Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting Hijacked, redirected with aggressive popups


  • This topic is locked This topic is locked
16 replies to this topic

#1 caligula11

caligula11

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 27 October 2010 - 09:05 AM

Hi guys,
It seems I'm infected with a trojan of some sort. I'm getting redirected, with lots of new IE windows opening with messages like "You've just won a prize", etc. I also had the "ThinkPoint" infection on top of this, but I think MalwareBytes took care of that for me. That one had my computer fairly unusable for a bit, but now that it is gone, I can at least get to the internet. What I have now is just terribly annoying. Below and attached is all that you have asked for.

Thanks,
Caligula


DDS (Ver_10-10-21.02) - NTFSx86
Run by Larry at 8:41:37.17 on Wed 10/27/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1162 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\mshta.exe
C:\Documents and Settings\Larry\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070821
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 3600-4600 series\ezprint.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} - hxxps://secure.logmein.com/activex/RACtrl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LMIinit - LMIinit.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-2-6 47640]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-29 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101026.002\naveng.sys [2010-10-26 86064]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101026.002\navex15.sys [2010-10-26 1371184]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2010-7-4 98984]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-10-22 00:59:09 218 ----a-w- c:\docume~1\larry\applic~1\21968.bat

==================== Find3M ====================


============= FINISH: 8:42:46.60 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:45 AM

Posted 05 November 2010 - 08:12 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    hlp.dat
    winlogon.exe
    wininit.exe
    explorer.exe
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 caligula11

caligula11
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 05 November 2010 - 04:17 PM

Hi Myrti,
I am still having the problem. For example when I logged in today and typed bleepingcomputer.com in IE's address bar I got redirected to:
http://trk.s3.amazon.com/pcspeedmax.html
And a message popped up saying "You may have errors in your OS registry. Click to download free registry cleaner software."
I Xed out and then was able to get to bleepingcomputer. I was not able to reply via the infected computer, so I'm doing it from another one. I got a Network connection error when I submitted the post from the infected one...even though I am connected to the internet.
The only thing I've downloaded since my original post is Securnia PSI, per a suggestion I found on Bleeping Computer from Grinler.
Here are the contexts of the OTL logs.
Thanks for your help!
Larry


OTL logfile created on: 11/5/2010 3:58:07 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Larry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 295.03 Gb Total Space | 253.34 Gb Free Space | 85.87% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: CALIGULA | User Name: Larry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/05 15:57:08 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe
PRC - [2010/07/21 07:43:54 | 000,965,176 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2010/07/19 13:50:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/01/23 08:56:24 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/01/11 16:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/09/28 20:34:22 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/09/28 20:34:16 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/05/20 17:04:40 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe
PRC - [2009/05/20 17:04:39 | 000,680,616 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
PRC - [2008/11/27 22:07:40 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/08/11 13:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/08/11 13:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 20:53:25 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdxcoms.exe
PRC - [2007/10/07 21:48:40 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/10/07 21:48:32 | 001,822,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/10/07 21:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/07/26 20:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2007/05/29 17:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2007/05/29 17:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/05/29 17:33:22 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/07/24 10:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2003/10/29 02:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/11/05 15:57:08 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/09/28 20:34:22 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008/08/11 13:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/02/27 20:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdxcoms.exe -- (lxdx_device)
SRV - [2008/02/27 20:53:22 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
SRV - [2007/10/07 21:48:36 | 000,116,664 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/10/07 21:48:32 | 001,822,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/10/07 21:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/08/28 20:04:25 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/08/27 18:14:00 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/07/26 20:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/05/29 17:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/05/29 17:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/10/01 04:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101102.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/01 04:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101102.008\NAVENG.SYS -- (NAVENG)
DRV - [2010/07/07 10:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/28 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/28 20:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/01/01 22:23:25 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/08/11 13:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 13:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/08/27 18:13:36 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/08/27 18:13:32 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/07/26 20:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/05/23 15:33:10 | 006,738,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/06 15:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 15:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/24 10:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/07/19 15:42:16 | 000,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/07/06 06:59:42 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/06/05 03:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070821
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070821


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070821
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070821
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522



IE - HKU\S-1-5-21-3840803644-598158612-626642292-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-3840803644-598158612-626642292-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3840803644-598158612-626642292-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3840803644-598158612-626642292-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-3840803644-598158612-626642292-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522



O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3840803644-598158612-626642292-1006\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3840803644-598158612-626642292-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe File not found
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe File not found
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe File not found
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe File not found
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe File not found
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe File not found
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-3840803644-598158612-626642292-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3840803644-598158612-626642292-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\Larry\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3840803644-598158612-626642292-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3840803644-598158612-626642292-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3840803644-598158612-626642292-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3840803644-598158612-626642292-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logmein.com/activex/RACtrl.cab (Remote Access ActiveX Client)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.182.32.35 65.182.32.146
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Larry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Larry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/05 15:57:07 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe
[2010/10/27 10:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour Print Services
[2010/10/27 10:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/27 10:10:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/27 10:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2010/07/04 11:14:45 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDXhcp.dll
[2010/07/04 11:14:44 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxinpa.dll
[2010/07/04 11:14:44 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxiesc.dll
[2010/07/04 11:14:43 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxserv.dll
[2010/07/04 11:14:43 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxusb1.dll
[2010/07/04 11:14:42 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxpmui.dll
[2010/07/04 11:14:42 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxlmpm.dll
[2010/07/04 11:14:42 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxprox.dll
[2010/07/04 11:14:40 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxhbn3.dll
[2010/07/04 11:14:37 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomm.dll
[2010/07/04 11:14:36 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/05 15:59:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/05 15:59:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/05 15:57:08 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\Desktop\OTL.exe
[2010/11/05 15:47:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2010/11/05 15:44:24 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/11/05 15:42:31 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/05 15:42:31 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/05 15:42:31 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/05 15:42:31 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/05 15:42:30 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/05 15:42:30 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/05 15:42:29 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/05 15:42:29 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/02 21:26:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/02 20:26:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/02 19:26:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/02 18:26:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/02 17:26:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/02 16:26:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/02 07:54:06 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/02 07:54:06 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/02 07:54:06 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/02 07:54:06 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/02 07:54:06 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/02 07:54:06 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/02 07:54:06 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/02 07:54:06 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/02 07:54:06 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/02 07:54:06 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/02 07:54:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/02 07:54:00 | 2145,304,576 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/01 14:12:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/27 10:16:20 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/27 10:12:56 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\Trillian.lnk
[2010/10/27 10:07:12 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\Larry\Start Menu\Programs\Startup\Secunia PSI.lnk
[2010/10/27 10:07:03 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\Secunia PSI.lnk
[2010/10/27 08:45:55 | 000,286,404 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\gmer.zip
[2010/10/27 08:41:27 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\dds.scr
[2010/10/27 08:39:01 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Larry\defogger_reenable
[2010/10/27 08:37:49 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\Defogger.exe
[2010/10/26 10:11:47 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\rkill.com
[2010/10/26 10:10:59 | 000,000,228 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\shell.reg
[2010/10/26 09:58:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/21 22:08:37 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\start
[2010/10/21 22:07:34 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\completescan
[2010/10/21 22:03:46 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\install
[2010/10/21 20:59:09 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Larry\Application Data\21968.bat
[2010/10/19 16:00:08 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\gmer.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/27 10:16:20 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/27 10:07:12 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\Larry\Start Menu\Programs\Startup\Secunia PSI.lnk
[2010/10/27 10:07:03 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\Secunia PSI.lnk
[2010/10/27 08:45:54 | 000,286,404 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\gmer.zip
[2010/10/27 08:39:54 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\dds.scr
[2010/10/27 08:39:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Larry\defogger_reenable
[2010/10/27 08:37:57 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\Defogger.exe
[2010/10/26 10:11:47 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\rkill.com
[2010/10/26 10:11:09 | 000,000,228 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\shell.reg
[2010/10/21 22:08:37 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\start
[2010/10/21 22:07:34 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\completescan
[2010/10/21 22:03:46 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\install
[2010/10/21 20:59:12 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/10/21 20:59:12 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/21 20:59:12 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/21 20:59:12 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/21 20:59:12 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/21 20:59:12 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/21 20:59:12 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/21 20:59:12 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/21 20:59:12 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/21 20:59:12 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/21 20:59:11 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/21 20:59:11 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/21 20:59:11 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/21 20:59:11 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/21 20:59:11 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/21 20:59:11 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/21 20:59:11 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/21 20:59:11 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/21 20:59:11 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/21 20:59:11 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/21 20:59:11 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/21 20:59:11 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/21 20:59:11 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/21 20:59:11 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/21 20:59:09 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Larry\Application Data\21968.bat
[2010/10/19 16:00:08 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\gmer.exe
[2010/07/04 11:15:55 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdxvs.dll
[2010/07/04 11:15:54 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\lxdxcoin.dll
[2010/07/04 11:15:28 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdxdrs.dll
[2010/07/04 11:15:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdxcaps.dll
[2010/07/04 11:15:28 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdxcnv4.dll
[2010/07/04 11:15:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdxrwrd.ini
[2010/07/04 11:14:46 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDXinst.dll
[2010/07/04 11:14:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdxgrd.dll
[2010/01/23 08:57:20 | 000,000,046 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/02 10:56:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/07/20 10:34:08 | 000,003,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/03 15:43:38 | 000,000,399 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/09/23 13:45:16 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/23 11:09:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/12 10:19:56 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/08/21 12:32:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/08/21 12:25:48 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/08/21 12:25:47 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/21 12:05:52 | 000,001,123 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/08/15 18:33:14 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/08/15 18:30:26 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/11/07 04:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
< End of report >

