Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus / Google 'Server not found'


  • Please log in to reply
65 replies to this topic

#16 jimb6387

jimb6387
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 12 August 2010 - 05:04 AM

Sorry for the delay in getting back to you. My daughter has been taking up a lot of my time.

I am still having problems with redirects. The site name (I want) will be in the address bar but www.soundsofopera.com takes over and tries to redirect me. Often times, I end up getting hung up at www.google-analytics.com.



BC AdBot (Login to Remove)

 


#17 jimb6387

jimb6387
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 12 August 2010 - 05:09 AM

Please don't take my donation as an insult. Your help has been invaluable. I really couldn't afford even that much but wanted to at least show my appreciation. I am a carpenter and things have been real tough for several years. I hope you understand.

#18 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:43 PM

Posted 12 August 2010 - 02:29 PM

Please please don't be sorry. I think I would be more upset if you were here all the time instead of with your daughter under these circumstances. I have 6 kids, so trust me, I understand. smile.gif

Aww....why didn't you tell me when I asked you how it was running? When you said it was running better I assumed you meant the redirects were gone as well.

Please download and run ComboFix again, just like you did before. Reboot after it's done. Post the report in your reply and tell me if you're still redirected. thumbup2.gif

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#19 jimb6387

jimb6387
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 12 August 2010 - 07:10 PM


Here is the results from ComboFix. Do you want me to run all the other stuff too?

ComboFix 10-08-12.02 - Jim 08/12/2010 19:35:14.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.472 [GMT -4:00]
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-07-12 to 2010-08-12 )))))))))))))))))))))))))))))))
.

