Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search results being redirected


  • This topic is locked This topic is locked
19 replies to this topic

#1 georgenelson

georgenelson

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 05 October 2010 - 03:24 PM

When I click on my google search results, I am redirected to different sites than what the results are. Usually some other similar kind of search sites with similar results but also sometimes a sales page for something totally different. I can not get to the sites I want.

Please help me, here is my logs and other info attached that is needed I hope
thanx george




DDS (Ver_10-03-17.01) - NTFSx86
Run by George at 14:17:38.28 on 05/10/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2045.853 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Norton SystemWorks Basic Edition\NswUiTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell AIO 810\DLCGmon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\George\AppData\Roaming\GabPath\gabpath.exe
C:\Users\George\AppData\Roaming\Microsoft\Windows\jnipmo.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\George\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer provided by Dell
uStart Page = hxxp://www.google.ca/ig?hl=en&source=iglk
uSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
mDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=3070829
mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {0e9b3cbe-dcdb-4211-9be5-bd3bcac2fde9} - c:\windows\system32\ddrawex32.dll
BHO: {0ff9a677-542a-481d-a6d6-3fa32d8a806d} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: {0ff9a677-542a-481d-a6d6-3fa32d8a806d} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Spurl bar: {5d8df3f7-6625-43d2-b50f-a759be54c911} - Shdocvw.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [GabPath] c:\users\george\appdata\roaming\gabpath\gabpath.exe
uRun: [SfKg6wIPuSp] c:\users\george\appdata\roaming\microsoft\windows\jnipmo.exe
uRun: [RTHDBPL] c:\users\george\appdata\roaming\syswin\lsass.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [CCUTRAYICON] c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [NswUiTray] c:\program files\norton systemworks basic edition\NswUiTray.exe
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
StartupFolder: c:\users\george\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\users\george\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\george\appdata\roaming\micros~1\windows\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search
IE: &Spurl! - http://www.spurl.net/rclick.php
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks basic edition\norton cleanup\WCQuick.lnk
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB70-AE6D-11cf-96B8-444553540000} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll,c:\windows\system32\d3dx9_3132.dll,c:\windows\system32\ci32.dll,c:\windows\system32\danim32.dll,c:\windows\system32\clfsw3232.dll,c:\windows\system32\dataclen32.dll,c:\windows\system32\cmifw32.dll,c:\windows\system32\cmifw32.dllkun6olj82i3zlj032.dll,c:\windows\system32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dll,c:\windows\system32\dataclen32.dll2ebqflrvpj32.dll,c:\windows\system32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dll,c:\windows\system32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dll,c:\windows\system32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dllcyrin9vn8e32.dll,c:\windows\system32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dll,c:\windows\system32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dllqcwbrz32.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\george\appdata\roaming\mozilla\firefox\profiles\7awv38l2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\george\appdata\roaming\mozilla\firefox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\components\gpff.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: FFComponent: {4bcdbfd0-fa26-11de-8a39-0800200c9a66} - c:\users\george\appdata\roaming\mozilla\firefox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-1-27 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-1-27 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-1-27 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100929.001\IDSvix86.sys [2010-9-30 344112]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-10-5 67584]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]
R2 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-11-18 174552]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-1-27 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-8-28 5504]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008000.029\symndisv.sys [2010-1-27 48688]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-16 21504]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-12-18 30192]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-1-29 30576]

=============== Created Last 30 ================

2010-10-05 18:13:09 0 ----a-w- c:\users\george\defogger_reenable
2010-10-05 14:45:53 0 d-----w- c:\program files\Cobian Backup 10
2010-10-05 12:44:58 321536 ----a-w- c:\programdata\dskquoui32.dll
2010-10-05 05:02:28 321536 ----a-w- c:\programdata\clfsw3232.dll
2010-10-05 01:47:37 0 d-----w- c:\program files\iPod(103)
2010-10-05 01:47:22 0 d-----w- c:\program files\iTunes(104)
2010-10-05 01:32:41 0 d-----w- c:\program files\Bonjour(3)
2010-10-01 02:55:05 315392 ----a-w- c:\programdata\d3dx9_3632.dll
2010-09-30 22:00:07 0 d-sh--w- c:\programdata\SysWoW32
2010-09-30 21:59:52 203776 --sh--w- c:\programdata\unrar.exe
2010-09-30 21:59:52 0 d-----w- c:\programdata\341610175
2010-09-30 21:08:58 319488 ----a-w- c:\windows\system32\ddrawex32.dll
2010-09-30 21:08:58 126464 ----a-w- c:\windows\system32\ddrawex32.dll.exe
2010-09-30 21:08:27 212992 ----a-w- c:\windows\system32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dllqcwbrz32.dll
2010-09-30 21:08:10 0 d-sh--w- c:\users\george\appdata\roaming\SysWin
2010-09-30 21:07:59 319488 ----a-w- c:\windows\system32\deskadp32.dll
2010-09-30 21:07:57 212992 ----a-w- c:\windows\system32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dll
2010-09-30 21:07:28 212992 ----a-w- c:\windows\system32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dllcyrin9vn8e32.dll
2010-09-30 21:07:26 212992 ----a-w- c:\windows\system32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dll
2010-09-30 21:06:58 212992 ----a-w- c:\windows\system32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dll
2010-09-30 21:06:55 212992 ----a-w- c:\windows\system32\dataclen32.dll2ebqflrvpj32.dll
2010-09-30 21:06:28 212992 ----a-w- c:\windows\system32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dll
2010-09-30 21:05:57 212992 ----a-w- c:\windows\system32\cmifw32.dllkun6olj82i3zlj032.dll
2010-09-30 21:05:27 212992 ----a-w- c:\windows\system32\cmifw32.dll
2010-09-30 21:04:56 212992 ----a-w- c:\windows\system32\dataclen32.dll
2010-09-30 21:04:26 212992 ----a-w- c:\windows\system32\clfsw3232.dll
2010-09-30 21:03:56 212992 ----a-w- c:\windows\system32\danim32.dll
2010-09-30 21:03:25 212992 ----a-w- c:\windows\system32\ci32.dll
2010-09-30 21:02:54 212992 ----a-w- c:\windows\system32\d3dx9_3132.dll
2010-09-29 00:03:09 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-19 21:40:17 0 d-----w- c:\users\george\appdata\roaming\GabPath
2010-09-14 20:28:14 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-14 20:27:59 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 20:27:45 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-14 20:27:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-10 14:12:31 0 d-----w- c:\program files\Infogrames

==================== Find3M ====================

2010-07-28 17:39:00 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-28 17:39:00 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-28 17:39:00 143360 ----a-w- c:\windows\inf\infstor.dat
2009-12-29 15:16:40 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-12-17 16:57:41 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-08-29 02:13:39 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 14:24:08.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:07 AM

Posted 12 October 2010 - 07:09 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 georgenelson

georgenelson
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 13 October 2010 - 05:10 AM

Hi m0le
Thanx for the reply
I still need your help
I am off to work and will be home in about 13 hours, I work 12 hour shifts, days today and tomorrow and then 3 nightshifts starting friday night, so my replies may be alittle delayed at times.

again thanx for the help

george

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:07 AM

Posted 13 October 2010 - 05:04 PM

QUOTE
I work 12 hour shifts, days today and tomorrow and then 3 nightshifts starting friday night, so my replies may be alittle delayed at times.


Okay, that's fine. I'm in the UK so it could be a bit mad. smile.gif

Please run OTL, I can see a hijacker operating so let's see it off after this next scan
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#5 georgenelson

georgenelson
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 13 October 2010 - 08:56 PM

Hi m0le it looks like I will have to make 2 replys 1 for each report, too much data

Also ttonight I had a hard time starting my computer,had to try several times then microsoft did some kind of fix automatically and it started unsure.gif
Aswell windows are opening up by themselves

OTL logfile created on: 13/10/2010 9:00:12 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\George\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): c:\pagefile.sys 3000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.05 Gb Total Space | 38.64 Gb Free Space | 13.41% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.77 Gb Free Space | 57.73% Space Free | Partition Type: NTFS
Drive K: | 930.86 Gb Total Space | 709.66 Gb Free Space | 76.24% Space Free | Partition Type: NTFS
Drive L: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GEORGE-PC | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\George\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Cobian Backup 10\cbVSCService.exe (CobianSoft, Luis Cobian)
PRC - C:\Users\George\AppData\Roaming\Microsoft\Windows\jnipmo.exe ()
PRC - C:\Users\George\AppData\Roaming\GabPath\gabpath.exe ()
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Norton SystemWorks Basic Edition\NswUiTray.exe (Symantec Corporation)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Dell AIO 810\DLCGmon.exe (Dell)
PRC - C:\Windows\System32\dlcgcoms.exe ( )
PRC - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\George\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dllqcwbrz32.dll ()
MOD - C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dll ()
MOD - C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dllcyrin9vn8e32.dll ()
MOD - C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dll ()
MOD - C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dll ()
MOD - C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll ()
MOD - C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dll ()
MOD - C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dll ()
MOD - C:\Windows\System32\cmifw32.dll ()
MOD - C:\Windows\System32\dataclen32.dll ()
MOD - C:\Windows\System32\clfsw3232.dll ()
MOD - C:\Windows\System32\danim32.dll ()
MOD - C:\Windows\System32\ci32.dll ()
MOD - C:\Windows\System32\d3dx9_3132.dll ()
MOD - C:\Windows\System32\powrprof.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dsound.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (cbVSCService) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe (CobianSoft, Luis Cobian)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (dlcg_device) -- C:\Windows\System32\dlcgcoms.exe ( )
SRV - (AlertService) Intel® -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)
SRV - (Remote UI Service) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation)
SRV - (MCLServiceATL) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)
SRV - (ISSM) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel® Corporation)
SRV - (M1 Server) Intel® Viiv™ -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS File not found
DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (SYMDNS) -- C:\Windows\System32\Drivers\NIS\1002000.007\SYMDNS.SYS File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101013.022\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101013.022\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101005.004\IDSvix86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (ccHP) -- C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (tapvpn) -- C:\Windows\System32\drivers\tapvpn.sys (The OpenVPN Project)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys.vir (Gteko Ltd.)
DRV - (DRVNDDM) -- C:\Windows\System32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (TSHWMDTCP) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys.vir (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (nmsgopro) -- C:\Windows\System32\drivers\nmsgopro.sys.vir (Gteko Ltd.)
DRV - (DRVMCDB) -- C:\Windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&cli...amp;ibd=3070829
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 E6 8C B0 90 C0 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BE 3C 9B 0E DB DC 11 42 9B E5 BD 3B CA C2 FD E9 [binary data]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\sp, = http://www.spurl.net/mysearch.php?searchstring=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\spa, = http://www.spurl.net/search.php?searchstring=%s
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {4bcdbfd0-fa26-11de-8a39-0800200c9a66}:3
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.7.2
FF - prefs.js..extensions.enabledItems: {24d2f8a9-3e41-4602-bdb0-8c84342526e1}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:01:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/22 19:41:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\George\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66} [2010/10/05 00:53:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/04 21:42:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/05 00:53:20 | 000,000,000 | ---D | M]