OTL Extras logfile created on: 11/5/2010 3:58:07 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Larry\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 295.03 Gb Total Space | 253.34 Gb Free Space | 85.87% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: CALIGULA | User Name: Larry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe" = C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\lxdxcoms.exe" = C:\WINDOWS\system32\lxdxcoms.exe:*:Enabled:3600-4600 Series Server -- ( )
"C:\WINDOWS\system32\lxdxcfg.exe" = C:\WINDOWS\system32\lxdxcfg.exe:*:Enabled:Printer Communication System -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe" = C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe:*:Enabled:Job Status Window Interface -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4808" = CanoScan 5600F Scanner Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2085C617-589C-40F8-BE40-EDBC9E2CA2EB}" = Symantec AntiVirus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BBDFB3E-F8BE-4D52-98BA-B6087F8F1D58}" = PS7700
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9D210D79-AEC5-453B-960C-4DD2C73931E1}" = Bonjour Print Services
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}" = HP Software Update
"{DE2EBD6F-81B6-4E9A-B137-C11FD6790CFF}" = PSShortcutsP
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Canon CanoScan 5600F User Registration" = Canon CanoScan 5600F User Registration
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"ESET Online Scanner" = ESET Online Scanner v3
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"ie8" = Windows Internet Explorer 8
"Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 12.0" = RealPlayer
"SearchAssist" = SearchAssist
"Secunia PSI" = Secunia PSI
"TeamViewer 4" = TeamViewer 4
"Trillian" = Trillian
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3840803644-598158612-626642292-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/2/2010 9:13:52 PM | Computer Name = CALIGULA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/2/2010 9:13:52 PM | Computer Name = CALIGULA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/2/2010 9:13:52 PM | Computer Name = CALIGULA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/2/2010 9:13:52 PM | Computer Name = CALIGULA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/2/2010 9:13:52 PM | Computer Name = CALIGULA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/2/2010 9:13:52 PM | Computer Name = CALIGULA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/2/2010 9:13:52 PM | Computer Name = CALIGULA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/2/2010 9:13:52 PM | Computer Name = CALIGULA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/5/2010 3:52:31 PM | Computer Name = CALIGULA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 11/5/2010 3:52:31 PM | Computer Name = CALIGULA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 10/28/2010 10:00:08 AM | Computer Name = CALIGULA | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 10/30/2010 10:29:58 AM | Computer Name = CALIGULA | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 10/31/2010 4:58:53 AM | Computer Name = CALIGULA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdxCATSCustConnectService
service to connect.

Error - 10/31/2010 4:58:53 AM | Computer Name = CALIGULA | Source = Service Control Manager | ID = 7000
Description = The lxdxCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 11/1/2010 10:00:10 AM | Computer Name = CALIGULA | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 11/2/2010 7:54:30 AM | Computer Name = CALIGULA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdxCATSCustConnectService
service to connect.

Error - 11/2/2010 7:54:30 AM | Computer Name = CALIGULA | Source = Service Control Manager | ID = 7000
Description = The lxdxCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 11/2/2010 7:56:23 AM | Computer Name = CALIGULA | Source = Service Control Manager | ID = 7022
Description = The Automatic Updates service hung on starting.

Error - 11/5/2010 3:42:20 PM | Computer Name = CALIGULA | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.104 on
the Network Card with network address 0019D190D8CB.

Error - 11/5/2010 3:42:34 PM | Computer Name = CALIGULA | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:45 AM

Posted 08 November 2010 - 05:05 AM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 caligula11

caligula11
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 08 November 2010 - 09:27 AM

Hi Myrti,
I want to take the risk and just try to fix it for now. I ran Combofix and here is the log.

Thanks,
Larry

ComboFix 10-11-07.09 - Larry 11/08/2010 9:07.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1477 [GMT -5:00]
Running from: c:\documents and settings\Larry\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Larry\Application Data\completescan
c:\documents and settings\Larry\Application Data\install
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

Infected copy of c:\windows\system32\drivers\ftdisk.sys was found and disinfected
Restored copy from - Kitty had a snack :P
.
((((((((((((((((((((((((( Files Created from 2010-10-08 to 2010-11-08 )))))))))))))))))))))))))))))))
.

