I disabled using Defogger, then ran the DDS utility and am supplying the two logs. The GMER utility does not run to completion. It closes before I can save the logs. I saved a log in the middle of the scan and am attaching it. Not sure if it is useful.
Additionally, I ran TDSSkiller and it indicated that I had a 'Driver "atapi" infected by TDSS rootkit!' but it could not cure the problem.
I have also run MalwareBytes and Spybot Search and Destroy and both now provide clean scans but the browser redirect problem still exists.
Please help.
________________
DDS.log:
_______________
DDS (Ver_10-03-17.01) - NTFSx86
Run by Compaq_Administrator at 12:07:25.09 on Fri 04/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.295 [GMT -4:00]
AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\QosServM.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uWindow Title = Windows Internet Explorer provided by Comcast
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AvayaIEHlprObj Class: {e6df0b46-7d6f-407a-a6a2-62d17a021a9a} - c:\program files\avaya\avaya ip softphone\AvayaWebDial.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\compaq_administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [CanonMyPrinter] "c:\program files\canon\myprinter\BJMyPrt.exe" /logon
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [<NO NAME>]
mRun: [PWRESET] c:\program files\avaya\avaya ip softphone\ip service provider\pwreset.exe
mRun: [FPCCSMiddleware] c:\program files\fisher-price\computer cool school\FPCCSMiddleware.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [RunNarrator] Narrator.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: wellington.com\neovpn
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://prod-td.wellmanage.com:8080/qcbin/Spider80.ocx
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://neovpn.wellington.com/Citrix/ICAWEB/en/ica32/wficat.cab,DanaInfo=citrix.wellmanage.com+
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://neovpn.wellington.com/llclient/netscreen2/winxp/,DanaInfo=confidence.wellmanage.com+AXXPEE.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204173775796
DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {7F9B30F1-5129-4F5C-A76C-CE264A6C7D10} - hxxps://neovpn.wellington.com/References_and_Training/IS_Technologies/Applications_and_Tools/Application_Installations/Exceed_onDemand_6/Packages/,DanaInfo=intranet.wellmanage.com+DeployRun.eng.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {9F31B7A4-F438-48B8-AAF5-1C29A8A2B6C1} - hxxp://download.bigflicks.com/cabs/bigflicks_1_0_0_5.cab
DPF: {A8561647-E93C-11D3-AC3B-CE6078F7B616} - hxxp://prod-sentinel/sentinel/3rdParty/vsprint7.cab
DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - hxxp://www.ooxtv.com/livetv.ocx
DPF: {C0A63B86-4B21-11D3-BD95-D426EF2C7949} - hxxp://prod-sentinel/sentinel/3rdParty/vsflex7l.cab
DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} - hxxp://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://download.bigflicks.com/cabs/Entriq_3_6_0_15_Silent.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.tvucricket.com/player/vjocx-en-black.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://spinpalace.microgaming.com/freeplay/FlashAX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://neovpn.wellington.com/dana-cached/sc/JuniperSetupClient.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\0wxt5318.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\0wxt5318.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\compaq_administrator\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 MpKsl44918bce;MpKsl44918bce;c:\documents and settings\all users\application data\microsoft\onecare protection\definition updates\{fa1f114a-a028-40e7-9449-65a761c06078}\MpKsl44918bce.sys [2010-4-30 28752]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2010-2-5 26120]
R3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2008-2-27 53168]
R3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [2005-12-29 503768]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-12-26 29744]
=============== Created Last 30 ================
2010-04-30 16:05:56 0 ----a-w- c:\documents and settings\compaq_administrator\defogger_reenable
2010-04-30 04:11:47 24576 ----a-w- c:\windows\system32\drivers\ymjjhgur.sys
2010-04-29 03:57:41 18 ---ha-w- C:\SYSREST
2010-04-29 02:58:04 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-29 02:58:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-04-29 02:24:56 0 d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes
2010-04-29 02:24:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 02:24:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 02:24:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-29 02:24:38 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 02:16:19 0 d-----w- c:\program files\SpywareBlaster
2010-04-29 01:16:35 6832946 ----a-w- C:\regbackup04292010.reg
2010-04-27 20:01:17 50990 ----a-w- c:\windows\system32\przwlfwjrbm.exe
2010-04-24 11:33:52 552 ----a-w- c:\windows\system32\DO_NOT_DELETE.backupSetID
2010-04-20 03:28:06 0 d-----w- c:\program files\iPod
2010-04-20 03:27:58 0 d-----w- c:\program files\iTunes
2010-04-20 03:27:58 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-20 03:21:24 0 d-----w- c:\program files\Bonjour
==================== Find3M ====================
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 15:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-17 13:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 15:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2006-03-11 13:31:31 4789792 ----a-w- c:\program files\picasa2-current.exe
2008-07-28 14:57:19 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008072820080729\index.dat
============= FINISH: 12:09:35.52 ===============