2010-08-12 10:51 . 2010-08-12 11:31 -------- d-----w- C:\BTGUARD
2010-08-12 10:31 . 2010-08-12 10:31 -------- d-----w- c:\program files\uTorrent
2010-08-12 01:20 . 2010-08-12 01:20 -------- d-----w- c:\program files\7-Zip
2010-08-11 05:57 . 2010-08-11 05:57 -------- d-----w- c:\documents and settings\Jim\Application Data\Leadertech
2010-08-11 05:56 . 2010-08-11 10:49 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-08-11 05:56 . 2008-11-07 22:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-08-11 05:56 . 2010-03-18 09:01 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-08-11 05:54 . 2010-08-11 05:57 -------- d-----w- c:\documents and settings\Jim\Application Data\Logitech
2010-08-11 05:54 . 2010-08-11 05:54 -------- d-----w- c:\documents and settings\Jim\Application Data\Logishrd
2010-08-11 02:25 . 2010-08-11 02:24 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-10 23:32 . 2010-08-12 02:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-10 23:11 . 2010-08-10 23:11 -------- d-----w- c:\documents and settings\Jim\Application Data\Malwarebytes
2010-08-06 11:08 . 2010-08-06 11:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-08-06 10:57 . 2010-08-06 10:57 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-08-06 10:13 . 2010-08-06 10:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2010-08-06 10:13 . 2009-09-06 21:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Help
2010-08-03 12:48 . 2010-08-03 12:48 -------- d-----w- c:\documents and settings\Jim\Application Data\Yahoo!
2010-08-03 03:43 . 2010-08-03 03:43 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-08-03 02:37 . 2010-08-03 02:45 -------- d-----w- c:\documents and settings\Jim\Application Data\DivX
2010-08-03 02:34 . 2010-08-03 03:45 -------- d-----w- c:\program files\DivX
2010-08-03 02:33 . 2010-08-03 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-08-03 01:31 . 2010-08-03 01:31 -------- d-----w- c:\documents and settings\Jim\Application Data\CherryPickerLive
2010-08-03 00:31 . 2010-08-03 00:31 -------- d-----w- c:\program files\CherryPicker
2010-08-01 13:02 . 2010-08-11 02:18 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-07-31 00:51 . 2010-08-01 12:43 -------- d-----w- c:\documents and settings\Jim\Application Data\SafeReturner
2010-07-31 00:51 . 2010-08-06 10:06 -------- d-----w- c:\program files\Safe Returner
2010-07-29 03:52 . 2010-07-29 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-07-29 03:51 . 2010-07-29 03:51 -------- d-----w- c:\documents and settings\Jim\Local Settings\Application Data\Help
2010-07-26 01:01 . 2010-07-26 01:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-25 18:28 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-25 18:28 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-25 18:28 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-07-25 18:28 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-25 18:28 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-07-25 18:28 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-07-25 18:28 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-25 18:28 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-25 18:28 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-07-25 18:27 . 2010-07-25 18:27 -------- d-----w- c:\program files\Alwil Software
2010-07-25 18:27 . 2010-07-25 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-23 23:54 . 2010-07-23 23:54 -------- d--h--w- c:\windows\PIF
2010-07-23 22:45 . 2010-07-23 22:45 -------- d-----w- c:\documents and settings\Jim\Local Settings\Application Data\Winamp Toolbar
2010-07-21 00:45 . 2010-07-21 00:45 -------- d-----w- c:\documents and settings\Jim\Local Settings\Application Data\TechSmith
2010-07-21 00:44 . 2010-07-21 00:44 -------- d-----w- c:\program files\TechSmith
2010-07-21 00:43 . 2010-07-21 00:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-20 21:37 . 2010-07-20 21:37 -------- d-----w- c:\program files\Winamp Toolbar
2010-07-20 21:37 . 2010-07-20 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2010-07-18 04:02 . 2010-08-12 11:31 707360 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-17 22:43 . 2010-07-17 22:43 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2010-07-17 21:25 . 2010-07-17 21:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\IsolatedStorage
2010-07-17 21:25 . 2010-07-17 21:25 -------- d-----w- c:\documents and settings\Jim\Local Settings\Application Data\Intuit
2010-07-17 21:24 . 2010-07-17 21:24 -------- d-----w- c:\documents and settings\Jim\Application Data\Intuit
2010-07-14 09:13 . 2010-07-14 09:13 -------- d-----w- c:\program files\ConvertHelper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 23:48 . 2009-09-05 03:03 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-12 22:52 . 2009-09-05 06:54 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-12 11:26 . 2010-03-13 05:49 -------- d-----w- c:\documents and settings\Jim\Application Data\uTorrent
2010-08-12 02:54 . 2009-09-05 04:21 -------- d-----w- c:\program files\FastStone Capture
2010-08-11 20:58 . 2010-02-27 03:04 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Nitro PDF
2010-08-11 05:57 . 2010-08-11 05:57 53248 ----a-r- c:\documents and settings\Jim\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-08-11 05:57 . 2009-09-05 04:12 -------- d-----w- c:\program files\Common Files\Logishrd
2010-08-11 05:57 . 2009-09-06 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-08-11 05:56 . 2010-08-11 05:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-08-11 05:55 . 2009-09-05 04:29 -------- d-----w- c:\program files\Logitech
2010-08-11 02:25 . 2010-08-11 02:25 61440 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-795ebd06-n\decora-sse.dll
2010-08-11 02:25 . 2010-08-11 02:25 503808 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ecafc3f-n\msvcp71.dll
2010-08-11 02:25 . 2010-08-11 02:25 499712 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ecafc3f-n\jmc.dll
2010-08-11 02:25 . 2010-08-11 02:25 348160 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ecafc3f-n\msvcr71.dll
2010-08-11 02:25 . 2010-08-11 02:25 12800 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-795ebd06-n\decora-d3d.dll
2010-08-11 00:59 . 2009-12-05 01:22 -------- d-----w- c:\program files\PicPick
2010-08-10 19:44 . 2009-09-06 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-10 03:04 . 2010-04-15 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-08-03 03:45 . 2010-08-03 02:37 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-03 03:45 . 2010-08-03 03:45 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-03 03:45 . 2010-08-03 03:45 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-08-03 03:45 . 2010-08-03 03:45 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-08-03 03:45 . 2010-08-03 03:44 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-08-03 03:44 . 2010-08-03 03:44 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-08-03 03:44 . 2010-08-03 03:44 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-08-03 03:44 . 2010-08-03 03:44 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-08-03 03:44 . 2010-08-03 03:44 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-08-03 03:44 . 2010-08-03 03:44 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-08-03 03:44 . 2010-08-03 03:44 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-08-03 03:44 . 2010-08-03 03:44 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-03 03:44 . 2010-08-03 03:44 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-08-03 03:43 . 2010-08-03 03:43 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-08-03 03:43 . 2010-08-03 03:43 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-08-03 03:43 . 2010-08-03 03:43 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-08-03 03:43 . 2010-08-03 03:43 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-08-03 03:43 . 2010-08-03 03:43 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-08-03 03:43 . 2010-08-03 03:43 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-08-03 03:37 . 2010-08-03 03:37 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-03 03:37 . 2010-08-03 03:45 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-08-03 03:37 . 2010-08-03 03:45 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-08-03 00:29 . 2009-09-05 05:46 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-03 00:29 . 2010-08-06 10:13 53632 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-03 00:29 . 2010-08-03 00:29 53632 ----a-w- c:\documents and settings\Jim\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-02 03:19 . 2010-08-02 03:19 348160 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-33abf0bf-n\msvcr71.dll
2010-08-02 03:19 . 2010-08-02 03:19 503808 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-33abf0bf-n\msvcp71.dll
2010-08-02 03:19 . 2010-08-02 03:19 499712 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-33abf0bf-n\jmc.dll
2010-08-01 13:35 . 2010-01-08 09:51 1 ----a-w- c:\documents and settings\Jim\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-01 13:17 . 2009-09-05 04:48 -------- d-----w- c:\program files\Viewpoint
2010-07-29 03:52 . 2010-07-29 03:52 44 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_03643A832AAEB210DA6B000000000000.dll
2010-07-29 03:52 . 2010-07-29 03:52 316 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D756077321A70C3E844C138CE981581.dll
2010-07-29 03:52 . 2010-07-29 03:52 1263 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0A8D71D55AD5F8F4F852D3C5ADAFE117.dll
2010-07-29 03:52 . 2010-07-29 03:52 108 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472.dll
2010-07-29 03:52 . 2010-07-29 03:52 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0F7C07550D346194A8E9EADD25AF684F.dll
2010-07-29 03:52 . 2010-07-29 03:52 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DC1503A46F231838AD88BCDDC8E8F7C.dll
2010-07-29 03:52 . 2010-07-29 03:52 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D18A5C32AAEB210EAF9000000000000.dll
2010-07-29 03:52 . 2010-07-29 03:52 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_02BFDA0057EA4F64DAC24FB851CA1300.dll
2010-07-28 10:37 . 2009-09-05 04:11 -------- d-----w- c:\program files\Common Files\Intuit
2010-07-27 03:25 . 2009-09-07 13:42 111016 ----a-w- c:\documents and settings\Jim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-25 11:45 . 2010-07-01 23:11 -------- d-----w- c:\program files\No1 Sound Recorder
2010-07-23 21:22 . 2010-08-05 21:16 1496064 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\rbkjqsl6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-23 21:22 . 2010-08-05 21:16 43008 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\rbkjqsl6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-23 21:22 . 2010-08-05 21:16 338944 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\rbkjqsl6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-23 21:22 . 2010-08-05 21:16 346112 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\rbkjqsl6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-22 23:49 . 2009-09-05 05:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-20 21:40 . 2009-09-09 16:52 -------- d-----w- c:\documents and settings\Jim\Application Data\Apple Computer
2010-07-20 21:39 . 2010-02-28 03:02 -------- d-----w- c:\documents and settings\Jim\Application Data\Winamp
2010-07-20 21:37 . 2010-02-28 03:02 -------- d-----w- c:\program files\Winamp
2010-07-20 21:37 . 2010-02-28 03:03 -------- d-----w- c:\program files\Winamp Detect
2010-07-17 22:16 . 2009-09-05 04:46 -------- d-----w- c:\program files\TurboTax
2010-07-17 07:50 . 2010-01-23 02:57 -------- d-----w- c:\program files\H&R Block Business 2009
2010-07-17 07:38 . 2010-02-26 02:46 -------- d-----w- c:\documents and settings\Jim\Application Data\Nitro PDF
2010-06-30 12:23 . 2009-07-14 19:36 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2009-07-14 19:40 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 02:14 . 2009-07-14 19:40 1861120 ----a-w- c:\windows\system32\win32k.sys
2010-06-24 01:43 . 2010-03-13 18:45 -------- d-----w- c:\documents and settings\Jim\Application Data\Chief Architect X2
2010-06-21 15:27 . 2009-07-14 19:37 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-14 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-09-04 03:20 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2009-07-14 19:35 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 23:01 . 2010-08-03 03:44 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-09 23:01 . 2010-08-03 03:44 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-09 23:01 . 2010-08-03 03:44 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-06-09 23:01 . 2010-08-03 03:44 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 23:01 . 2010-08-03 03:44 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2010-08-03 03:44 123888 ------w- c:\windows\system32\pxcpyi64.exe
2007-03-22 01:07 . 2009-09-05 04:51 217 ----a-w- c:\program files\setup.ini
2002-03-11 09:06 . 2009-09-05 04:51 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2009-09-05 04:51 1708856 ----a-w- c:\program files\instmsia.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-09 133104]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2010-04-20 3036424]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-08 2343632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-09-20 611712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"C-Media Mixer"="Mixer.exe" [2002-07-12 1581056]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]