[2009/08/21 16:30:29 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\mozilla\Extensions
[2008/11/22 19:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/21 16:30:29 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/10/01 19:23:25 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\mozilla\Firefox\Profiles\7awv38l2.default\extensions
[2009/12/10 10:15:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\George\AppData\Roaming\mozilla\Firefox\Profiles\7awv38l2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/13 20:53:15 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\George\AppData\Roaming\mozilla\Firefox\Profiles\7awv38l2.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}
[2009/12/09 10:56:10 | 000,002,163 | ---- | M] () -- C:\Users\George\AppData\Roaming\Mozilla\FireFox\Profiles\7awv38l2.default\searchplugins\bing.xml
[2010/10/13 19:07:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/19 17:34:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/04/19 17:33:40 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/19 17:33:40 | 000,134,616 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/06/19 13:09:13 | 000,119,808 | ---- | M] (Google) -- C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/01/16 20:17:04 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/11/13 20:47:38 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010/04/19 17:33:46 | 000,065,496 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/08/13 07:03:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/07/28 13:44:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/07/28 13:44:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/07/28 13:44:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/07/28 13:44:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/07/28 13:44:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/07/28 13:44:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/07/28 13:44:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/02/15 01:51:53 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/02/15 01:51:53 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/02/15 01:51:53 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/02/15 01:51:53 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/02/15 01:51:53 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/06/19 13:09:19 | 000,002,020 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\googledesktop.xml
[2009/08/20 14:28:57 | 000,002,221 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SafeSearch.xml
[2010/02/15 01:51:53 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/02/15 01:51:53 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0E9B3CBE-DCDB-4211-9BE5-BD3BCAC2FDE9} - C:\ProgramData\eappcfg32.dll (Inprise Corporation)
O2 - BHO: (no name) - {0ff9a677-542a-481d-a6d6-3fa32d8a806d} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0ff9a677-542a-481d-a6d6-3fa32d8a806d} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0FF9A677-542A-481D-A6D6-3FA32D8A806D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLCGCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.DLL ()
O4 - HKLM..\Run: [dlcgmon.exe] C:\Program Files\Dell AIO 810\dlcgmon.exe (Dell)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [NswUiTray] C:\Program Files\Norton SystemWorks Basic Edition\NswUiTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [GabPath] C:\Users\George\AppData\Roaming\GabPath\gabpath.exe ()
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [RTHDBPL] C:\Users\George\AppData\Local\Temp\54A4.tmp File not found
O4 - HKCU..\Run: [SfKg6wIPuSp] C:\Users\George\AppData\Roaming\Microsoft\Windows\jnipmo.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB70-AE6D-11cf-96B8-444553540000} (Macromedia Flash Factory Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.104.96.22 216.104.98.222
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\system32\d3dx9_3132.dll) - C:\Windows\System32\d3dx9_3132.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\ci32.dll) - C:\Windows\System32\ci32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\danim32.dll) - C:\Windows\System32\danim32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\clfsw3232.dll) - C:\Windows\System32\clfsw3232.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\dataclen32.dll) - C:\Windows\System32\dataclen32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\cmifw32.dll) - C:\Windows\System32\cmifw32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\cmifw32.dllkun6olj82i3zlj032.dll) - C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dll) - C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\dataclen32.dll2ebqflrvpj32.dll) - C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dll) - C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dll) - C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dllcyrin9vn8e32.dll) - C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dllcyrin9vn8e32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dll) - C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dllqcwbrz32.dll) - C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dllqcwbrz32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Program Files\graphiquEcalendar 2008 Hale Kittens\desktopbackground\1280x1024_06.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/01 13:55:11 | 000,000,038 | -H-- | M] () - K:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/06/12 17:56:58 | 000,000,030 | RH-- | M] () - L:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4ca7c33a-45ee-11df-9da3-0019d19195b3}\Shell - "" = AutoRun
O33 - MountPoints2\{4ca7c33a-45ee-11df-9da3-0019d19195b3}\Shell\AutoRun\command - "" = L:\HPLauncher.exe -- [2009/05/18 13:46:50 | 000,565,248 | R--- | M] ()
O33 - MountPoints2\{e42df72e-5592-11dc-b47a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e42df72e-5592-11dc-b47a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\ProgramData\d3dx9_3632.dll
[2010/10/13 20:58:24 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
[2010/10/13 20:50:58 | 000,353,792 | ---- | C] (Inprise Corporation) -- C:\ProgramData\eappcfg32.dll
[2010/10/05 10:53:46 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\Safe mirror
[2010/10/05 10:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2010/10/05 08:44:58 | 000,321,536 | ---- | C] (Inprise Corporation) -- C:\ProgramData\dskquoui32.dll
[2010/10/05 01:02:28 | 000,321,536 | ---- | C] (Inprise Corporation) -- C:\ProgramData\clfsw3232.dll
[2010/10/04 21:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(103)
[2010/10/04 21:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(104)
[2010/10/04 21:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour(3)
[2010/10/04 02:12:58 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\WinRAR
[2010/09/30 18:00:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2010/09/30 17:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\341610175
[2010/09/30 17:08:58 | 000,319,488 | ---- | C] (Inprise Corporation) -- C:\Windows\System32\ddrawex32.dll
[2010/09/30 17:08:10 | 000,000,000 | -HSD | C] -- C:\Users\George\AppData\Roaming\SysWin
[2010/09/30 17:07:59 | 000,319,488 | ---- | C] (Inprise Corporation) -- C:\Windows\System32\deskadp32.dll
[2010/09/28 20:03:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/09/19 17:40:17 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\GabPath
[2010/09/14 16:27:45 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/04/19 17:39:45 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLCGhcp.dll
[2006/10/11 17:01:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcgpmui.dll
[2006/10/11 16:59:56 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcgserv.dll
[2006/10/11 16:54:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcgcomm.dll
[2006/10/11 16:52:34 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcglmpm.dll
[2006/10/11 16:51:16 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcgiesc.dll
[2006/10/11 16:48:58 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcgpplc.dll
[2006/10/11 16:48:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcgcomc.dll
[2006/10/11 16:47:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcgprox.dll
[2006/10/11 16:41:42 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcginpa.dll
[2006/10/11 16:41:04 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcgusb1.dll
[2006/10/11 16:37:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcghbn3.dll
[58 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[58 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Users\George\AppData\Roaming\*.tmp files -> C:\Users\George\AppData\Roaming\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/13 21:14:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/13 21:13:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8BD46669-BA1A-4948-AE4D-F1D4681287F6}.job
[2010/10/13 20:58:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
[2010/10/13 20:54:25 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/10/13 20:50:58 | 000,353,792 | ---- | M] (Inprise Corporation) -- C:\ProgramData\eappcfg32.dll
[2010/10/13 20:50:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/13 20:50:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/13 20:50:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/13 20:49:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/06 06:03:12 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/10/05 17:42:04 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for George.job
[2010/10/05 14:27:05 | 000,284,915 | ---- | M] () -- C:\Users\George\Desktop\gmer.zip
[2010/10/05 14:16:57 | 000,525,824 | ---- | M] () -- C:\Users\George\Desktop\dds.scr
[2010/10/05 14:15:24 | 000,050,477 | ---- | M] () -- C:\Users\George\Desktop\Defogger.exe
[2010/10/05 14:13:09 | 000,000,000 | ---- | M] () -- C:\Users\George\defogger_reenable
[2010/10/05 13:44:59 | 000,344,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/05 08:44:59 | 000,321,536 | ---- | M] (Inprise Corporation) -- C:\ProgramData\dskquoui32.dll
[2010/10/05 01:02:28 | 000,321,536 | ---- | M] (Inprise Corporation) -- C:\ProgramData\clfsw3232.dll
[2010/10/04 22:07:10 | 000,001,185 | ---- | M] () -- C:\ProgramData\1444188836
[2010/10/01 19:25:41 | 000,000,149 | -HS- | M] () -- C:\ProgramData\1983822216
[2010/09/30 17:59:52 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2010/09/30 17:08:58 | 000,319,488 | ---- | M] (Inprise Corporation) -- C:\Windows\System32\ddrawex32.dll
[2010/09/30 17:08:58 | 000,126,464 | ---- | M] () -- C:\Windows\System32\ddrawex32.dll.exe
[2010/09/30 17:08:27 | 000,212,992 | ---- | M] () -- C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dllqcwbrz32.dll
[2010/09/30 17:07:59 | 000,319,488 | ---- | M] (Inprise Corporation) -- C:\Windows\System32\deskadp32.dll
[2010/09/30 17:07:57 | 000,212,992 | ---- | M] () -- C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dll
[2010/09/30 17:07:28 | 000,212,992 | ---- | M] () -- C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dllcyrin9vn8e32.dll
[2010/09/30 17:07:27 | 000,212,992 | ---- | M] () -- C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dll
[2010/09/30 17:06:58 | 000,212,992 | ---- | M] () -- C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dll
[2010/09/30 17:06:55 | 000,212,992 | ---- | M] () -- C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll
[2010/09/30 17:06:28 | 000,212,992 | ---- | M] () -- C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dll
[2010/09/30 17:05:57 | 000,212,992 | ---- | M] () -- C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dll
[2010/09/30 17:05:27 | 000,212,992 | ---- | M] () -- C:\Windows\System32\cmifw32.dll
[2010/09/30 17:04:57 | 000,212,992 | ---- | M] () -- C:\Windows\System32\dataclen32.dll
[2010/09/30 17:04:26 | 000,212,992 | ---- | M] () -- C:\Windows\System32\clfsw3232.dll
[2010/09/30 17:03:56 | 000,212,992 | ---- | M] () -- C:\Windows\System32\danim32.dll
[2010/09/30 17:03:25 | 000,212,992 | ---- | M] () -- C:\Windows\System32\ci32.dll
[2010/09/30 17:02:54 | 000,212,992 | ---- | M] () -- C:\Windows\System32\d3dx9_3132.dll
[2010/09/27 12:00:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Norton SystemWorks One Button Checkup.job
[2010/09/19 17:40:17 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\Streaming Music - MediaPass.lnk
[2010/09/19 17:16:35 | 000,604,084 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/19 17:16:35 | 000,107,392 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/16 11:49:14 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/15 12:50:55 | 000,000,632 | RHS- | M] () -- C:\Users\George\ntuser.pol
[2010/09/14 08:21:09 | 000,015,066 | ---- | M] () -- C:\Windows\System32\Support.xml
[58 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[58 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Users\George\AppData\Roaming\*.tmp files -> C:\Users\George\AppData\Roaming\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/05 14:27:01 | 000,284,915 | ---- | C] () -- C:\Users\George\Desktop\gmer.zip
[2010/10/05 14:16:53 | 000,525,824 | ---- | C] () -- C:\Users\George\Desktop\dds.scr
[2010/10/05 14:15:23 | 000,050,477 | ---- | C] () -- C:\Users\George\Desktop\Defogger.exe
[2010/10/05 14:13:09 | 000,000,000 | ---- | C] () -- C:\Users\George\defogger_reenable
[2010/09/30 18:00:44 | 000,000,149 | -HS- | C] () -- C:\ProgramData\1983822216
[2010/09/30 18:00:43 | 000,001,185 | ---- | C] () -- C:\ProgramData\1444188836
[2010/09/30 17:59:52 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/09/30 17:08:58 | 000,126,464 | ---- | C] () -- C:\Windows\System32\ddrawex32.dll.exe
[2010/09/30 17:08:27 | 000,212,992 | ---- | C] () -- C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dllqcwbrz32.dll
[2010/09/30 17:07:57 | 000,212,992 | ---- | C] () -- C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dll
[2010/09/30 17:07:28 | 000,212,992 | ---- | C] () -- C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dllcyrin9vn8e32.dll
[2010/09/30 17:07:26 | 000,212,992 | ---- | C] () -- C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dll
[2010/09/30 17:06:58 | 000,212,992 | ---- | C] () -- C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dll
[2010/09/30 17:06:55 | 000,212,992 | ---- | C] () -- C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll
[2010/09/30 17:06:28 | 000,212,992 | ---- | C] () -- C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dll
[2010/09/30 17:05:57 | 000,212,992 | ---- | C] () -- C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dll
[2010/09/30 17:05:27 | 000,212,992 | ---- | C] () -- C:\Windows\System32\cmifw32.dll
[2010/09/30 17:04:56 | 000,212,992 | ---- | C] () -- C:\Windows\System32\dataclen32.dll
[2010/09/30 17:04:26 | 000,212,992 | ---- | C] () -- C:\Windows\System32\clfsw3232.dll
[2010/09/30 17:03:56 | 000,212,992 | ---- | C] () -- C:\Windows\System32\danim32.dll
[2010/09/30 17:03:25 | 000,212,992 | ---- | C] () -- C:\Windows\System32\ci32.dll
[2010/09/30 17:02:54 | 000,212,992 | ---- | C] () -- C:\Windows\System32\d3dx9_3132.dll
[2010/09/19 17:40:17 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\Streaming Music - MediaPass.lnk
[2010/04/21 12:07:32 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/04/21 12:07:32 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/04/19 17:39:45 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLCGinst.dll
[2010/02/22 00:37:11 | 000,001,418 | ---- | C] () -- C:\Windows\tefview.ini
[2009/12/09 10:28:19 | 000,002,874 | ---- | C] () -- C:\Users\George\AppData\Roaming\SAS7_000.DAT
[2009/10/29 09:36:12 | 000,000,095 | ---- | C] () -- C:\Windows\System32\WININIT.INI
[2009/09/18 14:40:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/03 11:30:31 | 000,000,155 | ---- | C] () -- C:\Windows\disney.ini
[2008/06/16 21:56:07 | 000,000,013 | -H-- | C] () -- C:\ProgramData\jgalt.ayn
[2008/03/10 14:52:49 | 000,000,098 | ---- | C] () -- C:\Windows\7thlevel.ini
[2007/10/16 23:45:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2007/10/16 23:45:46 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2007/09/11 22:57:25 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/09/11 22:57:22 | 000,001,108 | ---- | C] () -- C:\Windows\wininit.ini
[2007/09/01 22:15:26 | 000,032,256 | ---- | C] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/07 00:16:26 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcginsr.dll
[2006/12/07 00:16:18 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcgcur.dll
[2006/12/07 00:15:40 | 000,131,072 | ---- | C] () -- C:\Windows\System32\dlcgjswr.dll
[2006/12/07 00:10:38 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcginsb.dll
[2006/12/07 00:10:30 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcgcub.dll
[2006/12/07 00:10:08 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcgcu.dll
[2006/12/07 00:10:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlcgins.dll
[2006/12/07 00:08:32 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlcgutil.dll
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/07 11:30:48 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcgcoin.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/09/06 04:27:28 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlcgcfg.dll
[2006/06/23 09:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/08/18 05:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcgvs.dll
[2005/07/05 09:32:24 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcgcnv4.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