2010-10-27 14:16 . 2010-10-27 14:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-10-27 14:16 . 2010-10-27 14:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-10-27 14:16 . 2010-10-27 14:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-10-27 14:16 . 2010-10-27 14:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-10-27 14:16 . 2010-10-27 14:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-10-27 14:16 . 2010-10-27 14:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-10-27 14:16 . 2010-10-27 14:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-10-27 14:10 . 2010-10-27 14:10 -------- d-----w- c:\program files\Bonjour Print Services
2010-10-27 14:10 . 2010-10-27 14:10 -------- d-----w- c:\program files\Bonjour
2010-10-27 14:07 . 2010-10-27 14:07 -------- d-----w- c:\program files\Secunia
2010-10-22 00:59 . 2010-10-22 00:59 218 ----a-w- c:\documents and settings\Larry\Application Data\21968.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-10-03 15:37 . 2006-10-03 15:37 81920 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe

2006-10-03 15:35 . 2006-10-03 15:35 221184 c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe

2007-09-23 17:53 . 2007-09-23 17:53 185632 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2010-01-23 12:56 . 2010-01-23 12:56 198160 c:\program files\Common Files\Real\Update_OB\realsched.exe

2006-11-05 15:22 . 2006-11-05 15:22 221184 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe

2005-10-05 07:12 . 2005-10-05 07:12 94208 c:\program files\Dell\Media Experience\bak\DMXLauncher.exe

2007-08-21 16:29 . 2007-08-21 16:29 169984 c:\program files\Google\Google Desktop Search\bak\GoogleDesktop.exe

2003-12-05 19:41 . 2003-12-05 19:41 49152 c:\program files\Hewlett-Packard\HP Software Update\bak\HPWuSchd2.exe

2007-10-03 19:43 . 2005-07-08 04:55 49152 c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\bak\hphupd05.exe

2003-12-22 12:38 . 2003-12-22 12:38 241664 c:\program files\HP\hpcoretech\bak\hpcmpmgr.exe

2007-08-21 16:22 . 2006-07-06 11:15 151552 c:\program files\Intel\Intel Matrix Storage Manager\bak\Iaanotif.exe

2007-09-14 14:00 . 2007-09-14 14:00 267064 c:\program files\iTunes\bak\iTunesHelper.exe
2009-11-12 21:33 . 2009-11-12 21:33 141600 c:\program files\iTunes\iTunesHelper.exe

2007-06-29 10:24 . 2007-06-29 10:24 286720 c:\program files\QuickTime\bak\QTTask.exe
2010-09-08 15:17 . 2010-09-08 15:17 421888 c:\program files\QuickTime\QTTask.exe

2006-08-17 13:00 . 2006-08-17 13:00 1116920 c:\program files\Roxio\Drag-to-Disc\bak\DrgToDsc.exe

2007-10-03 19:43 . 2005-07-08 04:55 491520 c:\windows\system32\bak\hphmon05.exe

2007-10-03 19:45 . 2005-07-08 04:55 176128 c:\windows\system32\spool\drivers\w32x86\3\bak\hpztsb09.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-28 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-23 8429568]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [N/A]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [N/A]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [N/A]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [N/A]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [N/A]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [N/A]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [N/A]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [N/A]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [N/A]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [N/A]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [N/A]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-23 198160]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2009-05-20 680616]
"EzPrint"="c:\program files\Lexmark 3600-4600 Series\ezprint.exe" [2009-05-20 107176]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

c:\documents and settings\Larry\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-7-21 965176]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-21 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-29 00:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdxcoms.exe"=
"c:\\WINDOWS\\system32\\lxdxcfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/29/2010 3:26 PM 102448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2009 7:39 AM 135664]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [7/4/2010 10:15 AM 98984]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 9:05 AM 14904]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 8:48 PM 116664]
.
Contents of the 'Scheduled Tasks' folder

2010-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-11-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-23 17:59]

2010-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 12:39]

2010-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 12:39]

2010-11-08 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2007-10-03 04:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070821
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-08 09:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
.
Completion time: 2010-11-08 09:14:25
ComboFix-quarantined-files.txt 2010-11-08 14:14

Pre-Run: 272,210,661,376 bytes free
Post-Run: 272,384,663,552 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - AF138BDB2F9820226A05E06B70ECE976

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:45 AM

Posted 09 November 2010 - 01:56 AM

Hi,

please run the following script to remove some leftovers:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\program files\Common Files\InstallShield\UpdateService\bak
c:\program files\Common Files\Real\Update_OB\bak
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\bak
c:\program files\Dell\Media Experience\bak
c:\program files\Google\Google Desktop Search\bak
c:\program files\Hewlett-Packard\HP Software Update\bak
c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\bak
c:\program files\HP\hpcoretech\bak
c:\program files\Intel\Intel Matrix Storage Manager\bak
c:\program files\iTunes\bak
c:\program files\QuickTime\bak
c:\program files\Roxio\Drag-to-Disc\bak
c:\windows\system32\bak
c:\windows\system32\spool\drivers\w32x86\3\bak


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

How is the PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 caligula11

caligula11
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 11 November 2010 - 05:42 PM

Hi Myrti,
The redirects are not happening anymore, but Symantec is repeatedly catching a lot of something. Please see the attached screenshots.

I followed your instructions and below is the CF log.

Thanks,
Larry

ComboFix 10-11-11.01 - Larry 11/11/2010 17:32:07.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1266 [GMT -5:00]
Running from: c:\documents and settings\Larry\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Larry\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\InstallShield\UpdateService\bak
c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
c:\program files\Common Files\Real\Update_OB\bak
c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\bak
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\bak\RoxWatchTray9.exe
c:\program files\Dell\Media Experience\bak
c:\program files\Dell\Media Experience\bak\DMXLauncher.exe
c:\program files\Google\Google Desktop Search\bak
c:\program files\Google\Google Desktop Search\bak\GoogleDesktop.exe
c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\bak
c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\bak\hphupd05.exe
c:\program files\Hewlett-Packard\HP Software Update\bak
c:\program files\Hewlett-Packard\HP Software Update\bak\HPWuSchd2.exe
c:\program files\HP\hpcoretech\bak
c:\program files\HP\hpcoretech\bak\hpcmpmgr.exe
c:\program files\Intel\Intel Matrix Storage Manager\bak
c:\program files\Intel\Intel Matrix Storage Manager\bak\Iaanotif.exe
c:\program files\iTunes\bak
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\QuickTime\bak
c:\program files\QuickTime\bak\QTTask.exe
c:\program files\Roxio\Drag-to-Disc\bak
c:\program files\Roxio\Drag-to-Disc\bak\DrgToDsc.exe
c:\windows\system32\bak
c:\windows\system32\bak\hphmon05.exe
c:\windows\system32\spool\drivers\w32x86\3\bak
c:\windows\system32\spool\drivers\w32x86\3\bak\hpztsb09.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-11 to 2010-11-11 )))))))))))))))))))))))))))))))
.