c:\documents and settings\Jim\Start Menu\Programs\Startup\
BTGuard Updates.lnk - c:\btguard\settings.exe [2010-6-28 1160192]
Logitech . Product Registration.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-9-5 805392]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-10-2 815104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_16\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Freedman's Quick Quote 2.0\\fqq.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\BTGUARD\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/25/2010 2:28 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/25/2010 2:28 PM 17744]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8/11/2010 1:56 AM 10448]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [12/16/2009 11:09 AM 188736]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [12/16/2009 11:11 AM 65856]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [12/31/2009 9:53 AM 91830]
S3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [9/4/2009 11:30 PM 23296]
.
.
------- Supplementary Scan -------
.
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Html To Image - c:\program files\Html To Image\menu.htm
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\rbkjqsl6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\rbkjqsl6.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\rbkjqsl6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\rbkjqsl6.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Opera\program\plugins\npMozCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-12 19:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

- - - - - - - > 'explorer.exe'(3672)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-08-12 19:54:12
ComboFix-quarantined-files.txt 2010-08-12 23:54
ComboFix2.txt 2010-08-10 21:09

Pre-Run: 408,060,018,688 bytes free
Post-Run: 408,059,502,592 bytes free

- - End Of File - - 6D7A8BCB5021DAFFA133C80A1F94E649


#20 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:43 PM

Posted 12 August 2010 - 07:32 PM

Hello,

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

QUOTE
FOLDER::
c:\documents and settings\All Users\Application Data\SecTaskMan


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Can you please tell me what's in this folder : c:\documents and settings\Jim\Local Settings\Application Data\Help

Let me know if you're still redirected, please.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#21 jimb6387

jimb6387
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 12 August 2010 - 07:47 PM

It doesn't seem like I am being redirected ... though it seemed that way before too. It varies.
The Help file is empty .. nothing listed and 0 bytes as per properties.

Another problem I was having is I could load www.multiupload.com site. Would just be blank and say 'done'.
I'll run combofix now

#22 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:43 PM

Posted 12 August 2010 - 07:50 PM

Delete the Help folder also then. thumbup2.gif Post when you're ready.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#23 jimb6387

jimb6387
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 12 August 2010 - 08:16 PM

here it is ...