========== LOP Check ==========

[2010/03/04 02:31:32 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\AnvSoft
[2010/04/23 23:41:54 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\BitTorrent
[2008/06/16 21:53:37 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\CoffeeCup Software
[2008/12/26 16:22:56 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\FileZilla
[2010/10/13 21:03:17 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\GabPath
[2009/10/29 11:18:37 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\GHISLER
[2009/01/13 23:49:34 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Good Keywords v2
[2010/01/18 11:42:21 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Libronix DLS
[2010/10/13 20:54:12 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\LimeWire
[2010/02/24 14:25:40 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\NCH Swift Sound
[2009/02/13 11:18:13 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Niche Inspector
[2009/12/09 01:46:24 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Nuance
[2008/01/08 09:09:13 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Salehoo
[2010/09/30 17:08:13 | 000,000,000 | -HSD | M] -- C:\Users\George\AppData\Roaming\SysWin
[2010/10/06 06:03:12 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/10/13 19:06:40 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/13 21:13:00 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8BD46669-BA1A-4948-AE4D-F1D4681287F6}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\George\Documents\Xbox360:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\George\Documents\Symantec:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\George\Documents\PassMark:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\George\Documents\OneNote Notebooks:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\George\Documents\LimeWire:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\George\Documents\Keywordanalyzer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\George\Documents\dell printer810:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\George\Desktop\NSWBE1200TB15:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\George\Desktop\niche inspector:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\George\Desktop\New Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\George\Desktop\Michael Cheney Sites:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\George\Desktop\coolsat:Roxio EMC Stream
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:F35A93AD
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >


#6 georgenelson

georgenelson
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 13 October 2010 - 08:58 PM

heres the 2nd one

OTL logfile created on: 13/10/2010 9:00:12 PM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\George\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): c:\pagefile.sys 3000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.05 Gb Total Space | 38.64 Gb Free Space | 13.41% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.77 Gb Free Space | 57.73% Space Free | Partition Type: NTFS
Drive K: | 930.86 Gb Total Space | 709.66 Gb Free Space | 76.24% Space Free | Partition Type: NTFS
Drive L: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GEORGE-PC | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\George\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Cobian Backup 10\cbVSCService.exe (CobianSoft, Luis Cobian)
PRC - C:\Users\George\AppData\Roaming\Microsoft\Windows\jnipmo.exe ()
PRC - C:\Users\George\AppData\Roaming\GabPath\gabpath.exe ()
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Norton SystemWorks Basic Edition\NswUiTray.exe (Symantec Corporation)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Dell AIO 810\DLCGmon.exe (Dell)
PRC - C:\Windows\System32\dlcgcoms.exe ( )
PRC - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\George\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dllqcwbrz32.dll ()
MOD - C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dll ()
MOD - C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dllcyrin9vn8e32.dll ()
MOD - C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dll ()
MOD - C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dll ()
MOD - C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll ()
MOD - C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dll ()
MOD - C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dll ()
MOD - C:\Windows\System32\cmifw32.dll ()
MOD - C:\Windows\System32\dataclen32.dll ()
MOD - C:\Windows\System32\clfsw3232.dll ()
MOD - C:\Windows\System32\danim32.dll ()
MOD - C:\Windows\System32\ci32.dll ()
MOD - C:\Windows\System32\d3dx9_3132.dll ()
MOD - C:\Windows\System32\powrprof.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dsound.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (cbVSCService) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe (CobianSoft, Luis Cobian)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (dlcg_device) -- C:\Windows\System32\dlcgcoms.exe ( )
SRV - (AlertService) Intel® -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)
SRV - (Remote UI Service) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation)
SRV - (MCLServiceATL) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)
SRV - (ISSM) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel® Corporation)
SRV - (M1 Server) Intel® Viiv™ -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS File not found
DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (SYMDNS) -- C:\Windows\System32\Drivers\NIS\1002000.007\SYMDNS.SYS File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101013.022\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101013.022\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101005.004\IDSvix86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (ccHP) -- C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (tapvpn) -- C:\Windows\System32\drivers\tapvpn.sys (The OpenVPN Project)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys.vir (Gteko Ltd.)
DRV - (DRVNDDM) -- C:\Windows\System32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (TSHWMDTCP) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys.vir (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (nmsgopro) -- C:\Windows\System32\drivers\nmsgopro.sys.vir (Gteko Ltd.)
DRV - (DRVMCDB) -- C:\Windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&cli...amp;ibd=3070829
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 E6 8C B0 90 C0 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BE 3C 9B 0E DB DC 11 42 9B E5 BD 3B CA C2 FD E9 [binary data]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\sp, = http://www.spurl.net/mysearch.php?searchstring=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\spa, = http://www.spurl.net/search.php?searchstring=%s
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {4bcdbfd0-fa26-11de-8a39-0800200c9a66}:3
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.7.2
FF - prefs.js..extensions.enabledItems: {24d2f8a9-3e41-4602-bdb0-8c84342526e1}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:01:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/22 19:41:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\George\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66} [2010/10/05 00:53:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/04 21:42:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/05 00:53:20 | 000,000,000 | ---D | M]