2010-11-09 11:47 . 2010-11-09 11:47 -------- d-----w- c:\windows\LastGood
2010-11-09 11:47 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-09 03:49 . 2010-11-09 03:49 -------- d-----w- c:\program files\Common Files\xing shared
2010-11-09 03:49 . 2010-11-09 03:49 348160 ----a-w- c:\windows\system32\pnup0.dll
2010-11-09 03:38 . 2010-11-09 03:38 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-09 03:37 . 2010-11-09 03:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-09 03:15 . 2010-11-09 03:15 -------- d-----w- c:\program files\iPod
2010-11-09 03:15 . 2010-11-09 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-09 03:13 . 2010-11-09 03:13 -------- d-----w- c:\program files\Apple Software Update
2010-11-09 03:12 . 2010-11-09 03:12 -------- d-----w- c:\program files\Bonjour
2010-11-09 03:09 . 2010-11-09 03:09 -------- d-----w- c:\program files\Common Files\Java
2010-11-09 03:09 . 2010-11-09 03:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 03:09 . 2010-11-09 03:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-09 02:07 . 2010-11-09 02:07 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-11-08 17:56 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-11-08 17:56 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-11-08 17:56 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-08 17:56 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-08 17:56 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-27 14:16 . 2010-10-27 14:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-10-27 14:16 . 2010-10-27 14:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-10-27 14:16 . 2010-10-27 14:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-10-27 14:16 . 2010-10-27 14:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-10-27 14:16 . 2010-10-27 14:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-10-27 14:16 . 2010-10-27 14:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-10-27 14:16 . 2010-10-27 14:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-10-27 14:10 . 2010-10-27 14:10 -------- d-----w- c:\program files\Bonjour Print Services
2010-10-27 14:07 . 2010-10-27 14:07 -------- d-----w- c:\program files\Secunia
2010-10-22 00:59 . 2010-10-22 00:59 218 ----a-w- c:\documents and settings\Larry\Application Data\21968.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 17:23 . 2004-08-10 16:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 16:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 16:51 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 16:51 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-10 16:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-10 16:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-10 16:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2004-08-10 16:50 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-10 16:51 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-10 16:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-10 16:51 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-10 16:51 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-18 21:30 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-10 16:50 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-10 16:51 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-10 16:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-11-08_14.12.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-09 03:40 . 2010-11-09 03:40 16384 c:\windows\temp\Perflib_Perfdata_458.dat
+ 2007-08-21 16:17 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
- 2007-08-21 16:17 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2007-09-23 15:09 . 2007-04-09 18:23 28552 c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2007-09-23 15:09 . 2007-04-09 18:23 46472 c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2007-09-23 15:09 . 2007-04-09 18:23 46472 c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
- 2004-08-10 16:51 . 2009-03-08 08:31 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-10 16:51 . 2010-09-10 05:58 66560 c:\windows\system32\mshtmled.dll
- 2009-03-08 08:31 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 08:31 . 2010-09-10 05:58 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-09-23 15:09 . 2007-04-09 18:23 28040 c:\windows\system32\mdimon.dll
+ 2004-08-10 16:51 . 2010-09-10 05:58 25600 c:\windows\system32\jsproxy.dll
- 2004-08-10 16:51 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
- 2004-08-10 16:51 . 2008-04-14 00:11 80384 c:\windows\system32\iccvid.dll
+ 2004-08-10 16:51 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll
+ 2007-03-23 00:17 . 2007-03-23 00:17 35440 c:\windows\system32\FM20ENU.DLL
+ 2010-11-09 03:12 . 2010-04-20 01:47 41984 c:\windows\system32\DRVSTORE\usbaapl_5BE1FFC476B2D9925B428CF102B47444B9A16508\usbaapl.sys
+ 2010-11-09 03:12 . 2010-04-20 01:29 18432 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\netaapl.sys
+ 2010-07-27 23:44 . 2010-07-27 23:44 91424 c:\windows\system32\dnssd.dll
- 2010-05-18 20:35 . 2010-05-18 20:35 91424 c:\windows\system32\dnssd.dll
+ 2009-10-10 01:06 . 2010-09-10 05:58 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-10-10 01:06 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-08-27 05:57 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
- 2007-08-21 16:16 . 2009-03-08 08:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-21 16:16 . 2010-09-10 05:58 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-10-10 01:06 . 2010-09-10 05:58 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-10-10 01:06 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-03-08 08:34 . 2010-09-10 05:58 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-21 16:16 . 2010-09-10 05:58 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2007-08-21 16:16 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-09-23 20:55 . 2010-09-23 20:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2010-04-01 15:42 . 2010-04-01 15:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-09-23 07:26 . 2010-09-23 07:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2010-03-31 18:51 . 2010-03-31 18:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-09-23 07:26 . 2010-09-23 07:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-03-31 18:51 . 2010-03-31 18:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2010-03-31 18:51 . 2010-03-31 18:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-23 07:26 . 2010-09-23 07:26 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-09-23 08:17 . 2010-09-23 08:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-03-31 19:32 . 2010-03-31 19:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-09-23 08:17 . 2010-09-23 08:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2010-03-31 19:32 . 2010-03-31 19:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-11-09 03:37 . 2010-11-09 03:37 28160 c:\windows\Installer\6558b7.msi
+ 2010-11-09 03:49 . 2010-11-09 03:49 18944 c:\windows\Installer\3c85e.msi
+ 2010-11-09 03:49 . 2010-11-09 03:49 92672 c:\windows\Installer\3c855.msi
+ 2010-11-09 03:13 . 2010-11-09 03:13 27136 c:\windows\Installer\{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe
- 2007-09-23 15:09 . 2007-09-23 15:36 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-09-23 15:09 . 2010-11-11 08:05 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-09-23 15:09 . 2007-09-23 15:36 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-09-23 15:09 . 2010-11-11 08:05 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-09-23 15:09 . 2007-09-23 15:36 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-09-23 15:09 . 2010-11-11 08:05 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-09-23 15:09 . 2007-09-23 15:36 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-09-23 15:09 . 2010-11-11 08:05 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-09-23 15:09 . 2007-09-23 15:36 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-09-23 15:09 . 2010-11-11 08:05 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-09-23 15:09 . 2010-11-11 08:05 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-09-23 15:09 . 2007-09-23 15:36 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-03-23 00:07 . 2007-03-23 00:07 78168 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-23 00:07 . 2007-03-23 00:07 41824 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-23 00:05 . 2007-03-23 00:05 97632 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2007-04-19 18:53 . 2007-04-19 18:53 69984 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-03-23 00:13 . 2007-03-23 00:13 23904 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IPDMCTRL.DLL
+ 2007-03-23 00:07 . 2007-03-23 00:07 80224 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-03-23 00:07 . 2007-03-23 00:07 91488 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2007-09-23 15:08 . 2007-09-23 15:08 64088 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2003-07-15 02:53 . 2003-07-15 02:53 11848 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2003-07-15 02:57 . 2003-07-15 02:57 58944 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-15 02:44 . 2003-07-15 02:44 66616 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2003-07-15 02:57 . 2003-07-15 02:57 40512 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2003-05-09 01:54 . 2003-05-09 01:54 77824 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-15 02:42 . 2003-07-15 02:42 37432 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\RECALL.DLL