ComboFix 10-08-12.02 - Jim 08/12/2010 20:54:04.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.371 [GMT -4:00]
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jim\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\SecTaskMan
c:\documents and settings\All Users\Application Data\SecTaskMan\_entreelist.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\_enviewlist.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\_jqs_plugin3B1B2001
c:\documents and settings\All Users\Application Data\SecTaskMan\_pdfforgeToolbarIE3AB1B00A
c:\documents and settings\All Users\Application Data\SecTaskMan\_qttask1AFE6006
c:\documents and settings\All Users\Application Data\SecTaskMan\_quickstart3A7EDC05
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_02BFDA0057EA4F64DAC24FB851CA1300
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_02BFDA0057EA4F64DAC24FB851CA1300.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_03643A832AAEB210DA6B000000000000
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_03643A832AAEB210DA6B000000000000.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0A8D71D55AD5F8F4F852D3C5ADAFE117
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0A8D71D55AD5F8F4F852D3C5ADAFE117.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B38DAC13A786024FB07465464087813
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B38DAC13A786024FB07465464087813.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B436121B4F23D11DA3A000CF425DD25
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B436121B4F23D11DA3A000CF425DD25.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D18A5C32AAEB210EAF9000000000000
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D18A5C32AAEB210EAF9000000000000.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D756077321A70C3E844C138CE981581
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D756077321A70C3E844C138CE981581.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DC1503A46F231838AD88BCDDC8E8F7C
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DC1503A46F231838AD88BCDDC8E8F7C.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0F7C07550D346194A8E9EADD25AF684F
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0F7C07550D346194A8E9EADD25AF684F.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_108B43C0CEA676640B35306AE7D24051
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_108B43C0CEA676640B35306AE7D24051.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_10F61E61D2E284244AF26762C141B7C6
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_10F61E61D2E284244AF26762C141B7C6.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_12341rg
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_12345db
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_160231E2A87C4D848A99D1319B1D98AF
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_160231E2A87C4D848A99D1319B1D98AF.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_166F59DC4C5A5F446AAACEDD192C04DB
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_166F59DC4C5A5F446AAACEDD192C04DB.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_18487FC3B7BF15B4992A5D0EDCB0A3FA
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_18487FC3B7BF15B4992A5D0EDCB0A3FA.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_18BB545D0BED7f94EB6291B73CA1FA75
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_18BB545D0BED7f94EB6291B73CA1FA75.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1b22a2468ba75b44489b5ee8ce8fce2e
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1b22a2468ba75b44489b5ee8ce8fce2e.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1BD7783877B8CB54BA34B2CA220E390E
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1BD7783877B8CB54BA34B2CA220E390E.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1C2D6E6109C79034E84C2D126209AA4A
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1C2D6E6109C79034E84C2D126209AA4A.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1C372667B93ABE74CA8EEDDB8D90B4CC
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1C372667B93ABE74CA8EEDDB8D90B4CC.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1CE3E25CC8401E54D835010B6C056938
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1CE3E25CC8401E54D835010B6C056938.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1CF327F06067768468C6EC08DA92D2FA
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1CF327F06067768468C6EC08DA92D2FA.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1E727890A57705445B37F344F1C12A34
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1E727890A57705445B37F344F1C12A34.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1F9ACB2AC6655084791DF7CD39837632
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1F9ACB2AC6655084791DF7CD39837632.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_203BBA4E28D981D4385DDAD1EF87A68A
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_203BBA4E28D981D4385DDAD1EF87A68A.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_21DECF5E77E3E0C43A50A5BE835AA207
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_21DECF5E77E3E0C43A50A5BE835AA207.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_230DF1F21D76965429F374AE1F23FBF0
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_230DF1F21D76965429F374AE1F23FBF0.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_26DDC2EC4210AC63483DF9D4FCC5B59D
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_26DDC2EC4210AC63483DF9D4FCC5B59D.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_27B4B248F8E926943B1CC124A2C54443
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_27B4B248F8E926943B1CC124A2C54443.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_282B1DFCD555d494281314572CFA802C
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_282B1DFCD555d494281314572CFA802C.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_29F49D53A3D15C346850AE62B8A1B79D
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_29F49D53A3D15C346850AE62B8A1B79D.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_37A14E9799066D744B2B5F74FC0C896E
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_37A14E9799066D744B2B5F74FC0C896E.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3926FDA5F06D5244FA7AEC8B02BD78B2
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3926FDA5F06D5244FA7AEC8B02BD78B2.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3D7B197543B881247905A6E8540DDA23
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3D7B197543B881247905A6E8540DDA23.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_403F6BF4D19A9194895E9DE670E49A5E
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_403F6BF4D19A9194895E9DE670E49A5E.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_41699E6F240F9544287BB8832B063165
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_41699E6F240F9544287BB8832B063165.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_43E2B1DF7B0DC8E4C89B34F545C577C6
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_43E2B1DF7B0DC8E4C89B34F545C577C6.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_44bc144992792694c91e7c573205ef25
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_44bc144992792694c91e7c573205ef25.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_47D2FA538407E6788196866B6D534F64
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_47D2FA538407E6788196866B6D534F64.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_493E92881E780C14CBDEB9747F6CCDDD
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_493E92881E780C14CBDEB9747F6CCDDD.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4985BD061A5B26B40B3F66A9220CEED5
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4985BD061A5B26B40B3F66A9220CEED5.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4B2E6F938EFCA03C668E8469150F3FC4
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4B2E6F938EFCA03C668E8469150F3FC4.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4C9C8D1DEB9873f4E94C8BE0C332C914
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4C9C8D1DEB9873f4E94C8BE0C332C914.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4CD78B6ED3B23844DAFF4E38FB179819
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4CD78B6ED3B23844DAFF4E38FB179819.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4EA42A62D9304AC4784BF238120661FF
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4EA42A62D9304AC4784BF238120661FF.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4F4A3A23297B6D117AA8000B0D611006
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4F4A3A23297B6D117AA8000B0D611006.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_54F3D028EE6FFAA418FEEC12FF122D03
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_54F3D028EE6FFAA418FEEC12FF122D03.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_59DB141E3AB0C85458781F4D8FFB2FA8
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_59DB141E3AB0C85458781F4D8FFB2FA8.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_5d458e454d5dd254c9573bf965525bbf
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_5d458e454d5dd254c9573bf965525bbf.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_5FFE3494F922D534EB9AEBC3EA7A387A
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_5FFE3494F922D534EB9AEBC3EA7A387A.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_65AFE4501CA24F848A38A08B89479B27
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_65AFE4501CA24F848A38A08B89479B27.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7449A0300000010
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7449A0300000010.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA746454382090000000040
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA746454382090000000040.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6988E4A37E2C48044A4A8BDF81497E93
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6988E4A37E2C48044A4A8BDF81497E93.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6A48C39F6CD0FA2498AF77F6C7733735
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6A48C39F6CD0FA2498AF77F6C7733735.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6E8A266FCD4F2A1409E1C8110F44DBCE