[2009/08/21 16:30:29 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\mozilla\Extensions
[2008/11/22 19:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/21 16:30:29 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/10/01 19:23:25 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\mozilla\Firefox\Profiles\7awv38l2.default\extensions
[2009/12/10 10:15:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\George\AppData\Roaming\mozilla\Firefox\Profiles\7awv38l2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/13 20:53:15 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\George\AppData\Roaming\mozilla\Firefox\Profiles\7awv38l2.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}
[2009/12/09 10:56:10 | 000,002,163 | ---- | M] () -- C:\Users\George\AppData\Roaming\Mozilla\FireFox\Profiles\7awv38l2.default\searchplugins\bing.xml
[2010/10/13 19:07:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/19 17:34:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/04/19 17:33:40 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/19 17:33:40 | 000,134,616 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/06/19 13:09:13 | 000,119,808 | ---- | M] (Google) -- C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/01/16 20:17:04 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/11/13 20:47:38 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010/04/19 17:33:46 | 000,065,496 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/08/13 07:03:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/07/28 13:44:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/07/28 13:44:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/07/28 13:44:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/07/28 13:44:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/07/28 13:44:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/07/28 13:44:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/07/28 13:44:01 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/02/15 01:51:53 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/02/15 01:51:53 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/02/15 01:51:53 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/02/15 01:51:53 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/02/15 01:51:53 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/06/19 13:09:19 | 000,002,020 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\googledesktop.xml
[2009/08/20 14:28:57 | 000,002,221 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SafeSearch.xml
[2010/02/15 01:51:53 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/02/15 01:51:53 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0E9B3CBE-DCDB-4211-9BE5-BD3BCAC2FDE9} - C:\ProgramData\eappcfg32.dll (Inprise Corporation)
O2 - BHO: (no name) - {0ff9a677-542a-481d-a6d6-3fa32d8a806d} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0ff9a677-542a-481d-a6d6-3fa32d8a806d} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0FF9A677-542A-481D-A6D6-3FA32D8A806D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLCGCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.DLL ()
O4 - HKLM..\Run: [dlcgmon.exe] C:\Program Files\Dell AIO 810\dlcgmon.exe (Dell)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [NswUiTray] C:\Program Files\Norton SystemWorks Basic Edition\NswUiTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [GabPath] C:\Users\George\AppData\Roaming\GabPath\gabpath.exe ()
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [RTHDBPL] C:\Users\George\AppData\Local\Temp\54A4.tmp File not found
O4 - HKCU..\Run: [SfKg6wIPuSp] C:\Users\George\AppData\Roaming\Microsoft\Windows\jnipmo.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB70-AE6D-11cf-96B8-444553540000} (Macromedia Flash Factory Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.104.96.22 216.104.98.222
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\system32\d3dx9_3132.dll) - C:\Windows\System32\d3dx9_3132.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\ci32.dll) - C:\Windows\System32\ci32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\danim32.dll) - C:\Windows\System32\danim32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\clfsw3232.dll) - C:\Windows\System32\clfsw3232.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\dataclen32.dll) - C:\Windows\System32\dataclen32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\cmifw32.dll) - C:\Windows\System32\cmifw32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\cmifw32.dllkun6olj82i3zlj032.dll) - C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dll) - C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\dataclen32.dll2ebqflrvpj32.dll) - C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dll) - C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dll) - C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dllcyrin9vn8e32.dll) - C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dllcyrin9vn8e32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dll) - C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dll ()
O20 - AppInit_DLLs: (C:\Windows\system32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dllqcwbrz32.dll) - C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dllqcwbrz32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Program Files\graphiquEcalendar 2008 Hale Kittens\desktopbackground\1280x1024_06.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/01 13:55:11 | 000,000,038 | -H-- | M] () - K:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/06/12 17:56:58 | 000,000,030 | RH-- | M] () - L:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4ca7c33a-45ee-11df-9da3-0019d19195b3}\Shell - "" = AutoRun
O33 - MountPoints2\{4ca7c33a-45ee-11df-9da3-0019d19195b3}\Shell\AutoRun\command - "" = L:\HPLauncher.exe -- [2009/05/18 13:46:50 | 000,565,248 | R--- | M] ()
O33 - MountPoints2\{e42df72e-5592-11dc-b47a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e42df72e-5592-11dc-b47a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\ProgramData\d3dx9_3632.dll
[2010/10/13 20:58:24 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
[2010/10/13 20:50:58 | 000,353,792 | ---- | C] (Inprise Corporation) -- C:\ProgramData\eappcfg32.dll
[2010/10/05 10:53:46 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Local\Safe mirror
[2010/10/05 10:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2010/10/05 08:44:58 | 000,321,536 | ---- | C] (Inprise Corporation) -- C:\ProgramData\dskquoui32.dll
[2010/10/05 01:02:28 | 000,321,536 | ---- | C] (Inprise Corporation) -- C:\ProgramData\clfsw3232.dll
[2010/10/04 21:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(103)
[2010/10/04 21:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(104)
[2010/10/04 21:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour(3)
[2010/10/04 02:12:58 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\WinRAR
[2010/09/30 18:00:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2010/09/30 17:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\341610175
[2010/09/30 17:08:58 | 000,319,488 | ---- | C] (Inprise Corporation) -- C:\Windows\System32\ddrawex32.dll
[2010/09/30 17:08:10 | 000,000,000 | -HSD | C] -- C:\Users\George\AppData\Roaming\SysWin
[2010/09/30 17:07:59 | 000,319,488 | ---- | C] (Inprise Corporation) -- C:\Windows\System32\deskadp32.dll
[2010/09/28 20:03:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/09/19 17:40:17 | 000,000,000 | ---D | C] -- C:\Users\George\AppData\Roaming\GabPath
[2010/09/14 16:27:45 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/04/19 17:39:45 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\DLCGhcp.dll
[2006/10/11 17:01:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcgpmui.dll
[2006/10/11 16:59:56 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcgserv.dll
[2006/10/11 16:54:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcgcomm.dll
[2006/10/11 16:52:34 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcglmpm.dll
[2006/10/11 16:51:16 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcgiesc.dll
[2006/10/11 16:48:58 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcgpplc.dll
[2006/10/11 16:48:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcgcomc.dll
[2006/10/11 16:47:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcgprox.dll
[2006/10/11 16:41:42 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcginpa.dll
[2006/10/11 16:41:04 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcgusb1.dll
[2006/10/11 16:37:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcghbn3.dll
[58 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[58 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Users\George\AppData\Roaming\*.tmp files -> C:\Users\George\AppData\Roaming\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/13 21:14:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/13 21:13:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8BD46669-BA1A-4948-AE4D-F1D4681287F6}.job
[2010/10/13 20:58:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
[2010/10/13 20:54:25 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/10/13 20:50:58 | 000,353,792 | ---- | M] (Inprise Corporation) -- C:\ProgramData\eappcfg32.dll
[2010/10/13 20:50:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/13 20:50:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/13 20:50:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/13 20:49:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/06 06:03:12 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/10/05 17:42:04 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for George.job
[2010/10/05 14:27:05 | 000,284,915 | ---- | M] () -- C:\Users\George\Desktop\gmer.zip
[2010/10/05 14:16:57 | 000,525,824 | ---- | M] () -- C:\Users\George\Desktop\dds.scr
[2010/10/05 14:15:24 | 000,050,477 | ---- | M] () -- C:\Users\George\Desktop\Defogger.exe
[2010/10/05 14:13:09 | 000,000,000 | ---- | M] () -- C:\Users\George\defogger_reenable
[2010/10/05 13:44:59 | 000,344,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/05 08:44:59 | 000,321,536 | ---- | M] (Inprise Corporation) -- C:\ProgramData\dskquoui32.dll
[2010/10/05 01:02:28 | 000,321,536 | ---- | M] (Inprise Corporation) -- C:\ProgramData\clfsw3232.dll
[2010/10/04 22:07:10 | 000,001,185 | ---- | M] () -- C:\ProgramData\1444188836
[2010/10/01 19:25:41 | 000,000,149 | -HS- | M] () -- C:\ProgramData\1983822216
[2010/09/30 17:59:52 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2010/09/30 17:08:58 | 000,319,488 | ---- | M] (Inprise Corporation) -- C:\Windows\System32\ddrawex32.dll
[2010/09/30 17:08:58 | 000,126,464 | ---- | M] () -- C:\Windows\System32\ddrawex32.dll.exe
[2010/09/30 17:08:27 | 000,212,992 | ---- | M] () -- C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dllqcwbrz32.dll
[2010/09/30 17:07:59 | 000,319,488 | ---- | M] (Inprise Corporation) -- C:\Windows\System32\deskadp32.dll
[2010/09/30 17:07:57 | 000,212,992 | ---- | M] () -- C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dll
[2010/09/30 17:07:28 | 000,212,992 | ---- | M] () -- C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dllcyrin9vn8e32.dll
[2010/09/30 17:07:27 | 000,212,992 | ---- | M] () -- C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dll
[2010/09/30 17:06:58 | 000,212,992 | ---- | M] () -- C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dll
[2010/09/30 17:06:55 | 000,212,992 | ---- | M] () -- C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll
[2010/09/30 17:06:28 | 000,212,992 | ---- | M] () -- C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dll
[2010/09/30 17:05:57 | 000,212,992 | ---- | M] () -- C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dll
[2010/09/30 17:05:27 | 000,212,992 | ---- | M] () -- C:\Windows\System32\cmifw32.dll
[2010/09/30 17:04:57 | 000,212,992 | ---- | M] () -- C:\Windows\System32\dataclen32.dll
[2010/09/30 17:04:26 | 000,212,992 | ---- | M] () -- C:\Windows\System32\clfsw3232.dll
[2010/09/30 17:03:56 | 000,212,992 | ---- | M] () -- C:\Windows\System32\danim32.dll
[2010/09/30 17:03:25 | 000,212,992 | ---- | M] () -- C:\Windows\System32\ci32.dll
[2010/09/30 17:02:54 | 000,212,992 | ---- | M] () -- C:\Windows\System32\d3dx9_3132.dll
[2010/09/27 12:00:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Norton SystemWorks One Button Checkup.job
[2010/09/19 17:40:17 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\Streaming Music - MediaPass.lnk
[2010/09/19 17:16:35 | 000,604,084 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/19 17:16:35 | 000,107,392 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/16 11:49:14 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/15 12:50:55 | 000,000,632 | RHS- | M] () -- C:\Users\George\ntuser.pol
[2010/09/14 08:21:09 | 000,015,066 | ---- | M] () -- C:\Windows\System32\Support.xml
[58 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[58 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Users\George\AppData\Roaming\*.tmp files -> C:\Users\George\AppData\Roaming\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/05 14:27:01 | 000,284,915 | ---- | C] () -- C:\Users\George\Desktop\gmer.zip
[2010/10/05 14:16:53 | 000,525,824 | ---- | C] () -- C:\Users\George\Desktop\dds.scr
[2010/10/05 14:15:23 | 000,050,477 | ---- | C] () -- C:\Users\George\Desktop\Defogger.exe
[2010/10/05 14:13:09 | 000,000,000 | ---- | C] () -- C:\Users\George\defogger_reenable
[2010/09/30 18:00:44 | 000,000,149 | -HS- | C] () -- C:\ProgramData\1983822216
[2010/09/30 18:00:43 | 000,001,185 | ---- | C] () -- C:\ProgramData\1444188836
[2010/09/30 17:59:52 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/09/30 17:08:58 | 000,126,464 | ---- | C] () -- C:\Windows\System32\ddrawex32.dll.exe
[2010/09/30 17:08:27 | 000,212,992 | ---- | C] () -- C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dllqcwbrz32.dll
[2010/09/30 17:07:57 | 000,212,992 | ---- | C] () -- C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dlloqfino2t32.dll
[2010/09/30 17:07:28 | 000,212,992 | ---- | C] () -- C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dllcyrin9vn8e32.dll
[2010/09/30 17:07:26 | 000,212,992 | ---- | C] () -- C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll46cg5q5wxpa5732.dll
[2010/09/30 17:06:58 | 000,212,992 | ---- | C] () -- C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dllgzkfyriokasmafk32.dll
[2010/09/30 17:06:55 | 000,212,992 | ---- | C] () -- C:\Windows\System32\dataclen32.dll2ebqflrvpj32.dll
[2010/09/30 17:06:28 | 000,212,992 | ---- | C] () -- C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dlla43frxkp32.dll
[2010/09/30 17:05:57 | 000,212,992 | ---- | C] () -- C:\Windows\System32\cmifw32.dllkun6olj82i3zlj032.dll
[2010/09/30 17:05:27 | 000,212,992 | ---- | C] () -- C:\Windows\System32\cmifw32.dll
[2010/09/30 17:04:56 | 000,212,992 | ---- | C] () -- C:\Windows\System32\dataclen32.dll
[2010/09/30 17:04:26 | 000,212,992 | ---- | C] () -- C:\Windows\System32\clfsw3232.dll
[2010/09/30 17:03:56 | 000,212,992 | ---- | C] () -- C:\Windows\System32\danim32.dll
[2010/09/30 17:03:25 | 000,212,992 | ---- | C] () -- C:\Windows\System32\ci32.dll
[2010/09/30 17:02:54 | 000,212,992 | ---- | C] () -- C:\Windows\System32\d3dx9_3132.dll
[2010/09/19 17:40:17 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\Streaming Music - MediaPass.lnk
[2010/04/21 12:07:32 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/04/21 12:07:32 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/04/19 17:39:45 | 000,274,432 | ---- | C] () -- C:\Windows\System32\DLCGinst.dll
[2010/02/22 00:37:11 | 000,001,418 | ---- | C] () -- C:\Windows\tefview.ini
[2009/12/09 10:28:19 | 000,002,874 | ---- | C] () -- C:\Users\George\AppData\Roaming\SAS7_000.DAT
[2009/10/29 09:36:12 | 000,000,095 | ---- | C] () -- C:\Windows\System32\WININIT.INI
[2009/09/18 14:40:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/03 11:30:31 | 000,000,155 | ---- | C] () -- C:\Windows\disney.ini
[2008/06/16 21:56:07 | 000,000,013 | -H-- | C] () -- C:\ProgramData\jgalt.ayn
[2008/03/10 14:52:49 | 000,000,098 | ---- | C] () -- C:\Windows\7thlevel.ini
[2007/10/16 23:45:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2007/10/16 23:45:46 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2007/09/11 22:57:25 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/09/11 22:57:22 | 000,001,108 | ---- | C] () -- C:\Windows\wininit.ini
[2007/09/01 22:15:26 | 000,032,256 | ---- | C] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/07 00:16:26 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcginsr.dll
[2006/12/07 00:16:18 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcgcur.dll
[2006/12/07 00:15:40 | 000,131,072 | ---- | C] () -- C:\Windows\System32\dlcgjswr.dll
[2006/12/07 00:10:38 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcginsb.dll
[2006/12/07 00:10:30 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcgcub.dll
[2006/12/07 00:10:08 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcgcu.dll
[2006/12/07 00:10:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlcgins.dll
[2006/12/07 00:08:32 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlcgutil.dll
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/07 11:30:48 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcgcoin.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/09/06 04:27:28 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlcgcfg.dll
[2006/06/23 09:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/08/18 05:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcgvs.dll
[2005/07/05 09:32:24 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcgcnv4.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

