- C:\Program Files\a-squared Anti-Malware
2010-02-26 00:45:15 ----D---- C:\Users\jcbeans\AppData\Roaming\AVG8
2010-02-25 22:46:16 ----AD---- C:\ProgramData\TEMP
2010-02-25 21:49:51 ----D---- C:\Windows\Sun
2010-02-21 19:33:46 ----D---- C:\Program Files\Ancestry(0)

======List of files/folders modified in the last 1 months======

2010-03-20 10:28:39 ----D---- C:\Windows\Prefetch
2010-03-20 10:20:28 ----D---- C:\Windows\System32
2010-03-20 10:20:28 ----D---- C:\Windows\inf
2010-03-20 10:20:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-18 21:21:45 ----D---- C:\Users\jcbeans\AppData\Roaming\Mozilla
2010-03-18 21:21:40 ----RD---- C:\Program Files
2010-03-18 18:01:37 ----SHD---- C:\Windows\Installer
2010-03-18 17:36:01 ----SHD---- C:\System Volume Information
2010-03-17 21:31:02 ----D---- C:\Windows\rescache
2010-03-17 02:58:07 ----D---- C:\Program Files\Common Files
2010-03-17 02:51:43 ----D---- C:\Windows\Tasks
2010-03-17 02:50:04 ----D---- C:\Windows
2010-03-17 02:50:04 ----A---- C:\Windows\system.ini
2010-03-17 02:46:48 ----D---- C:\Windows\system32\drivers
2010-03-17 02:46:48 ----D---- C:\Windows\AppPatch
2010-03-17 02:36:09 ----D---- C:\ProgramData\McAfee
2010-03-17 02:26:57 ----D---- C:\Windows\system32\catroot
2010-03-17 02:22:30 ----D---- C:\Windows\system32\catroot2
2010-03-17 02:18:51 ----D---- C:\ProgramData
2010-03-17 02:17:35 ----DC---- C:\Windows\system32\DRVSTORE
2010-03-17 00:02:02 ----D---- C:\Windows\winsxs
2010-03-16 23:43:31 ----D---- C:\Windows\Microsoft.NET
2010-03-16 23:42:59 ----RSD---- C:\Windows\assembly
2010-03-16 23:30:34 ----D---- C:\Windows\system32\LogFiles
2010-03-16 23:28:13 ----D---- C:\Windows\system32\Tasks
2010-03-16 23:23:32 ----D---- C:\Windows\system32\en-US
2010-03-16 23:23:16 ----D---- C:\Windows\system32\wbem
2010-03-16 23:22:48 ----D---- C:\Windows\system32\pt-BR
2010-03-16 23:22:48 ----D---- C:\Windows\system32\bg-BG
2010-03-16 23:22:46 ----D---- C:\Windows\system32\it-IT
2010-03-16 23:22:46 ----D---- C:\Windows\system32\he-IL
2010-03-16 23:22:45 ----D---- C:\Windows\system32\pt-PT
2010-03-16 23:22:44 ----D---- C:\Windows\system32\uk-UA
2010-03-16 23:22:44 ----D---- C:\Windows\system32\pl-PL
2010-03-16 23:22:43 ----D---- C:\Windows\system32\ko-KR
2010-03-16 23:22:43 ----D---- C:\Windows\system32\hu-HU
2010-03-16 23:22:43 ----D---- C:\Windows\system32\hr-HR
2010-03-16 23:22:42 ----D---- C:\Windows\system32\zh-HK
2010-03-16 23:22:42 ----D---- C:\Windows\system32\sl-SI
2010-03-16 23:22:41 ----D---- C:\Windows\system32\el-GR
2010-03-16 23:22:40 ----D---- C:\Windows\system32\nl-NL
2010-03-16 23:22:40 ----D---- C:\Windows\system32\fr-FR
2010-03-16 23:22:40 ----D---- C:\Windows\system32\fi-FI
2010-03-16 23:22:39 ----D---- C:\Windows\system32\tr-TR
2010-03-16 23:22:39 ----D---- C:\Windows\system32\sr-Latn-CS
2010-03-16 23:22:38 ----D---- C:\Windows\system32\th-TH
2010-03-16 23:22:38 ----D---- C:\Windows\system32\sv-SE
2010-03-16 23:22:37 ----D---- C:\Windows\system32\lv-LV
2010-03-16 23:22:37 ----D---- C:\Windows\system32\lt-LT
2010-03-16 23:22:37 ----D---- C:\Windows\system32\es-ES
2010-03-16 23:22:36 ----D---- C:\Windows\system32\zh-TW
2010-03-16 23:22:35 ----D---- C:\Windows\system32\sk-SK
2010-03-16 23:22:35 ----D---- C:\Windows\system32\et-EE
2010-03-16 23:22:34 ----D---- C:\Windows\system32\de-DE
2010-03-16 23:22:34 ----D---- C:\Windows\system32\cs-CZ
2010-03-16 23:22:33 ----D---- C:\Windows\system32\zh-CN
2010-03-16 23:22:33 ----D---- C:\Windows\system32\ja-JP
2010-03-16 23:22:32 ----D---- C:\Windows\system32\ar-SA
2010-03-16 23:22:31 ----D---- C:\Windows\system32\ru-RU
2010-03-16 23:22:31 ----D---- C:\Windows\system32\ro-RO
2010-03-16 23:22:30 ----D---- C:\Windows\system32\nb-NO
2010-03-16 23:22:29 ----D---- C:\Windows\system32\da-DK
2010-03-16 23:22:17 ----D---- C:\Program Files\Internet Explorer
2010-03-16 23:22:15 ----D---- C:\Windows\ehome
2010-03-16 23:22:12 ----D---- C:\Program Files\Windows Mail
2010-03-16 23:22:03 ----D---- C:\Program Files\Windows Media Player
2010-03-16 23:22:02 ----RSD---- C:\Windows\Fonts
2010-03-16 22:05:17 ----D---- C:\Windows\Logs
2010-03-16 19:46:57 ----D---- C:\Program Files\Adobe
2010-03-16 19:44:00 ----D---- C:\ProgramData\Adobe
2010-03-16 06:45:33 ----D---- C:\Program Files\VS Revo Group
2010-03-11 01:45:19 ----D---- C:\Program Files\Movie Maker
2010-03-09 06:55:30 ----SD---- C:\ProgramData\Microsoft
2010-03-07 04:12:14 ----D---- C:\Program Files\DigitalPersona
2010-03-05 00:17:43 ----D---- C:\Users\jcbeans\AppData\Roaming\GetRightToGo
2010-03-04 22:44:24 ----D---- C:\Program Files\Common Files\Java
2010-03-04 22:44:07 ----D---- C:\Program Files\Java
2010-03-02 00:30:12 ----A---- C:\Windows\system32\mrt.exe
2010-02-26 21:31:05 ----D---- C:\Program Files\Google
2010-02-26 14:18:34 ----D---- C:\Windows\system32\WDI
2010-02-26 13:04:53 ----D---- C:\boot
2010-02-26 12:59:07 ----D---- C:\Program Files\Windows Calendar
2010-02-26 12:59:06 ----D---- C:\Program Files\Windows Sidebar
2010-02-26 12:59:05 ----D---- C:\Program Files\Windows Journal
2010-02-26 12:59:05 ----D---- C:\Program Files\Windows Collaboration
2010-02-26 12:59:04 ----D---- C:\Program Files\Windows Photo Gallery
2010-02-26 12:59:04 ----D---- C:\Program Files\Common Files\System
2010-02-26 12:59:01 ----D---- C:\Windows\servicing
2010-02-26 12:59:01 ----D---- C:\Program Files\Windows Defender
2010-02-26 12:58:53 ----D---- C:\Windows\system32\XPSViewer
2010-02-26 12:58:53 ----D---- C:\Windows\IME
2010-02-26 12:58:45 ----D---- C:\Windows\system32\oobe
2010-02-26 12:58:45 ----D---- C:\Windows\system32\migration
2010-02-26 12:58:43 ----D---- C:\Windows\system32\SLUI
2010-02-26 12:58:43 ----D---- C:\Windows\system32\setup
2010-02-26 12:58:43 ----D---- C:\Windows\system32\AdvancedInstallers
2010-02-26 12:58:42 ----D---- C:\Windows\system32\manifeststore
2010-02-26 12:58:42 ----D---- C:\Windows\system32\en
2010-02-26 12:58:37 ----D---- C:\Windows\system32\migwiz
2010-02-26 12:57:43 ----D---- C:\Windows\system32\Boot
2010-02-26 08:52:34 ----D---- C:\Windows\system32\config
2010-02-26 08:52:22 ----D---- C:\Windows\system32\spool
2010-02-26 08:52:22 ----D---- C:\Windows\system32\Msdtc
2010-02-26 08:52:22 ----D---- C:\Windows\system32\CodeIntegrity
2010-02-26 08:52:22 ----D---- C:\Users\jcbeans\AppData\Roaming\The Master Genealogist v7
2010-02-26 08:52:19 ----D---- C:\Windows\registration
2010-02-26 08:52:19 ----D---- C:\Program Files\Ancestry