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6E8A266FCD4F2A1409E1C8110F44DBCE.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6FE9DAA979DADEE4B9066F97A983B9B8
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6FE9DAA979DADEE4B9066F97A983B9B8.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_717AD9325653C474EA70900AAAC12345
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_717AD9325653C474EA70900AAAC12345.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_773DA92B21CCA0944A08412533C716D8
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_773DA92B21CCA0944A08412533C716D8.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_79C05DEEE97C9414DB28C7A522347780
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_79C05DEEE97C9414DB28C7A522347780.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7B5CB83C3D26088428DD4A08F38D9112
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7B5CB83C3D26088428DD4A08F38D9112.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7ED2CB0DD1ACAD140B698696B5A45C3C
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7ED2CB0DD1ACAD140B698696B5A45C3C.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_81E90534E670EF04FA83ACE54D005A9A
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_81E90534E670EF04FA83ACE54D005A9A.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_88D1D3971416ED34EB8595CB3EB10409
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_88D1D3971416ED34EB8595CB3EB10409.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8ED0D595A83C23448B1574EDCCA199DB
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8ED0D595A83C23448B1574EDCCA199DB.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8F93D65EF9A24B440B867AE2540A376E
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8F93D65EF9A24B440B867AE2540A376E.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9040110900063D11C8EF10054038389C
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9040110900063D11C8EF10054038389C.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_92B8516F5DBC5324DA7F607DF6B8BD1A
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_92B8516F5DBC5324DA7F607DF6B8BD1A.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_93410957B40AAA644A47D9BD36904145
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_93410957B40AAA644A47D9BD36904145.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A21B345F5F31E78439417F2DE5B1EBE3
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A21B345F5F31E78439417F2DE5B1EBE3.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A235FBBFCA74d754CA60D013368D19E1
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A235FBBFCA74d754CA60D013368D19E1.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_a2cac6bb0af1a174cbc3da6e993cf9c3
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_a2cac6bb0af1a174cbc3da6e993cf9c3.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A43781617593DDA418999F376713908A
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A43781617593DDA418999F376713908A.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A5428612DA5B8D046A14843E0E075B6B
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A5428612DA5B8D046A14843E0E075B6B.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_a6a7d7cebc13018428f64771b1fe441f
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_a6a7d7cebc13018428f64771b1fe441f.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A76E0F7639E8C2C42BD9744C282637A8
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A76E0F7639E8C2C42BD9744C282637A8.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A824CB505A2F11E41803013C32F76DB7
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A824CB505A2F11E41803013C32F76DB7.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A9FD8AD3E4404C645813EDBD0BEE73FF
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A9FD8AD3E4404C645813EDBD0BEE73FF.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_AE7BA13965637BB468D420B2903EDD76
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_AE7BA13965637BB468D420B2903EDD76.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_AF2BD1B250E949437BEC613F32C6EAF3
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_AF2BD1B250E949437BEC613F32C6EAF3.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_b25099274a207264182f8181add555d0
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_b25099274a207264182f8181add555d0.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BA3106D07C0ACD1479C39E13929C2AF9
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BA3106D07C0ACD1479C39E13929C2AF9.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BB4A10E9BC2C6C54995017B686997A1D
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BB4A10E9BC2C6C54995017B686997A1D.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BC42A0CC9C78C1F41A2F8FD7D8D4CDFA
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BC42A0CC9C78C1F41A2F8FD7D8D4CDFA.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BC4F61F5FCE411F45A129113951745B8
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BC4F61F5FCE411F45A129113951745B8.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BE893D49DF2D1DF48B4C9562538E1A19
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BE893D49DF2D1DF48B4C9562538E1A19.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BF69C629A0D9405408006C3D4A3A11E8
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BF69C629A0D9405408006C3D4A3A11E8.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BFF8F4EC36047424F941CE6EA1EFAF52
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BFF8F4EC36047424F941CE6EA1EFAF52.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C0AEE4F947173DB498FAA72B9F6FEADD
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C0AEE4F947173DB498FAA72B9F6FEADD.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C5BA57CC0112F7A4FA250768082DF28E
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C5BA57CC0112F7A4FA250768082DF28E.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C66B363A7451fb74090F83437EA048A1
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C66B363A7451fb74090F83437EA048A1.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_CE33E4BB18185864697F584592D3CEA6
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_CE33E4BB18185864697F584592D3CEA6.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_CFD2C1F142D260E3CB8B271543DA9F98
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_CFD2C1F142D260E3CB8B271543DA9F98.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D0F432901795107449EE98BC96622E37
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D0F432901795107449EE98BC96622E37.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D55AEDAA438CBCB4893AB4D8C1814FEE
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D55AEDAA438CBCB4893AB4D8C1814FEE.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D6CA77789F9839742866ED04F643E398
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D6CA77789F9839742866ED04F643E398.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D83F0B8431913F4499AA4D5CA5B230E8
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D83F0B8431913F4499AA4D5CA5B230E8.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DB7229398D914864A84013CAF9A665C4
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DB7229398D914864A84013CAF9A665C4.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DC3BF90CC0D3D2F398A9A6D1762F70F3
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DC3BF90CC0D3D2F398A9A6D1762F70F3.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDA39468D428E8B4DB27C8D5DC5CA217
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDA39468D428E8B4DB27C8D5DC5CA217.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E2E46E0F06A38D045AD5296F388157AD
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E2E46E0F06A38D045AD5296F388157AD.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E4C8035058276604AB3EB605ADE67D55
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E4C8035058276604AB3EB605ADE67D55.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E50E66CF93D86A74D87057F93327E70B
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E50E66CF93D86A74D87057F93327E70B.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E64FD62B42BC09F42A09ABE532DD894D
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E64FD62B42BC09F42A09ABE532DD894D.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E8B09BEDBCD0EC849BE088242ADB46E3
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E8B09BEDBCD0EC849BE088242ADB46E3.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EA2C924A1FBE18F42A12C111C5AADDDA
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_EA2C924A1FBE18F42A12C111C5AADDDA.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_ED896928CAE9E574A9507BAB08C71AFE
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_ED896928CAE9E574A9507BAB08C71AFE.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_eeeee290ddf959845a8680819cb6bec6
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_eeeee290ddf959845a8680819cb6bec6.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_ef2f904f7652f6442a026ec07d0e614f
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_ef2f904f7652f6442a026ec07d0e614f.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_f164033c9a4c7cf4fad51c850e5ba67a
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_f164033c9a4c7cf4fad51c850e5ba67a.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_F3B2FE8F543C02F4F84E97A10233C35D
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_F3B2FE8F543C02F4F84E97A10233C35D.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_F65865963B6B0EB4ABB0F894B53E0233
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_F65865963B6B0EB4ABB0F894B53E0233.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_f78d3e896496d8643be4f998cad87aa0
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_f78d3e896496d8643be4f998cad87aa0.dll
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_FA29A5474B357A14193CB920B6D18579
c:\documents and settings\All Users\Application Data\SecTaskMan\icn_FA29A5474B357A14193CB920B6D18579.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-13 to 2010-08-13 )))))))))))))))))))))))))))))))
.