+ 2003-07-15 02:40 . 2003-07-15 02:40 51256 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PUBTRAP.DLL
+ 2003-07-15 07:18 . 2003-07-15 07:18 93752 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2003-07-15 02:43 . 2003-07-15 02:43 49208 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2003-07-15 02:56 . 2003-07-15 02:56 13888 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2003-07-15 02:57 . 2003-07-15 02:57 56888 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-15 02:52 . 2003-07-15 02:52 41528 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-06-18 21:31 . 2003-06-18 21:31 16384 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-07-15 02:45 . 2003-07-15 02:45 39488 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-07-15 02:45 . 2003-07-15 02:45 55360 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-15 02:46 . 2003-07-15 02:46 42040 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-15 02:53 . 2003-07-15 02:53 39488 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-15 02:52 . 2003-07-15 02:52 35896 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-15 02:52 . 2003-07-15 02:52 28224 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-15 02:52 . 2003-07-15 02:52 55360 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2003-07-15 02:44 . 2003-07-15 02:44 25144 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
+ 2003-07-15 02:52 . 2003-07-15 02:52 27704 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-15 02:52 . 2003-07-15 02:52 17464 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-07-15 02:51 . 2003-07-15 02:51 87104 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-07-15 02:45 . 2003-07-15 02:45 58944 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\INLAUNCH.DLL
+ 2003-07-15 02:41 . 2003-07-15 02:41 13368 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2003-07-15 02:57 . 2003-07-15 02:57 98360 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-15 02:56 . 2003-07-15 02:56 14904 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-15 02:53 . 2003-07-15 02:53 94768 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-15 02:57 . 2003-07-15 02:57 38968 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2010-11-09 01:44 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2360131-IE8\xpshims.dll
+ 2010-11-09 01:44 . 2009-03-08 08:31 66560 c:\windows\ie8updates\KB2360131-IE8\mshtmled.dll
+ 2010-11-09 01:44 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2360131-IE8\msfeedsbs.dll
+ 2010-11-09 01:44 . 2009-03-08 08:34 43008 c:\windows\ie8updates\KB2360131-IE8\licmgr10.dll
+ 2010-11-09 01:44 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2360131-IE8\jsproxy.dll
+ 2010-11-09 01:43 . 2010-11-09 01:43 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b5961392\System.Drawing.Design.dll
+ 2010-11-09 01:43 . 2010-11-09 01:43 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7cfe0294\CustomMarshalers.dll
+ 2010-11-09 01:43 . 2010-11-09 01:43 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-12 07:02 . 2010-06-12 07:02 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-11-10 08:01 . 2010-11-10 08:01 66936 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2010-11-10 08:01 . 2010-11-10 08:01 91488 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
- 2010-01-23 12:56 . 2010-01-23 12:56 5632 c:\windows\system32\pndx5032.dll
+ 2010-01-23 12:56 . 2010-11-09 03:49 5632 c:\windows\system32\pndx5032.dll
+ 2010-01-23 12:56 . 2010-11-09 03:49 6656 c:\windows\system32\pndx5016.dll
- 2010-01-23 12:56 . 2010-01-23 12:56 6656 c:\windows\system32\pndx5016.dll
- 2007-09-23 15:09 . 2007-09-23 15:36 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-09-23 15:09 . 2010-11-11 08:05 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2006-12-02 03:54 . 2006-12-02 03:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
- 2006-12-02 02:54 . 2006-12-02 02:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
- 2006-12-02 02:54 . 2006-12-02 02:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 03:54 . 2006-12-02 03:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 03:54 . 2006-12-02 03:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
- 2006-12-02 02:54 . 2006-12-02 02:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2004-08-10 16:51 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
- 2004-08-10 16:51 . 2008-04-14 00:12 293376 c:\windows\system32\winsrv.dll
- 2004-08-10 16:51 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll
+ 2004-08-10 16:51 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
+ 2007-09-23 15:09 . 2007-04-09 18:24 758664 c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2007-09-23 15:09 . 2007-04-09 18:24 758664 c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2004-08-10 16:51 . 2010-06-30 12:31 149504 c:\windows\system32\schannel.dll
+ 2010-01-23 12:56 . 2010-11-09 03:49 199904 c:\windows\system32\rmoc3260.dll
+ 2007-09-23 17:53 . 2010-11-09 03:49 272896 c:\windows\system32\pncrt.dll
- 2004-08-10 16:51 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
+ 2004-08-10 16:51 . 2010-09-10 05:58 206848 c:\windows\system32\occache.dll
+ 2009-08-07 00:23 . 2009-08-07 00:23 215904 c:\windows\system32\muweb.dll
- 2004-08-10 16:51 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
+ 2004-08-10 16:51 . 2010-09-10 05:58 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 08:32 . 2010-09-10 05:58 602112 c:\windows\system32\msfeeds.dll
+ 2009-11-06 03:17 . 2009-11-06 03:17 297808 c:\windows\system32\mscoree.dll
- 2004-08-10 16:51 . 2004-08-04 09:00 384512 c:\windows\system32\mp4sdmod.dll
+ 2004-08-10 16:51 . 2010-04-05 16:54 384512 c:\windows\system32\mp4sdmod.dll
+ 2010-11-09 03:07 . 2010-11-09 03:52 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
+ 2010-11-09 03:07 . 2010-11-09 03:52 311248 c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.dll
+ 2010-11-09 03:09 . 2010-11-09 03:09 153376 c:\windows\system32\javaws.exe
- 2010-02-14 01:03 . 2010-02-14 01:03 153376 c:\windows\system32\javaws.exe
+ 2010-11-09 03:09 . 2010-11-09 03:09 145184 c:\windows\system32\javaw.exe
- 2010-02-14 01:03 . 2010-02-14 01:03 145184 c:\windows\system32\javaw.exe
- 2010-02-14 01:03 . 2010-02-14 01:03 145184 c:\windows\system32\java.exe
+ 2010-11-09 03:09 . 2010-11-09 03:09 145184 c:\windows\system32\java.exe
+ 2004-08-10 17:02 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
- 2004-08-10 16:51 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
+ 2004-08-10 16:51 . 2010-09-10 05:58 184320 c:\windows\system32\iepeers.dll
- 2004-08-10 16:51 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-10 16:51 . 2010-09-10 05:58 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-10 16:51 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 16:51 . 2010-08-26 12:22 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 16:57 . 2010-11-09 01:47 237552 c:\windows\system32\FNTCACHE.DAT
- 2004-08-10 16:57 . 2010-06-12 07:18 237552 c:\windows\system32\FNTCACHE.DAT
- 2010-05-18 20:35 . 2010-05-18 20:35 197920 c:\windows\system32\dnssdX.dll
+ 2010-07-27 23:44 . 2010-07-27 23:44 197920 c:\windows\system32\dnssdX.dll
- 2010-05-18 20:35 . 2010-05-18 20:35 107808 c:\windows\system32\dns-sd.exe
+ 2010-07-27 23:44 . 2010-07-27 23:44 107808 c:\windows\system32\dns-sd.exe
+ 2009-04-18 21:30 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
+ 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2007-08-21 16:16 . 2010-09-10 05:58 916480 c:\windows\system32\dllcache\wininet.dll
- 2007-08-21 16:16 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
+ 2009-06-16 14:36 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
- 2009-06-16 14:36 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-10-16 01:05 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:54 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:51 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-03-08 08:34 . 2010-09-10 05:58 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 08:34 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
- 2007-08-21 16:16 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-08-21 16:16 . 2010-09-10 05:58 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-10-10 01:06 . 2010-09-10 05:58 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-04-05 16:54 . 2010-04-05 16:54 384512 c:\windows\system32\dllcache\mp4sdmod.dll
+ 2007-08-21 16:16 . 2010-09-18 17:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2008-08-16 22:00 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2009-10-10 01:06 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-10-10 01:06 . 2010-09-10 05:58 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2007-08-21 16:16 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-21 16:16 . 2010-09-10 05:58 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-12 01:28 . 2010-09-10 05:58 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-12 01:28 . 2010-05-06 10:41 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2009-03-08 18:09 . 2010-09-10 05:58 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 18:09 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 08:32 . 2010-08-26 12:22 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-03-08 08:32 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-04-20 05:30 . 2010-09-01 11:51 285824 c:\windows\system32\dllcache\atmfd.dll