========== LOP Check ==========

[2010/03/04 02:31:32 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\AnvSoft
[2010/04/23 23:41:54 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\BitTorrent
[2008/06/16 21:53:37 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\CoffeeCup Software
[2008/12/26 16:22:56 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\FileZilla
[2010/10/13 21:03:17 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\GabPath
[2009/10/29 11:18:37 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\GHISLER
[2009/01/13 23:49:34 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Good Keywords v2
[2010/01/18 11:42:21 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Libronix DLS
[2010/10/13 20:54:12 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\LimeWire
[2010/02/24 14:25:40 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\NCH Swift Sound
[2009/02/13 11:18:13 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Niche Inspector
[2009/12/09 01:46:24 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Nuance
[2008/01/08 09:09:13 | 000,000,000 | ---D | M] -- C:\Users\George\AppData\Roaming\Salehoo
[2010/09/30 17:08:13 | 000,000,000 | -HSD | M] -- C:\Users\George\AppData\Roaming\SysWin
[2010/10/06 06:03:12 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/10/13 19:06:40 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/13 21:13:00 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8BD46669-BA1A-4948-AE4D-F1D4681287F6}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\George\Documents\Xbox360:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\George\Documents\Symantec:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\George\Documents\PassMark:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\George\Documents\OneNote Notebooks:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\George\Documents\LimeWire:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\George\Documents\Keywordanalyzer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\George\Documents\dell printer810:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\George\Desktop\NSWBE1200TB15:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\George\Desktop\niche inspector:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\George\Desktop\New Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\George\Desktop\Michael Cheney Sites:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\George\Desktop\coolsat:Roxio EMC Stream
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:F35A93AD
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >


#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:07 AM

Posted 14 October 2010 - 03:49 PM

There's a large amount of infection on these logs and we need to find the major player before we can clean off the rest.

Please run TDSSKiller
  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#8 georgenelson

georgenelson
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 15 October 2010 - 09:33 AM