2010-08-12 10:51 . 2010-08-12 11:31 -------- d-----w- C:\BTGUARD
2010-08-12 10:31 . 2010-08-12 10:31 -------- d-----w- c:\program files\uTorrent
2010-08-12 01:20 . 2010-08-12 01:20 -------- d-----w- c:\program files\7-Zip
2010-08-11 05:57 . 2010-08-11 05:57 -------- d-----w- c:\documents and settings\Jim\Application Data\Leadertech
2010-08-11 05:57 . 2010-08-11 05:57 53248 ----a-r- c:\documents and settings\Jim\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-08-11 05:56 . 2010-08-11 10:49 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-08-11 05:56 . 2008-11-07 22:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-08-11 05:56 . 2010-03-18 09:01 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-08-11 05:54 . 2010-08-11 05:57 -------- d-----w- c:\documents and settings\Jim\Application Data\Logitech
2010-08-11 05:54 . 2010-08-11 05:54 -------- d-----w- c:\documents and settings\Jim\Application Data\Logishrd
2010-08-11 05:43 . 2010-01-21 15:46 441168 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\rbkjqsl6.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
2010-08-11 02:25 . 2010-08-11 02:25 61440 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-795ebd06-n\decora-sse.dll
2010-08-11 02:25 . 2010-08-11 02:25 503808 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ecafc3f-n\msvcp71.dll
2010-08-11 02:25 . 2010-08-11 02:25 499712 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ecafc3f-n\jmc.dll
2010-08-11 02:25 . 2010-08-11 02:25 348160 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6ecafc3f-n\msvcr71.dll
2010-08-11 02:25 . 2010-08-11 02:25 12800 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-795ebd06-n\decora-d3d.dll
2010-08-11 02:25 . 2010-08-11 02:24 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-10 23:32 . 2010-08-12 02:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-10 23:11 . 2010-08-10 23:11 -------- d-----w- c:\documents and settings\Jim\Application Data\Malwarebytes
2010-08-06 11:08 . 2010-08-06 11:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-08-06 10:57 . 2010-08-06 10:57 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-08-06 10:57 . 2010-08-06 10:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Winamp Toolbar
2010-08-05 21:16 . 2010-07-23 21:22 1496064 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\rbkjqsl6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-05 21:16 . 2010-07-23 21:22 43008 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\rbkjqsl6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-05 21:16 . 2010-07-23 21:22 338944 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\rbkjqsl6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-05 21:16 . 2010-07-23 21:22 346112 ----a-w- c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\rbkjqsl6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-03 12:48 . 2010-08-03 12:48 -------- d-----w- c:\documents and settings\Jim\Application Data\Yahoo!
2010-08-03 03:45 . 2010-08-03 03:37 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-08-03 03:45 . 2010-08-03 03:37 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-08-03 03:45 . 2010-08-03 03:45 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-03 03:45 . 2010-08-03 03:45 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-08-03 03:45 . 2010-08-03 03:45 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-08-03 03:43 . 2010-08-03 03:43 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-08-03 03:43 . 2010-08-03 03:43 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-08-03 03:43 . 2010-08-03 03:43 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-08-03 03:43 . 2010-08-03 03:43 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-08-03 03:43 . 2010-08-03 03:43 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-08-03 03:43 . 2010-08-03 03:43 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-08-03 03:43 . 2010-08-03 03:43 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-08-03 03:37 . 2010-08-03 03:37 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-03 02:37 . 2010-08-03 03:45 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-03 02:37 . 2010-08-03 02:45 -------- d-----w- c:\documents and settings\Jim\Application Data\DivX
2010-08-03 02:34 . 2010-08-03 03:45 -------- d-----w- c:\program files\DivX
2010-08-03 02:33 . 2010-08-03 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-08-03 01:31 . 2010-08-03 01:31 -------- d-----w- c:\documents and settings\Jim\Application Data\CherryPickerLive
2010-08-03 00:31 . 2010-08-03 00:31 -------- d-----w- c:\program files\CherryPicker
2010-08-03 00:29 . 2010-08-03 00:29 53632 ----a-w- c:\documents and settings\Jim\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-02 03:19 . 2010-08-02 03:19 348160 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-33abf0bf-n\msvcr71.dll
2010-08-02 03:19 . 2010-08-02 03:19 503808 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-33abf0bf-n\msvcp71.dll
2010-08-02 03:19 . 2010-08-02 03:19 499712 ----a-w- c:\documents and settings\Jim\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-33abf0bf-n\jmc.dll
2010-08-01 13:02 . 2010-08-11 02:18 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-07-31 00:51 . 2010-08-01 12:43 -------- d-----w- c:\documents and settings\Jim\Application Data\SafeReturner
2010-07-31 00:51 . 2010-08-06 10:06 -------- d-----w- c:\program files\Safe Returner
2010-07-29 03:51 . 2010-07-29 03:51 -------- d-----w- c:\documents and settings\Jim\Local Settings\Application Data\Help
2010-07-26 01:01 . 2010-07-26 01:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-25 18:28 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-25 18:28 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-25 18:28 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-07-25 18:28 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-25 18:28 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-07-25 18:28 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-07-25 18:28 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-25 18:28 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-25 18:28 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-07-25 18:27 . 2010-07-25 18:27 -------- d-----w- c:\program files\Alwil Software
2010-07-25 18:27 . 2010-07-25 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-23 23:54 . 2010-07-23 23:54 -------- d--h--w- c:\windows\PIF
2010-07-23 22:45 . 2010-07-23 22:45 -------- d-----w- c:\documents and settings\Jim\Local Settings\Application Data\Winamp Toolbar
2010-07-21 00:45 . 2010-07-21 00:45 -------- d-----w- c:\documents and settings\Jim\Local Settings\Application Data\TechSmith
2010-07-21 00:44 . 2010-07-21 00:44 -------- d-----w- c:\program files\TechSmith
2010-07-21 00:43 . 2010-07-21 00:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-20 21:37 . 2010-07-20 21:37 -------- d-----w- c:\program files\Winamp Toolbar
2010-07-20 21:37 . 2010-07-20 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2010-07-18 04:02 . 2010-08-12 11:31 707360 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-17 22:43 . 2010-07-17 22:43 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2010-07-17 21:25 . 2010-07-17 21:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\IsolatedStorage
2010-07-17 21:25 . 2010-07-17 21:25 -------- d-----w- c:\documents and settings\Jim\Local Settings\Application Data\Intuit
2010-07-17 21:24 . 2010-07-17 21:24 -------- d-----w- c:\documents and settings\Jim\Application Data\Intuit
2010-07-14 09:13 . 2010-07-14 09:13 -------- d-----w- c:\program files\ConvertHelper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 00:06 . 2009-09-05 06:54 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-12 23:48 . 2009-09-05 03:03 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-12 11:26 . 2010-03-13 05:49 -------- d-----w- c:\documents and settings\Jim\Application Data\uTorrent
2010-08-12 02:54 . 2009-09-05 04:21 -------- d-----w- c:\program files\FastStone Capture
2010-08-11 20:58 . 2010-02-27 03:04 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Nitro PDF
2010-08-11 05:57 . 2009-09-05 04:12 -------- d-----w- c:\program files\Common Files\Logishrd
2010-08-11 05:57 . 2009-09-06 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-08-11 05:56 . 2010-08-11 05:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-08-11 05:55 . 2009-09-05 04:29 -------- d-----w- c:\program files\Logitech
2010-08-11 00:59 . 2009-12-05 01:22 -------- d-----w- c:\program files\PicPick
2010-08-10 19:44 . 2009-09-06 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-10 03:04 . 2010-04-15 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-08-03 03:45 . 2010-08-03 03:44 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-08-03 03:44 . 2010-08-03 03:44 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-08-03 03:44 . 2010-08-03 03:44 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-08-03 03:44 . 2010-08-03 03:44 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-08-03 03:44 . 2010-08-03 03:44 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-08-03 03:44 . 2010-08-03 03:44 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-08-03 03:44 . 2010-08-03 03:44 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-08-03 03:44 . 2010-08-03 03:44 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-03 03:44 . 2010-08-03 03:44 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-08-03 00:29 . 2009-09-05 05:46 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-03 00:29 . 2010-08-06 10:13 53632 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-01 13:35 . 2010-01-08 09:51 1 ----a-w- c:\documents and settings\Jim\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-01 13:17 . 2009-09-05 04:48 -------- d-----w- c:\program files\Viewpoint