- 2004-08-10 17:02 . 2008-04-14 00:12 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
+ 2004-08-10 17:02 . 2010-06-14 14:31 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
+ 2010-09-23 07:26 . 2010-09-23 07:26 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2010-03-31 18:51 . 2010-03-31 18:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-09-23 07:25 . 2010-09-23 07:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2010-03-31 18:49 . 2010-03-31 18:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-09-23 08:17 . 2010-09-23 08:17 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2010-03-31 19:32 . 2010-03-31 19:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2009-09-09 20:40 . 2009-09-09 20:40 632320 c:\windows\Installer\b3bbade.msp
+ 2008-06-11 19:02 . 2008-06-11 19:02 830464 c:\windows\Installer\6150ae9.msp
+ 2008-07-28 19:59 . 2008-07-28 19:59 180736 c:\windows\Installer\6150ad1.msp
+ 2010-11-09 03:09 . 2010-11-09 03:09 180224 c:\windows\Installer\4a644d.msi
+ 2010-11-09 03:09 . 2010-11-09 03:09 677376 c:\windows\Installer\4a643f.msi
+ 2010-11-09 03:26 . 2010-11-09 03:26 897024 c:\windows\Installer\{AFAC914D-9E83-4A89-8ABE-427521C82CCF}\SafariIco.exe
+ 2007-09-23 15:09 . 2010-11-11 08:05 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-09-23 15:09 . 2007-09-23 15:36 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-09-23 15:09 . 2010-11-11 08:05 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-09-23 15:09 . 2007-09-23 15:36 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-09-23 15:09 . 2007-09-23 15:36 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-09-23 15:09 . 2010-11-11 08:05 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-09-23 15:09 . 2010-11-11 08:05 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-09-23 15:09 . 2007-09-23 15:36 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-09-23 15:09 . 2010-11-11 08:05 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-09-23 15:09 . 2007-09-23 15:36 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-09-23 15:09 . 2007-09-23 15:36 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-09-23 15:09 . 2010-11-11 08:05 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-11-09 03:44 . 2010-11-09 03:44 897024 c:\windows\Installer\{3763A2B4-B07A-4E4D-994D-7D2C6AF0CF9E}\SafariIco.exe
+ 2010-11-09 03:15 . 2010-11-09 03:15 380928 c:\windows\Installer\{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}\iTunesIco.exe
+ 2007-03-23 00:22 . 2007-03-23 00:22 103264 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-05-10 18:34 . 2007-05-10 18:34 562528 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PUBCONV.DLL
+ 2007-05-31 18:36 . 2007-05-31 18:36 612184 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PTXT9.DLL
+ 2007-05-31 18:35 . 2007-05-31 18:35 133976 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PRTF9.DLL
+ 2007-04-19 18:53 . 2007-04-19 18:53 149856 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-05-31 18:42 . 2007-05-31 18:42 200032 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 18:53 . 2007-04-19 18:53 106336 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-04-19 18:53 . 2007-04-19 18:53 109408 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL
+ 2005-05-04 04:06 . 2005-05-04 04:06 199408 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
+ 2005-05-04 04:06 . 2005-05-04 04:06 465640 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
+ 2007-04-19 19:01 . 2007-04-19 19:01 238424 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL
+ 2007-01-17 01:32 . 2007-01-17 01:32 136032 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSAEXP30.DLL
+ 2007-04-19 18:54 . 2007-04-19 18:54 183136 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2010-11-10 08:01 . 2010-11-10 08:01 103776 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IPATHPIA.DLL
+ 2007-04-19 18:53 . 2007-04-19 18:53 127328 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-19 19:09 . 2007-04-19 19:09 167256 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 18:53 . 2007-04-19 18:53 137568 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2007-04-19 18:54 . 2007-04-19 18:54 169312 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ACCWIZ.DLL
+ 2003-07-21 15:46 . 2003-07-21 15:46 390712 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2003-07-08 15:48 . 2003-07-08 15:48 115288 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DLL
+ 2003-07-15 02:44 . 2003-07-15 02:44 102968 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-07-15 07:14 . 2003-07-15 07:14 242240 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2007-09-23 15:08 . 2007-09-23 15:08 223800 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-15 03:00 . 2003-07-15 03:00 145984 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-06-19 20:05 . 2003-06-19 20:05 364648 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-15 07:18 . 2003-07-15 07:18 376888 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-15 02:57 . 2003-07-15 02:57 120888 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2003-07-15 02:46 . 2003-07-15 02:46 176696 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL
+ 2003-06-18 21:31 . 2003-06-18 21:31 252928 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-07-15 02:40 . 2003-07-15 02:40 165944 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
+ 2003-07-15 02:40 . 2003-07-15 02:40 179768 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-15 07:18 . 2003-07-15 07:18 141360 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\ATP.DLL
+ 2010-11-09 01:44 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2360131-IE8\wininet.dll
+ 2010-11-09 01:44 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2360131-IE8\spuninst\updspapi.dll
+ 2010-11-09 01:44 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB2360131-IE8\spuninst\spuninst.exe
+ 2010-11-09 01:44 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2360131-IE8\occache.dll
+ 2010-11-09 01:44 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2360131-IE8\mstime.dll
+ 2010-11-09 01:44 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2360131-IE8\msfeeds.dll
+ 2010-11-09 01:44 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2360131-IE8\ieproxy.dll
+ 2010-11-09 01:44 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2360131-IE8\iepeers.dll
+ 2010-11-09 01:44 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2360131-IE8\iedvtool.dll
+ 2010-11-09 01:44 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2360131-IE8\iedkcs32.dll
+ 2010-11-09 01:44 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2360131-IE8\ie4uinit.exe
+ 2010-11-09 01:43 . 2010-11-09 01:43 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_1f747855\System.Drawing.dll
+ 2010-11-09 01:43 . 2010-11-09 01:43 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_7bc23c0d\System.Drawing.Design.dll
+ 2010-11-09 01:43 . 2010-11-09 01:43 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_1e0b2586\CustomMarshalers.dll
+ 2010-11-10 08:01 . 2010-11-10 08:01 226656 c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2010-11-11 08:01 . 2010-11-11 08:01 111624 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2010-11-08 17:56 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2004-08-10 16:51 . 2010-08-25 12:23 5541888 c:\windows\system32\wmp.dll
+ 2004-08-10 16:51 . 2010-09-10 05:58 1210880 c:\windows\system32\urlmon.dll
+ 2004-08-10 16:51 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2004-08-10 16:51 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32.dll
- 2004-08-10 16:51 . 2010-02-16 14:08 2146304 c:\windows\system32\ntoskrnl.exe
+ 2004-08-10 16:51 . 2010-04-27 13:59 2146304 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 02:59 . 2010-04-27 13:05 2024448 c:\windows\system32\ntkrnlpa.exe
- 2004-08-04 02:59 . 2010-02-16 13:25 2024448 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-10 16:51 . 2010-06-14 07:41 1172480 c:\windows\system32\msxml3.dll
- 2004-08-10 16:51 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-10 16:51 . 2010-09-10 05:58 5957120 c:\windows\system32\mshtml.dll
+ 2009-03-08 08:32 . 2010-09-10 05:58 1986560 c:\windows\system32\iertutil.dll
+ 2009-08-05 00:52 . 2009-08-05 00:52 1193832 c:\windows\system32\FM20.DLL
+ 2010-11-09 03:12 . 2010-04-20 01:47 3062048 c:\windows\system32\DRVSTORE\usbaapl_5BE1FFC476B2D9925B428CF102B47444B9A16508\usbaaplrc.dll
+ 2010-11-09 03:12 . 2010-04-20 01:29 1461992 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\wdfcoinstaller01009.dll
+ 2004-08-10 16:51 . 2010-08-25 12:23 5541888 c:\windows\system32\dllcache\wmp.dll
+ 2008-10-16 01:05 . 2010-08-31 13:42 1852800 c:\windows\system32\dllcache\win32k.sys
+ 2007-08-21 16:16 . 2010-09-10 05:58 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2010-07-16 12:05 . 2010-07-16 12:05 1288192 c:\windows\system32\dllcache\ole32.dll
+ 2009-04-18 21:31 . 2010-04-28 02:25 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-04-18 21:31 . 2010-02-17 13:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-04-18 21:31 . 2010-04-27 13:05 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-04-18 21:31 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-02-07 23:02 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-02-07 23:02 . 2010-04-27 13:05 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-04-18 21:31 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-04-18 21:31 . 2010-04-27 13:59 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2007-08-21 16:16 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2007-08-21 16:16 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2007-08-21 16:16 . 2010-09-10 05:58 5957120 c:\windows\system32\dllcache\mshtml.dll