It said it did not find anything, but heres the report

2010/10/15 10:21:48.0392 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/15 10:21:48.0392 ================================================================================
2010/10/15 10:21:48.0392 SystemInfo:
2010/10/15 10:21:48.0392
2010/10/15 10:21:48.0392 OS Version: 6.0.6002 ServicePack: 2.0
2010/10/15 10:21:48.0392 Product type: Workstation
2010/10/15 10:21:48.0392 ComputerName: GEORGE-PC
2010/10/15 10:21:48.0392 UserName: George
2010/10/15 10:21:48.0392 Windows directory: C:\Windows
2010/10/15 10:21:48.0392 System windows directory: C:\Windows
2010/10/15 10:21:48.0392 Processor architecture: Intel x86
2010/10/15 10:21:48.0392 Number of processors: 4
2010/10/15 10:21:48.0392 Page size: 0x1000
2010/10/15 10:21:48.0392 Boot type: Normal boot
2010/10/15 10:21:48.0392 ================================================================================
2010/10/15 10:21:48.0719 Initialize success
2010/10/15 10:21:58.0657 ================================================================================
2010/10/15 10:21:58.0657 Scan started
2010/10/15 10:21:58.0657 Mode: Manual;
2010/10/15 10:21:58.0657 ================================================================================
2010/10/15 10:21:59.0234 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/10/15 10:21:59.0296 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/10/15 10:21:59.0374 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/10/15 10:21:59.0421 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/10/15 10:21:59.0483 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/10/15 10:21:59.0577 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/10/15 10:21:59.0655 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2010/10/15 10:21:59.0702 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/10/15 10:21:59.0795 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
2010/10/15 10:21:59.0858 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2010/10/15 10:21:59.0905 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
2010/10/15 10:21:59.0983 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/10/15 10:22:00.0076 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/10/15 10:22:00.0170 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/10/15 10:22:00.0217 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/10/15 10:22:00.0279 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/15 10:22:00.0326 atapi (9e7e85ec61d1c9c3171cc08427108863) C:\Windows\system32\drivers\atapi.sys
2010/10/15 10:22:00.0404 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/10/15 10:22:00.0497 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys
2010/10/15 10:22:00.0638 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/15 10:22:00.0700 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/10/15 10:22:00.0747 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/10/15 10:22:00.0794 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/10/15 10:22:00.0856 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/10/15 10:22:00.0887 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/10/15 10:22:00.0934 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/10/15 10:22:00.0997 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/10/15 10:22:01.0106 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys
2010/10/15 10:22:01.0168 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/15 10:22:01.0199 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/15 10:22:01.0262 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/10/15 10:22:01.0324 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/10/15 10:22:01.0371 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
2010/10/15 10:22:01.0449 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2010/10/15 10:22:01.0527 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/10/15 10:22:01.0558 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/10/15 10:22:01.0636 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/10/15 10:22:01.0714 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/10/15 10:22:01.0777 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS
2010/10/15 10:22:01.0839 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS
2010/10/15 10:22:01.0948 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
2010/10/15 10:22:01.0964 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS
2010/10/15 10:22:02.0057 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS
2010/10/15 10:22:02.0135 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS
2010/10/15 10:22:02.0167 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS
2010/10/15 10:22:02.0229 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
2010/10/15 10:22:02.0245 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS
2010/10/15 10:22:02.0307 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS
2010/10/15 10:22:02.0432 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/10/15 10:22:02.0479 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
2010/10/15 10:22:02.0494 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
2010/10/15 10:22:02.0557 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/10/15 10:22:02.0650 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/15 10:22:02.0713 e1express (9f3e3f19d28b3b4ff261a1e758f4ad26) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/10/15 10:22:02.0759 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/10/15 10:22:02.0822 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/10/15 10:22:02.0931 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/10/15 10:22:03.0009 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/10/15 10:22:03.0071 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/10/15 10:22:03.0149 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/10/15 10:22:03.0212 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/10/15 10:22:03.0243 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/15 10:22:03.0321 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/10/15 10:22:03.0383 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/10/15 10:22:03.0415 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/15 10:22:03.0461 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/10/15 10:22:03.0477 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/15 10:22:03.0539 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/10/15 10:22:03.0586 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/10/15 10:22:03.0727 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/15 10:22:03.0773 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/10/15 10:22:03.0836 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/10/15 10:22:03.0883 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/15 10:22:03.0914 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/10/15 10:22:03.0961 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/10/15 10:22:04.0007 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/10/15 10:22:04.0070 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/15 10:22:04.0148 iaStor (e9f704ca833bd24bfaa3b4a59707633a) C:\Windows\system32\drivers\iastor.sys
2010/10/15 10:22:04.0179 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/10/15 10:22:04.0351 IDSVix86 (2edd3504457691a10328079da011d0b8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101005.004\IDSvix86.sys
2010/10/15 10:22:04.0507 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/10/15 10:22:04.0553 IntelDH (b7a420e4b137176234272d5ca9d51a49) C:\Windows\system32\Drivers\IntelDH.sys
2010/10/15 10:22:04.0631 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\drivers\intelide.sys
2010/10/15 10:22:04.0694 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/15 10:22:04.0772 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/15 10:22:04.0834 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/10/15 10:22:04.0897 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/10/15 10:22:04.0975 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/10/15 10:22:05.0021 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2010/10/15 10:22:05.0099 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/15 10:22:05.0177 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/10/15 10:22:05.0240 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/10/15 10:22:05.0287 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/15 10:22:05.0318 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/15 10:22:05.0365 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/15 10:22:05.0458 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/15 10:22:05.0521 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/10/15 10:22:05.0567 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/10/15 10:22:05.0583 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/10/15 10:22:05.0645 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/10/15 10:22:05.0723 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/10/15 10:22:05.0895 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/10/15 10:22:06.0223 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/15 10:22:06.0254 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/15 10:22:06.0285 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/15 10:22:06.0441 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/10/15 10:22:06.0488 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/10/15 10:22:06.0550 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/15 10:22:06.0613 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/10/15 10:22:06.0691 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/10/15 10:22:06.0722 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/15 10:22:06.0737 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/15 10:22:06.0769 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/15 10:22:06.0815 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
2010/10/15 10:22:06.0862 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/10/15 10:22:06.0925 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/10/15 10:22:07.0003 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\Windows\system32\Drivers\nx6000.sys
2010/10/15 10:22:07.0065 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/10/15 10:22:07.0112 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/15 10:22:07.0190 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/15 10:22:07.0221 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/10/15 10:22:07.0268 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/10/15 10:22:07.0315 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/15 10:22:07.0361 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/10/15 10:22:07.0377 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/10/15 10:22:07.0455 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/15 10:22:07.0627 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101014.040\NAVENG.SYS
2010/10/15 10:22:07.0720 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101014.040\NAVEX15.SYS
2010/10/15 10:22:07.0939 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/10/15 10:22:07.0985 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/15 10:22:08.0063 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/15 10:22:08.0157 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/15 10:22:08.0204 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/10/15 10:22:08.0266 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/15 10:22:08.0297 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/15 10:22:08.0375 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/10/15 10:22:08.0453 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/10/15 10:22:08.0531 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/15 10:22:08.0625 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/10/15 10:22:08.0703 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/10/15 10:22:08.0734 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/10/15 10:22:08.0953 nvlddmkm (671c58cc8dadfe2903207f299ce7a0e1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/10/15 10:22:09.0171 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/10/15 10:22:09.0218 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/10/15 10:22:09.0280 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2010/10/15 10:22:09.0436 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/10/15 10:22:09.0499 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/10/15 10:22:09.0545 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/10/15 10:22:09.0577 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/10/15 10:22:09.0623 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/10/15 10:22:09.0701 pciide (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\drivers\pciide.sys
2010/10/15 10:22:09.0811 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/10/15 10:22:09.0889 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/10/15 10:22:09.0982 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/15 10:22:10.0029 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/10/15 10:22:10.0107 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/15 10:22:10.0169 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2010/10/15 10:22:10.0216 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/10/15 10:22:10.0294 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/10/15 10:22:10.0325 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/15 10:22:10.0435 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/10/15 10:22:10.0544 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/15 10:22:10.0606 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/15 10:22:10.0637 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/15 10:22:10.0684 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/15 10:22:10.0747 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/15 10:22:10.0778 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/15 10:22:10.0825 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2010/10/15 10:22:10.0856 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/15 10:22:10.0903 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/10/15 10:22:11.0027 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/15 10:22:11.0090 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/10/15 10:22:11.0152 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/15 10:22:11.0215 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2010/10/15 10:22:11.0293 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2010/10/15 10:22:11.0355 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/10/15 10:22:11.0480 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2010/10/15 10:22:11.0542 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2010/10/15 10:22:11.0605 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2010/10/15 10:22:11.0667 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/10/15 10:22:11.0714 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2010/10/15 10:22:11.0792 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/10/15 10:22:11.0885 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/10/15 10:22:11.0963 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/10/15 10:22:12.0057 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/10/15 10:22:12.0213 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS
2010/10/15 10:22:12.0229 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS
2010/10/15 10:22:12.0509 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/10/15 10:22:12.0541 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/15 10:22:12.0587 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/15 10:22:12.0650 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
2010/10/15 10:22:12.0775 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/15 10:22:12.0868 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/10/15 10:22:12.0962 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS
2010/10/15 10:22:13.0009 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
2010/10/15 10:22:13.0071 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS
2010/10/15 10:22:13.0102 SymIM (34f1c9d5dcc19df1e824d6b73767b8af) C:\Windows\system32\DRIVERS\SymIMv.sys
2010/10/15 10:22:13.0211 SYMNDISV (dcbf73da96cce94933c8cc6eded3c98b) C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS
2010/10/15 10:22:13.0321 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS
2010/10/15 10:22:13.0383 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/10/15 10:22:13.0414 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/10/15 10:22:13.0492 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\Windows\system32\DRIVERS\tapvpn.sys
2010/10/15 10:22:13.0586 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/10/15 10:22:13.0648 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/15 10:22:13.0695 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/15 10:22:13.0742 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/10/15 10:22:13.0789 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/10/15 10:22:13.0851 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/15 10:22:13.0882 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/15 10:22:14.0023 TSHWMDTCP (3f6dc449398b21c213dcdd18f460df72) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
2010/10/15 10:22:14.0116 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/15 10:22:14.0163 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/10/15 10:22:14.0210 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/15 10:22:14.0257 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/10/15 10:22:14.0335 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/15 10:22:14.0366 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2010/10/15 10:22:14.0428 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/10/15 10:22:14.0459 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/10/15 10:22:14.0491 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/10/15 10:22:14.0553 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/15 10:22:14.0615 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/10/15 10:22:14.0678 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/10/15 10:22:14.0740 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/15 10:22:14.0787 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/10/15 10:22:14.0834 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/15 10:22:14.0881 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/15 10:22:14.0927 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/10/15 10:22:14.0990 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/15 10:22:15.0052 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/10/15 10:22:15.0115 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/15 10:22:15.0146 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/15 10:22:15.0239 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/10/15 10:22:15.0349 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/15 10:22:15.0427 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/10/15 10:22:15.0458 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2010/10/15 10:22:15.0489 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/10/15 10:22:15.0520 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
2010/10/15 10:22:15.0567 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/10/15 10:22:15.0614 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/10/15 10:22:15.0661 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/10/15 10:22:15.0692 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/10/15 10:22:15.0723 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/10/15 10:22:15.0770 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/15 10:22:15.0817 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/15 10:22:15.0848 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/10/15 10:22:15.0910 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/15 10:22:16.0004 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/10/15 10:22:16.0082 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/10/15 10:22:16.0129 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/15 10:22:16.0175 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/15 10:22:16.0238 ================================================================================
2010/10/15 10:22:16.0238 Scan finished
2010/10/15 10:22:16.0238 ================================================================================


#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:07 AM

Posted 15 October 2010 - 07:27 PM

Good. No TDSS. On we go.

Please run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#10 georgenelson

georgenelson
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 18 October 2010 - 07:30 AM

Hi m0le, hope you had a nice weekend

not sure if I screwed up but I turned off my norton security antispyware and spam but combofix kept saying it was on, I ran it anyway so here is the report