2010-07-28 10:37 . 2009-09-05 04:11 -------- d-----w- c:\program files\Common Files\Intuit
2010-07-27 03:25 . 2009-09-07 13:42 111016 ----a-w- c:\documents and settings\Jim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-25 11:45 . 2010-07-01 23:11 -------- d-----w- c:\program files\No1 Sound Recorder
2010-07-22 23:49 . 2009-09-05 05:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-20 21:40 . 2009-09-09 16:52 -------- d-----w- c:\documents and settings\Jim\Application Data\Apple Computer
2010-07-20 21:39 . 2010-02-28 03:02 -------- d-----w- c:\documents and settings\Jim\Application Data\Winamp
2010-07-20 21:37 . 2010-02-28 03:02 -------- d-----w- c:\program files\Winamp
2010-07-20 21:37 . 2010-02-28 03:03 -------- d-----w- c:\program files\Winamp Detect
2010-07-17 22:16 . 2009-09-05 04:46 -------- d-----w- c:\program files\TurboTax
2010-07-17 07:50 . 2010-01-23 02:57 -------- d-----w- c:\program files\H&R Block Business 2009
2010-07-17 07:38 . 2010-02-26 02:46 -------- d-----w- c:\documents and settings\Jim\Application Data\Nitro PDF
2010-06-30 12:23 . 2009-07-14 19:36 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2009-07-14 19:40 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 02:14 . 2009-07-14 19:40 1861120 ----a-w- c:\windows\system32\win32k.sys
2010-06-24 01:43 . 2010-03-13 18:45 -------- d-----w- c:\documents and settings\Jim\Application Data\Chief Architect X2
2010-06-21 15:27 . 2009-07-14 19:37 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-14 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-09-04 03:20 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2009-07-14 19:35 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 23:01 . 2010-08-03 03:44 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-09 23:01 . 2010-08-03 03:44 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-09 23:01 . 2010-08-03 03:44 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-06-09 23:01 . 2010-08-03 03:44 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 23:01 . 2010-08-03 03:44 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2010-08-03 03:44 123888 ------w- c:\windows\system32\pxcpyi64.exe
2007-03-22 01:07 . 2009-09-05 04:51 217 ----a-w- c:\program files\setup.ini
2002-03-11 09:06 . 2009-09-05 04:51 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2009-09-05 04:51 1708856 ----a-w- c:\program files\instmsia.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-08-12_23.47.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-13 01:00 . 2010-08-13 01:00 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-08-13 00:59 . 2010-08-13 00:59 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll
+ 2010-08-12 23:59 . 2010-08-12 23:59 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-12 23:59 . 2010-08-12 23:59 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-08-13 00:57 . 2010-08-13 00:57 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-08-12 23:49 . 2010-08-12 23:49 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-08-12 23:50 . 2010-08-12 23:50 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4200cf5b7f247ec1b997808c6d1ba7d1\Microsoft.Build.Framework.ni.dll
+ 2010-08-12 23:48 . 2010-08-12 23:48 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2010-08-12 23:49 . 2010-08-12 23:49 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2010-08-13 00:59 . 2010-08-13 00:59 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll
+ 2010-08-13 01:00 . 2010-08-13 01:00 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\d0ae809162b55e2fa958739177476af8\System.Web.RegularExpressions.ni.dll
+ 2010-08-13 01:00 . 2010-08-13 01:00 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll
+ 2010-08-13 01:00 . 2010-08-13 01:00 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll
+ 2010-08-13 01:00 . 2010-08-13 01:00 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll
+ 2010-08-13 00:59 . 2010-08-13 00:59 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll
+ 2010-08-13 00:59 . 2010-08-13 00:59 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll
+ 2010-08-13 00:58 . 2010-08-13 00:58 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\26d5bf1f7e700c2c19aa9b1da5519b24\System.Transactions.ni.dll
+ 2010-08-13 00:58 . 2010-08-13 00:58 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
+ 2010-08-12 23:49 . 2010-08-12 23:49 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\75e331a5d731d8e207be07adc06dec23\System.Security.ni.dll
+ 2010-08-13 00:22 . 2010-08-13 00:22 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dd7497aa089340600c8c5af8ab421ff7\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2010-08-13 00:57 . 2010-08-13 00:57 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-08-13 00:22 . 2010-08-13 00:22 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-08-13 00:22 . 2010-08-13 00:22 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-08-13 00:22 . 2010-08-13 00:22 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2010-08-13 00:22 . 2010-08-13 00:22 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2010-08-13 00:22 . 2010-08-13 00:22 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-13 00:22 . 2010-08-13 00:22 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7a823a4f61cf8c86aad02559f8fed07b\System.DirectoryServices.Protocols.ni.dll
+ 2010-08-13 00:22 . 2010-08-13 00:22 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-08-13 00:22 . 2010-08-13 00:22 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-08-13 00:21 . 2010-08-13 00:21 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll
+ 2010-08-13 00:00 . 2010-08-13 00:00 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-08-12 23:49 . 2010-08-12 23:49 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
+ 2010-08-13 00:22 . 2010-08-13 00:22 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\b48677ab9aa7a6830785f67b8478b4da\System.Configuration.Install.ni.dll
+ 2010-08-12 23:59 . 2010-08-12 23:59 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2010-08-12 23:49 . 2010-08-12 23:49 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-08-12 23:49 . 2010-08-12 23:49 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-08-12 23:49 . 2010-08-12 23:49 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128df2881fb03c01d070b20\ServiceModelReg.ni.exe
+ 2010-08-12 23:49 . 2010-08-12 23:49 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2010-08-12 23:49 . 2010-08-12 23:49 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-12 23:59 . 2010-08-12 23:59 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\d6b9038136600fbfbbbd7460dc19da19\Microsoft.Build.Utilities.ni.dll
+ 2010-08-12 23:59 . 2010-08-12 23:59 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-08-12 23:50 . 2010-08-12 23:50 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-08-12 23:50 . 2010-08-12 23:50 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-08-12 23:50 . 2010-08-12 23:50 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-08-12 23:49 . 2010-08-12 23:49 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-08-13 01:02 . 2010-08-13 01:02 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll
+ 2010-08-13 01:01 . 2010-08-13 01:01 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll
+ 2010-08-13 01:00 . 2010-08-13 01:00 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2d662564b8d9c57a34c588cc2970902b\System.Web.Services.ni.dll
+ 2010-08-13 01:00 . 2010-08-13 01:00 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll
+ 2010-08-13 00:59 . 2010-08-13 00:59 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll
+ 2010-08-13 00:58 . 2010-08-13 00:58 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll
+ 2010-08-13 00:22 . 2010-08-13 00:22 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d20b7e58607ddb1ded9b687627ae8c21\System.DirectoryServices.ni.dll
+ 2010-08-13 00:22 . 2010-08-13 00:22 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
+ 2010-08-12 23:49 . 2010-08-12 23:49 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f0470c2be4e6bb1dadbeed43e4e8af5c\System.Data.SqlXml.ni.dll
+ 2010-08-13 00:21 . 2010-08-13 00:21 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll
+ 2010-08-13 00:21 . 2010-08-13 00:21 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2010-08-12 23:59 . 2010-08-12 23:59 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c993055f82040642966db07ccf\Microsoft.VisualBasic.ni.dll
+ 2010-08-12 23:49 . 2010-08-12 23:49 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-08-13 00:57 . 2010-08-13 00:57 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-08-12 23:59 . 2010-08-12 23:59 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-08-12 23:59 . 2010-08-12 23:59 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-08-12 23:49 . 2010-08-12 23:49 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
+ 2010-08-13 00:59 . 2010-08-13 00:59 11798016 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\411a627d6f5cb83509332253406988e5\System.Web.ni.dll
+ 2010-08-12 23:48 . 2010-08-12 23:48 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\f523a69e7c93ee4f245c996eac4b3a57\System.ServiceModel.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-09 133104]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2010-04-20 3036424]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-08 2343632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-09-20 611712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"C-Media Mixer"="Mixer.exe" [2002-07-12 1581056]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]