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-03-09 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-03-09 46672]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-07-03 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2008-07-03 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2008-07-03 38400]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-07-17 170032]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-07-18 3847168]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2008-07-03 475136]
R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2008-08-05 18424]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-08-05 1207288]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2008-07-28 54784]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2008-05-29 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver; C:\Windows\system32\DRIVERS\OA001Ufd.sys [2008-09-22 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver; C:\Windows\system32\DRIVERS\OA001Vid.sys [2008-09-22 277632]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-07-17 379904]
R3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys []
S3 CamdAudio;CamdAudio; C:\Windows\system32\drivers\CamdAudio.sys [2010-01-15 23096]
S3 catchme;catchme; \??\C:\Users\jcbeans\AppData\Local\Temp\catchme.sys []
S3 DrmCAudio;DrmCAudio; C:\Windows\system32\drivers\DrmCAudio.sys [2010-01-15 23096]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-07-18 3847168]
S3 SndTAudio;SndTAudio; C:\Windows\system32\drivers\SndTAudio.sys [2010-01-15 23096]
S3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [2008-07-17 73728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-07-18 692224]
R2 ATService;AuthenTec Fingerprint Service; C:\Program Files\Fingerprint Sensor\AtService.exe [2008-05-05 1168632]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2008-11-25 72704]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [2008-07-28 44032]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
R2 DpHost;@C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2009-05-12 322624]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe [2008-07-17 221239]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2008-08-05 24064]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-11-25 16680]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-24 182768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]

-----------------EOF-----------------


------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------