- 2010-03-13 12:32 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-03-13 12:32 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2009-10-10 01:06 . 2010-09-10 05:58 1986560 c:\windows\system32\dllcache\iertutil.dll
- 2010-04-01 15:42 . 2010-04-01 15:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-09-23 20:55 . 2010-09-23 20:55 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2010-04-01 15:42 . 2010-04-01 15:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-09-23 20:55 . 2010-09-23 20:55 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2010-09-23 07:26 . 2010-09-23 07:26 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2010-03-31 18:50 . 2010-03-31 18:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-09-23 07:25 . 2010-09-23 07:25 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2010-04-01 15:42 . 2010-04-01 15:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-09-23 20:55 . 2010-09-23 20:55 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-08-05 15:57 . 2010-08-05 15:57 4066304 c:\windows\Installer\b3bbb46.msp
+ 2009-10-16 23:07 . 2009-10-16 23:07 6115328 c:\windows\Installer\b3bbb23.msp
+ 2010-05-25 16:45 . 2010-05-25 16:45 8445440 c:\windows\Installer\b3bbaf9.msp
+ 2009-08-20 10:02 . 2009-08-20 10:02 5204992 c:\windows\Installer\b3bbaca.msp
+ 2010-06-11 22:55 . 2010-06-11 22:55 1827328 c:\windows\Installer\b3bbab4.msp
+ 2009-07-01 18:21 . 2009-07-01 18:21 8891904 c:\windows\Installer\b3bba9a.msp
+ 2010-05-03 21:11 . 2010-05-03 21:11 4149760 c:\windows\Installer\b3bba82.msp
+ 2010-08-23 22:09 . 2010-08-23 22:09 7673344 c:\windows\Installer\b3bba6d.msp
+ 2010-10-01 22:42 . 2010-10-01 22:42 5054464 c:\windows\Installer\b3bba58.msp
+ 2008-10-25 14:15 . 2008-10-25 14:15 6227456 c:\windows\Installer\b3bba41.msp
+ 2009-09-29 14:08 . 2009-09-29 14:08 6747648 c:\windows\Installer\b3bba2c.msp
+ 2010-08-25 22:06 . 2010-08-25 22:06 6479360 c:\windows\Installer\b3bba17.msp
+ 2010-08-24 14:49 . 2010-08-24 14:49 6825472 c:\windows\Installer\b3bba02.msp
+ 2010-03-30 17:34 . 2010-03-30 17:34 3826688 c:\windows\Installer\b3bb9ed.msp
+ 2010-11-09 03:38 . 2010-11-09 03:38 3940864 c:\windows\Installer\6559ed.msi
+ 2008-06-11 20:05 . 2008-06-11 20:05 9994240 c:\windows\Installer\6150d19.msp
+ 2005-10-26 19:59 . 2005-10-26 19:59 2883072 c:\windows\Installer\6150d00.msp
+ 2008-04-01 19:33 . 2008-04-01 19:33 5479936 c:\windows\Installer\6150cac.msp
+ 2008-01-31 15:30 . 2008-01-31 15:30 9947648 c:\windows\Installer\6150c7f.msp
+ 2008-01-14 21:53 . 2008-01-14 21:53 5213696 c:\windows\Installer\6150c63.msp
+ 2009-12-17 03:58 . 2009-12-17 03:58 5382144 c:\windows\Installer\6150c4f.msp
+ 2008-07-08 16:27 . 2008-07-08 16:27 8436736 c:\windows\Installer\6150c23.msp
+ 2010-10-22 18:25 . 2010-10-22 18:25 5521408 c:\windows\Installer\6150aff.msp
+ 2007-11-08 16:42 . 2007-11-08 16:42 4158464 c:\windows\Installer\6150abd.msp
+ 2010-11-09 03:15 . 2010-11-09 03:15 6333440 c:\windows\Installer\4a7111.msi
+ 2010-11-09 03:13 . 2010-11-09 03:13 1554944 c:\windows\Installer\4a6974.msi
+ 2010-11-09 03:12 . 2010-11-09 03:12 3084800 c:\windows\Installer\4a64b3.msi
+ 2010-11-09 03:12 . 2010-11-09 03:12 1984000 c:\windows\Installer\4a6474.msi
+ 2010-11-09 03:44 . 2010-11-09 03:44 3140608 c:\windows\Installer\3c84d.msi
+ 2007-05-09 22:19 . 2007-05-09 22:19 2585936 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-04-19 18:49 . 2007-04-19 18:49 1661280 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PPTVIEW.EXE
+ 2007-05-31 18:35 . 2007-05-31 18:35 6420320 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
+ 2007-05-10 18:45 . 2007-05-10 18:45 8069464 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2007-03-14 18:10 . 2007-03-14 18:10 7255384 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OWC10.DLL
+ 2007-05-31 18:43 . 2007-05-31 18:43 7613280 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2007-05-10 18:35 . 2007-05-10 18:35 6747480 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSPUB.EXE
+ 2005-05-04 04:06 . 2005-05-04 04:06 1411816 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
+ 2007-05-10 18:43 . 2007-05-10 18:43 6688096 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSACCESS.EXE
+ 2007-04-30 19:57 . 2007-04-30 19:57 7084384 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\INFOPATH.EXE
+ 2007-06-06 15:53 . 2007-06-06 15:53 1195888 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\FM20.DLL
+ 2003-07-07 17:36 . 2003-07-07 17:36 2058343 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DAT
+ 2003-07-15 03:05 . 2003-07-15 03:05 1054264 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-07-11 06:15 . 2003-07-11 06:15 1292872 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2010-11-09 01:44 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2360131-IE8\urlmon.dll
+ 2010-11-09 01:44 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
+ 2010-11-09 01:44 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2360131-IE8\iertutil.dll
+ 2009-04-18 21:31 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-04-18 21:31 . 2010-02-17 13:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-04-18 21:31 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-04-18 21:31 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-07 23:02 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-07 23:02 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-04-18 21:31 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-18 21:31 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-11-09 01:43 . 2010-11-09 01:43 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_ff49e658\System.dll
+ 2010-11-09 01:43 . 2010-11-09 01:43 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_fe625726\System.dll
+ 2010-11-09 01:43 . 2010-11-09 01:43 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_7577eb42\System.Xml.dll
+ 2010-11-09 01:43 . 2010-11-09 01:43 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_35a92ee4\System.Xml.dll
+ 2010-11-09 01:43 . 2010-11-09 01:43 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_6e411f06\System.Windows.Forms.dll
+ 2010-11-09 01:43 . 2010-11-09 01:43 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_6b1a6d7c\System.Windows.Forms.dll
+ 2010-11-09 01:43 . 2010-11-09 01:43 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_2a4ef31e\System.Drawing.dll
+ 2010-11-09 01:43 . 2010-11-09 01:43 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_541bc702\System.Design.dll
+ 2010-11-09 01:43 . 2010-11-09 01:43 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_2c3bb6d0\System.Design.dll
+ 2010-11-09 01:43 . 2010-11-09 01:43 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_cb9dba29\mscorlib.dll
+ 2010-11-09 01:43 . 2010-11-09 01:43 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_ad02a1c5\mscorlib.dll
- 2010-06-12 07:02 . 2010-06-12 07:02 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-11-09 01:43 . 2010-11-09 01:43 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2010-06-12 07:02 . 2010-06-12 07:02 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-11-09 01:43 . 2010-11-09 01:43 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-02-28 13:57 . 2010-11-10 08:02 35758536 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2010-09-10 05:58 11080192 c:\windows\system32\ieframe.dll
+ 2009-07-19 22:48 . 2010-09-10 05:58 11080192 c:\windows\system32\dllcache\ieframe.dll
+ 2010-09-24 19:08 . 2010-09-24 19:08 11430400 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp
+ 2010-10-14 21:57 . 2010-10-14 21:57 11189248 c:\windows\Installer\b3bbb0e.msp
+ 2010-06-11 22:52 . 2010-06-11 22:52 45542912 c:\windows\Installer\b3bbab5.msp
+ 2009-07-01 18:19 . 2009-07-01 18:19 10607104 c:\windows\Installer\b3bba9b.msp
+ 2008-08-13 19:49 . 2008-08-13 19:49 11816960 c:\windows\Installer\6150ceb.msp
+ 2008-07-30 13:50 . 2008-07-30 13:50 12506112 c:\windows\Installer\6150cd6.msp
+ 2008-07-08 15:09 . 2008-07-08 15:09 11887616 c:\windows\Installer\6150cc1.msp
+ 2008-06-04 18:29 . 2008-06-04 18:29 16905728 c:\windows\Installer\6150c94.msp
+ 2008-01-14 20:24 . 2008-01-14 20:24 10721280 c:\windows\Installer\6150c37.msp
+ 2010-09-24 12:08 . 2010-09-24 12:08 17518080 c:\windows\Installer\27dad62.msp
+ 2007-05-31 18:37 . 2007-05-31 18:37 12310368 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
+ 2007-06-18 22:16 . 2007-06-18 22:16 12259160 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-31 18:41 . 2007-05-31 18:41 10352472 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2010-11-09 01:44 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2360131-IE8\ieframe.dll
+ 2007-07-27 14:03 . 2007-07-27 14:03 119977472 c:\windows\Installer\6150c0e.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-28 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-23 8429568]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2009-05-20 680616]
"EzPrint"="c:\program files\Lexmark 3600-4600 Series\ezprint.exe" [2009-05-20 107176]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-09 274608]