c:\documents and settings\Jim\Start Menu\Programs\Startup\
BTGuard Updates.lnk - c:\btguard\settings.exe [2010-6-28 1160192]
Logitech . Product Registration.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-9-5 805392]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-10-2 815104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_16\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Freedman's Quick Quote 2.0\\fqq.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\BTGUARD\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/25/2010 2:28 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/25/2010 2:28 PM 17744]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8/11/2010 1:56 AM 10448]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [12/16/2009 11:09 AM 188736]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [12/16/2009 11:11 AM 65856]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [12/31/2009 9:53 AM 91830]
S3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [9/4/2009 11:30 PM 23296]
.
.
------- Supplementary Scan -------
.
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Html To Image - c:\program files\Html To Image\menu.htm
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\rbkjqsl6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\rbkjqsl6.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\rbkjqsl6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\rbkjqsl6.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Opera\program\plugins\npMozCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-12 21:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2010-08-12 21:13:02
ComboFix-quarantined-files.txt 2010-08-13 01:12
ComboFix2.txt 2010-08-12 23:54
ComboFix3.txt 2010-08-10 21:09

Pre-Run: 408,037,756,928 bytes free
Post-Run: 407,976,886,272 bytes free

- - End Of File - - CA72E2030333B3373912C07D6DA3FA94


#24 jimb6387

jimb6387
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 12 August 2010 - 08:18 PM

Another thing I noticed is a Firefox (my standard) opens on its own with an advertisement. No rhyme or reason ... that I've noticed anyways.

#25 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:43 PM

Posted 12 August 2010 - 08:45 PM

Let's try this:

Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe on your Desktop to run it.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#26 jimb6387

jimb6387
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 12 August 2010 - 09:04 PM

GooredFix by jpshortstuff (03.07.10.1)
Log created at 22:01 on 12/08/2010 (Jim)
Firefox version 3.6.8 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{3112ca9c-de6d-4884-a869-9855de68056c} [02:13 07/09/2009]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [17:57 01/08/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [02:25 11/08/2010]

C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\rbkjqsl6.default\extensions\
DeviceDetection@logitech.com [05:43 11/08/2010]
toolbar@alexa.com [03:21 24/07/2010]
wisestamp@wisestamp.com [00:31 27/07/2010]
{0b38152b-1b20-484d-a11f-5e04a9b0661f} [21:37 20/07/2010]
{20a82645-c095-46ed-80e3-08825760534b} [17:08 24/06/2010]
{3112ca9c-de6d-4884-a869-9855de68056c} [21:16 05/08/2010]
{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [18:39 01/08/2010]
{3d7eb24f-2740-49df-8937-200b1cc08f8a} [10:07 26/07/2010]
{635abd67-4fe9-1b23-4f01-e679fa7484c1} [00:37 07/03/2010]
{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [01:41 30/07/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [03:44 02/12/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [02:24 11/08/2010]

-=E.O.F=-

#27 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:43 PM

Posted 12 August 2010 - 09:40 PM

Hello,

You can delete GooredFix.

Can you please try MBAM one more time? Also I'd like to see gmer again, if you can. Needle in a haystack time......do the redirects happen only in FF, or in IE as well?

Please visit the online Jotti Virus Scanner <--link
  • Copy and paste the following filepath in the box:

    c:\windows\system32\drivers\srv.sys

  • Click on the button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#28 jimb6387

jimb6387
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 13 August 2010 - 05:41 AM

The redirects seem to have stopped. Tried 6 times or so and nothing wrong. However, when I clicked on the 'add reply' button, a new FF window opened with a site with info that I have never searched for ... completely random (it was for investing your money ... lol ... so I KNOW I didn't search that category!)

The gmer file is attached.

Attached Files

  • Attached File  ark.txt   17.46KB   4 downloads


#29 jimb6387

jimb6387
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 13 August 2010 - 05:55 AM

Jotti 'found nothing' for all its scanners



#30 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:43 PM

Posted 13 August 2010 - 03:45 PM

Hello,

You never answered my question as to whether this is happening only on FF, or if IE does it too. smile.gif

Edited by teacup61, 13 August 2010 - 03:50 PM.

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users