ComboFix 10-10-17.04 - George 18/10/2010 7:36.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2045.1026 [GMT -4:00]
Running from: c:\users\George\Desktop\comfix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
c:\programdata\SysWoW32
c:\programdata\SysWoW32\_u2083828610v0
c:\programdata\SysWoW32\_u2083828610v1
c:\programdata\SysWoW32\_u2083828610v2
c:\programdata\SysWoW32\_u2083828610v3
c:\programdata\SysWoW32\mu2083828610v4
c:\programdata\SysWoW32\mu2083828610v4.kwd
c:\programdata\SysWoW32\mu2083828610v5
c:\programdata\SysWoW32\mu2083828610v5.kwd
c:\programdata\SysWoW32\mu2083828610v6
c:\programdata\SysWoW32\mu2083828610v6.kwd
c:\programdata\SysWoW32\mu2083828610v7
c:\programdata\SysWoW32\mu2083828610v7.kwd
c:\programdata\SysWoW32\wu2083828610v0
c:\programdata\SysWoW32\wu2083828610v0.kwd
c:\programdata\SysWoW32\wu2083828610v1
c:\programdata\SysWoW32\wu2083828610v1.kwd
c:\programdata\SysWoW32\wu2083828610v2
c:\programdata\SysWoW32\wu2083828610v2.kwd
c:\programdata\SysWoW32\wu2083828610v3
c:\programdata\SysWoW32\wu2083828610v3.kwd
c:\programdata\unrar.exe
c:\users\George\AppData\Roaming\02000000819c0d361018C.manifest
c:\users\George\AppData\Roaming\02000000819c0d361018O.manifest
c:\users\George\AppData\Roaming\02000000819c0d361018P.manifest
c:\users\George\AppData\Roaming\02000000819c0d361018S.manifest
c:\users\George\AppData\Roaming\2182.tmp
c:\users\George\AppData\Roaming\8E0C.tmp
c:\users\George\AppData\Roaming\DF95.tmp
c:\users\George\AppData\Roaming\GabPath
c:\users\George\AppData\Roaming\GabPath\config.cfg
c:\users\George\AppData\Roaming\GabPath\gabpath.exe
c:\users\George\AppData\Roaming\GabPath\GPUninstall.exe
c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\7awv38l2.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}
c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\7awv38l2.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\chrome.manifest
c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\7awv38l2.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\chrome\xulcache.jar
c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\7awv38l2.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\defaults\preferences\xulcache.js
c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\7awv38l2.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\install.rdf
c:\users\George\AppData\Roaming\syswin
c:\users\George\AppData\Roaming\syswin\lsass.exe
c:\users\Hayden\AppData\Roaming\Mozilla\Firefox\Profiles\4d1ho6y2.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}
c:\users\Hayden\AppData\Roaming\Mozilla\Firefox\Profiles\4d1ho6y2.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\chrome.manifest
c:\users\Hayden\AppData\Roaming\Mozilla\Firefox\Profiles\4d1ho6y2.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\chrome\xulcache.jar
c:\users\Hayden\AppData\Roaming\Mozilla\Firefox\Profiles\4d1ho6y2.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\defaults\preferences\xulcache.js
c:\users\Hayden\AppData\Roaming\Mozilla\Firefox\Profiles\4d1ho6y2.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\install.rdf
c:\users\Mom and Dad\AppData\Roaming\02000000819c0d361018C.manifest
c:\users\Mom and Dad\AppData\Roaming\02000000819c0d361018O.manifest
c:\users\Mom and Dad\AppData\Roaming\02000000819c0d361018P.manifest
c:\users\Mom and Dad\AppData\Roaming\02000000819c0d361018S.manifest
c:\users\Mom and Dad\AppData\Roaming\DD9F.tmp
c:\users\Mom and Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\Mom and Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\Mom and Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\cnwdheym.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}
c:\users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\cnwdheym.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\chrome.manifest
c:\users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\cnwdheym.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\chrome\xulcache.jar
c:\users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\cnwdheym.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\defaults\preferences\xulcache.js
c:\users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\cnwdheym.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\install.rdf
c:\users\Mom and Dad\AppData\Roaming\syswin
c:\users\Mom and Dad\AppData\Roaming\syswin\lsass.exe
c:\users\Mom and Dad\g2mdlhlpx.exe
c:\users\Mom\AppData\Roaming\02000000819c0d361018C.manifest
c:\users\Mom\AppData\Roaming\02000000819c0d361018O.manifest
c:\users\Mom\AppData\Roaming\02000000819c0d361018P.manifest
c:\users\Mom\AppData\Roaming\02000000819c0d361018S.manifest
c:\users\Mom\AppData\Roaming\1532.tmp
c:\users\Mom\AppData\Roaming\92F3.tmp
c:\users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\x8s20onj.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}
c:\users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\x8s20onj.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\chrome.manifest
c:\users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\x8s20onj.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\chrome\xulcache.jar
c:\users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\x8s20onj.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\defaults\preferences\xulcache.js
c:\users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\x8s20onj.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\install.rdf
c:\users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\m9jg5tr5.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}
c:\users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\m9jg5tr5.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\chrome.manifest
c:\users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\m9jg5tr5.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\chrome\xulcache.jar
c:\users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\m9jg5tr5.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\defaults\preferences\xulcache.js
c:\users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\m9jg5tr5.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\install.rdf
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\clfsw3232.dll
c:\windows\system32\d3dx9_3132.dll
c:\windows\system32\DANIM32.DLL
c:\windows\system32\DATACLEN32.DLL
c:\windows\system32\DDRAWEX32.DLL
c:\windows\system32\deskadp32.dll
K:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-09-18 to 2010-10-18 )))))))))))))))))))))))))))))))
.

2010-10-18 12:13 . 2010-10-18 12:13 -------- d-----w- c:\users\Zoe\AppData\Local\temp
2010-10-18 12:13 . 2010-10-18 12:13 -------- d-----w- c:\users\Mom and Dad\AppData\Local\temp
2010-10-18 12:13 . 2010-10-18 12:13 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-10-18 12:13 . 2010-10-18 12:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-18 12:13 . 2010-10-18 12:13 -------- d-----w- c:\users\Mom\AppData\Local\temp
2010-10-18 12:13 . 2010-10-18 12:13 -------- d-----w- c:\users\Hayden\AppData\Local\temp
2010-10-18 10:50 . 2010-10-18 10:50 359936 ----a-w- c:\programdata\dlcggf32.dll
2010-10-15 14:01 . 2010-10-15 14:01 359936 ----a-w- c:\programdata\COMMDLG32.dll
2010-10-15 06:09 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A14A796-6678-40CF-81E7-F8F407536465}\mpengine.dll
2010-10-15 02:25 . 2010-10-15 02:25 368640 ----a-w- c:\programdata\CertEnrollUI32.dll
2010-10-14 02:01 . 2010-10-14 02:01 353792 ----a-w- c:\programdata\d3d8thk32.dll
2010-10-14 01:17 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 01:17 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 01:17 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 01:14 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 01:14 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 01:14 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 01:14 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 01:14 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 01:13 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 01:12 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 01:12 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-14 01:11 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-14 01:10 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-14 01:10 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-14 01:04 . 2010-09-08 05:04 385024 ----a-w- c:\windows\system32\html.iec
2010-10-14 01:04 . 2010-09-08 05:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-10-14 01:04 . 2010-09-08 06:02 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2010-10-14 01:04 . 2010-09-08 06:01 916480 ----a-w- c:\windows\system32\wininet.dll
2010-10-14 01:02 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-14 00:50 . 2010-10-14 00:50 353792 ----a-w- c:\programdata\eappcfg32.dll
2010-10-14 00:42 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-05 14:53 . 2010-10-05 14:53 -------- d-----w- c:\users\George\AppData\Local\Safe mirror
2010-10-05 14:45 . 2010-10-05 14:53 -------- d-----w- c:\program files\Cobian Backup 10
2010-10-05 12:44 . 2010-10-05 12:44 321536 ----a-w- c:\programdata\dskquoui32.dll
2010-10-05 05:02 . 2010-10-05 05:02 321536 ----a-w- c:\programdata\clfsw3232.dll
2010-10-05 02:12 . 2010-10-05 02:12 1469391 ----a-w- c:\programdata\SPL2FC6.tmp
2010-10-05 01:47 . 2010-10-05 01:47 -------- d-----w- c:\program files\iPod(103)
2010-10-05 01:47 . 2010-10-05 01:48 -------- d-----w- c:\program files\iTunes(104)
2010-10-05 01:32 . 2010-10-05 01:32 -------- d-----w- c:\program files\Bonjour(3)
2010-10-05 00:25 . 2010-10-05 00:25 790400 ----a-w- c:\programdata\SPL86DD.tmp
2010-10-01 23:22 . 2010-10-01 23:22 790400 ----a-w- c:\programdata\SPL7361.tmp
2010-10-01 02:47 . 2010-10-01 02:47 790400 ----a-w- c:\programdata\SPL9E6A.tmp
2010-09-30 21:59 . 2010-10-18 11:35 -------- d-----w- c:\programdata\341610175
2010-09-30 21:08 . 2010-09-30 21:08 126464 ----a-w- c:\windows\system32\ddrawex32.dll.exe
2010-09-30 21:06 . 2010-09-30 21:06 212992 ----a-w- c:\windows\system32\dataclen32.dll2ebqflrvpj32.dll
2010-09-30 21:05 . 2010-09-30 21:05 212992 ----a-w- c:\windows\system32\cmifw32.dll
2010-09-30 21:03 . 2010-09-30 21:03 212992 ----a-w- c:\windows\system32\ci32.dll
2010-09-30 15:28 . 2010-09-30 15:28 790400 ----a-w- c:\programdata\SPLE945.tmp
2010-09-30 04:26 . 2010-09-30 04:26 790400 ----a-w- c:\programdata\SPL14BC.tmp
2010-09-29 00:03 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 00:02 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-28 20:41 . 2010-09-28 20:41 1521372 ----a-w- c:\programdata\SPL9329.tmp
2010-09-27 16:39 . 2010-09-27 16:39 -------- d-----w- c:\users\Public\Alice in Wonderland[2010]DvDrip[Eng]-prithwi
2010-09-26 20:17 . 2010-09-26 20:19 -------- d-----w- c:\users\Public\Predators 2010 R5 Line XviD-FLAWL3SS
2010-09-18 19:35 . 2010-09-18 19:35 5765740 ----a-w- c:\programdata\SPLE436.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-19 17:09 . 2009-10-28 11:47 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E9B3CBE-DCDB-4211-9BE5-BD3BCAC2FDE9}]
2010-10-18 10:50 359936 ----a-w- c:\programdata\dlcggf32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-28 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SfKg6wIPuSp"="c:\users\George\AppData\Roaming\Microsoft\Windows\jnipmo.exe" [2010-10-18 245760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-19 30192]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"NswUiTray"="c:\program files\Norton SystemWorks Basic Edition\NswUiTray.exe" [2008-09-25 85360]
"DLCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2006-10-20 73728]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-07-10 405504]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-02 119152]
"dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2007-01-12 431600]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

c:\users\Hayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-2-9 333088]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-23 415072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R2 nmsgopro;GoProto Protocol Driver for NMS; [x]
R2 nmsunidr;UniDriver for NMS; [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-19 30192]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 30576]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-01-28 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101015.003\IDSvix86.sys [2010-10-13 353840]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-08-28 5504]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2009-08-22 48688]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-10 14:20]

2010-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 23:49]

2010-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 23:49]

2010-10-05 c:\windows\Tasks\Norton Security Scan for George.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-19 04:51]

2010-09-27 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks Basic Edition\OBC.exe [2008-09-25 18:52]

2010-10-18 c:\windows\Tasks\User_Feed_Synchronization-{8BD46669-BA1A-4948-AE4D-F1D4681287F6}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
IE: &Spurl! - http://www.spurl.net/rclick.php
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\7awv38l2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: FFComponent: {4bcdbfd0-fa26-11de-8a39-0800200c9a66} - c:\users\George\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}
.
- - - - ORPHANS REMOVED - - - -

BHO-{0ff9a677-542a-481d-a6d6-3fa32d8a806d} - (no file)
Toolbar-{0ff9a677-542a-481d-a6d6-3fa32d8a806d} - (no file)
WebBrowser-{0FF9A677-542A-481D-A6D6-3FA32D8A806D} - (no file)
HKCU-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKCU-Run-GabPath - c:\users\George\AppData\Roaming\GabPath\gabpath.exe
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKU-Default-Run-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,c4,f9,5c,c1,31,12,4d,88,d0,60,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,c4,f9,5c,c1,31,12,4d,88,d0,60,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5900)
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\IntelDH\CCU\AlertService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcgcoms.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Intel\IntelDH\CCU\CCU_Engine.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-10-18 08:24:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-18 12:24

Pre-Run: 55,385,010,176 bytes free
Post-Run: 71,455,805,440 bytes free

- - End Of File - - 46C2FA6982CC0D75EDAEC545C2180B16


#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:07 AM

Posted 18 October 2010 - 02:12 PM

Please rerun Combofix, as follows.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

http://www.bleepingcomputer.com/forums/topic351898.html

Collect::
c:\programdata\dskquoui32.dll
c:\programdata\clfsw3232.dll
c:\programdata\dlcggf32.dll
c:\users\George\AppData\Roaming\Microsoft\Windows\jnipmo.exe

Files::
c:\programdata\SPL86DD.tmp
c:\programdata\SPL7361.tmp
c:\programdata\SPL9E6A.tmp
c:\programdata\SPLE945.tmp
c:\programdata\SPL14BC.tmp
c:\programdata\SPL9329.tmp
c:\programdata\SPLE436.tmp

DDS::
mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E9B3CBE-DCDB-4211-9BE5-BD3BCAC2FDE9}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SfKg6wIPuSp"=-

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#12 georgenelson

georgenelson
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 18 October 2010 - 11:30 PM

hi m0le

ComboFix 10-10-18.03 - George 19/10/2010 0:13.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2045.1139 [GMT -4:00]
Running from: c:\users\George\Desktop\comfix.exe
Command switches used :: c:\users\George\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

file zipped: c:\programdata\clfsw3232.dll
file zipped: c:\programdata\dlcggf32.dll
file zipped: c:\programdata\dskquoui32.dll
file zipped: c:\users\George\AppData\Roaming\Microsoft\Windows\jnipmo.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\clfsw3232.dll
c:\programdata\dlcggf32.dll
c:\programdata\dskquoui32.dll
c:\users\Mom and Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk

.
((((((((((((((((((((((((( Files Created from 2010-09-19 to 2010-10-19 )))))))))))))))))))))))))))))))
.

2010-10-19 04:23 . 2010-10-19 04:23 -------- d-----w- c:\users\Zoe\AppData\Local\temp
2010-10-19 04:23 . 2010-10-19 04:23 -------- d-----w- c:\users\Mom\AppData\Local\temp
2010-10-19 04:23 . 2010-10-19 04:23 -------- d-----w- c:\users\Mom and Dad\AppData\Local\temp
2010-10-19 04:23 . 2010-10-19 04:23 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-10-19 04:23 . 2010-10-19 04:23 -------- d-----w- c:\users\Hayden\AppData\Local\temp
2010-10-19 04:23 . 2010-10-19 04:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-18 11:28 . 2010-10-18 12:25 -------- d-----w- C:\comfix
2010-10-15 14:01 . 2010-10-15 14:01 359936 ----a-w- c:\programdata\COMMDLG32.dll
2010-10-15 06:09 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A14A796-6678-40CF-81E7-F8F407536465}\mpengine.dll
2010-10-15 02:25 . 2010-10-15 02:25 368640 ----a-w- c:\programdata\CertEnrollUI32.dll
2010-10-14 02:01 . 2010-10-14 02:01 353792 ----a-w- c:\programdata\d3d8thk32.dll
2010-10-14 01:17 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 01:17 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 01:17 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 01:14 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 01:14 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 01:14 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 01:14 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 01:14 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 01:13 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 01:12 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 01:12 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-14 01:11 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-14 01:10 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-14 01:10 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-14 01:04 . 2010-09-08 05:04 385024 ----a-w- c:\windows\system32\html.iec
2010-10-14 01:04 . 2010-09-08 05:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-10-14 01:04 . 2010-09-08 06:02 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2010-10-14 01:04 . 2010-09-08 06:01 916480 ----a-w- c:\windows\system32\wininet.dll
2010-10-14 01:02 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-14 00:50 . 2010-10-14 00:50 353792 ----a-w- c:\programdata\eappcfg32.dll
2010-10-14 00:42 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-05 14:53 . 2010-10-05 14:53 -------- d-----w- c:\users\George\AppData\Local\Safe mirror
2010-10-05 14:45 . 2010-10-05 14:53 -------- d-----w- c:\program files\Cobian Backup 10
2010-10-05 02:12 . 2010-10-05 02:12 1469391 ----a-w- c:\programdata\SPL2FC6.tmp
2010-10-05 01:47 . 2010-10-05 01:47 -------- d-----w- c:\program files\iPod(103)
2010-10-05 01:47 . 2010-10-05 01:48 -------- d-----w- c:\program files\iTunes(104)
2010-10-05 01:32 . 2010-10-05 01:32 -------- d-----w- c:\program files\Bonjour(3)
2010-10-05 00:25 . 2010-10-05 00:25 790400 ----a-w- c:\programdata\SPL86DD.tmp
2010-10-01 23:22 . 2010-10-01 23:22 790400 ----a-w- c:\programdata\SPL7361.tmp
2010-10-01 02:47 . 2010-10-01 02:47 790400 ----a-w- c:\programdata\SPL9E6A.tmp
2010-09-30 21:59 . 2010-10-18 11:35 -------- d-----w- c:\programdata\341610175
2010-09-30 21:08 . 2010-09-30 21:08 126464 ----a-w- c:\windows\system32\ddrawex32.dll.exe
2010-09-30 21:06 . 2010-09-30 21:06 212992 ----a-w- c:\windows\system32\dataclen32.dll2ebqflrvpj32.dll
2010-09-30 21:05 . 2010-09-30 21:05 212992 ----a-w- c:\windows\system32\cmifw32.dll
2010-09-30 21:03 . 2010-09-30 21:03 212992 ----a-w- c:\windows\system32\ci32.dll
2010-09-30 15:28 . 2010-09-30 15:28 790400 ----a-w- c:\programdata\SPLE945.tmp
2010-09-30 04:26 . 2010-09-30 04:26 790400 ----a-w- c:\programdata\SPL14BC.tmp
2010-09-29 00:03 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 00:02 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-28 20:41 . 2010-09-28 20:41 1521372 ----a-w- c:\programdata\SPL9329.tmp
2010-09-27 16:39 . 2010-09-27 16:39 -------- d-----w- c:\users\Public\Alice in Wonderland[2010]DvDrip[Eng]-prithwi
2010-09-26 20:17 . 2010-09-26 20:19 -------- d-----w- c:\users\Public\Predators 2010 R5 Line XviD-FLAWL3SS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-19 17:09 . 2009-10-28 11:47 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-28 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-19 30192]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"NswUiTray"="c:\program files\Norton SystemWorks Basic Edition\NswUiTray.exe" [2008-09-25 85360]
"DLCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2006-10-20 73728]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-07-10 405504]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-02 119152]
"dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2007-01-12 431600]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

c:\users\Hayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Mom and Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-2-9 333088]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-23 415072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R2 nmsgopro;GoProto Protocol Driver for NMS; [x]
R2 nmsunidr;UniDriver for NMS; [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-19 30192]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 30576]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-01-28 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101015.005\IDSvix86.sys [2010-10-13 353840]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-08-28 5504]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2009-08-22 48688]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-10 14:20]

2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 23:49]

2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 23:49]

2010-10-05 c:\windows\Tasks\Norton Security Scan for George.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-19 04:51]

2010-09-27 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks Basic Edition\OBC.exe [2008-09-25 18:52]

2010-10-19 c:\windows\Tasks\User_Feed_Synchronization-{8BD46669-BA1A-4948-AE4D-F1D4681287F6}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Settings,ProxyOverride = *.local
IE: &Spurl! - http://www.spurl.net/rclick.php
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\7awv38l2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: FFComponent: {4bcdbfd0-fa26-11de-8a39-0800200c9a66} - c:\users\George\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}
.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
Completion time: 2010-10-19 00:25:50
ComboFix-quarantined-files.txt 2010-10-19 04:25
ComboFix2.txt 2010-10-18 12:24

Pre-Run: 71,176,511,488 bytes free
Post-Run: 70,623,473,664 bytes free

- - End Of File - - 2B764E9625F7AC42FA4F9A3BE73D1EB7
Upload was successful

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:07 AM

Posted 19 October 2010 - 04:40 PM

That's removed what we wanted.

Can you now run ESET's online scanner

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#14 georgenelson

georgenelson
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 20 October 2010 - 05:53 PM

Hi m0le
Here is the eset scan results


C:\Qoobox\Quarantine\C\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\7awv38l2.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\chrome\xulcache.jar.vir JS/Agent.NCP trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Users\Hayden\AppData\Roaming\Mozilla\Firefox\Profiles\4d1ho6y2.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\chrome\xulcache.jar.vir JS/Agent.NCP trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\x8s20onj.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\chrome\xulcache.jar.vir JS/Agent.NCP trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Users\Mom and Dad\AppData\Roaming\Mozilla\Firefox\Profiles\cnwdheym.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\chrome\xulcache.jar.vir JS/Agent.NCP trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\m9jg5tr5.default\extensions\{24d2f8a9-3e41-4602-bdb0-8c84342526e1}\chrome\xulcache.jar.vir JS/Agent.NCP trojan deleted - quarantined
C:\Users\Hayden\AppData\Local\VirtualStore\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Users\Mom\AppData\Local\VirtualStore\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Users\Mom and Dad\AppData\Local\VirtualStore\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Users\Mom and Dad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\487c5df6-3163c72b multiple threats deleted - quarantined
C:\Users\Mom and Dad\Desktop\backed up\backed up already 1\BBO Library articles\BBO Traffic Formula Articles\Be_Your_Own_Psychic.zip probably a variant of Win32/PSW.LdPinch.KNRLSYV trojan deleted - quarantined
C:\Users\Zoe\AppData\Local\VirtualStore\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Users\Zoe\Documents\LimeWire\Incomplete\Preview-T-5121207-music video one of same demi most popular hit.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Zoe\Documents\LimeWire\Incomplete\Preview-T-5933793-super girl suzie mcneil hot new track.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
K:\Backup Files\1\2\V0\C\Users\Mom and Dad\Desktop\backed up\backed up already 1\BBO Library articles\BBO Traffic Formula Articles\Be_Your_Own_Psychic.zip probably a variant of Win32/PSW.LdPinch.KNRLSYV trojan deleted - quarantined

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:07 AM

Posted 20 October 2010 - 06:06 PM

Infected files, where the problems may have stemmed from, and some quarantined files.

There is also a few nasty and difficult to spot MyWebSearch entries there - that's a tough adware to shift so please run a further antispyware program, SAS, just to be sure.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users