c:\documents and settings\Larry\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-7-21 965176]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-21 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-29 00:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdxcoms.exe"=
"c:\\WINDOWS\\system32\\lxdxcfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/29/2010 3:26 PM 102448]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 9:05 AM 14904]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2009 7:39 AM 135664]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [7/4/2010 10:15 AM 98984]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 8:48 PM 116664]
.
Contents of the 'Scheduled Tasks' folder

2010-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-11-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-23 17:59]

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 12:39]

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 12:39]

2010-11-11 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2007-10-03 04:55]

2010-11-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3840803644-598158612-626642292-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 23:32]

2010-11-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3840803644-598158612-626642292-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 23:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070821
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-IAAnotif - c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
HKLM-Run-DMXLauncher - c:\program files\Dell\Media Experience\DMXLauncher.exe
HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
HKLM-Run-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
HKLM-Run-RoxioDragToDisc - c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
HKLM-Run-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
HKLM-Run-HPDJ Taskbar Utility - c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
HKLM-Run-HPHUPD05 - c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
HKLM-Run-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
HKLM-Run-HP Software Update - c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
HKLM-Run-HPHmon05 - c:\windows\system32\hphmon05.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-11 17:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
.
Completion time: 2010-11-11 17:37:15
ComboFix-quarantined-files.txt 2010-11-11 22:37
ComboFix2.txt 2010-11-08 14:14

Pre-Run: 269,317,103,616 bytes free
Post-Run: 269,310,713,856 bytes free

- - End Of File - - C1379CC004667F65A27DFED2898D2DC7

Attached Files



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:45 AM

Posted 14 November 2010 - 04:56 PM

Hi,

those items found are backups of the infections we removed. We will remove them at the end of the cleaning. For now please run an online scan to check for other leftovers:
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 caligula11

caligula11
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 15 November 2010 - 10:13 AM

Hi Myrti,
Here is the result:

C:\Documents and Settings\Larry\Application Data\Sun\Java\Deployment\cache\6.0\18\3863f912-18614cde a variant of Java/TrojanDownloader.OpenStream.NAU trojan deleted - quarantined
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\32\9fa11e0-56e72591 multiple threats deleted - quarantined


I did not check either of the boxes (one of which would have delete the files it found), so please just let me know what to do next.

Thanks,
Larry

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:45 AM

Posted 15 November 2010 - 10:39 AM

Hi,

Clear the Java cache:
  • Go to Start -> Control Panel.
  • In the Control Panel, double-click the Java icon.
    • The Java Control Panel appears.
  • Click Settings... under "Temporary Internet Files".The Temporary Files Settings dialog box appears.
  • Click Delete Files...The Delete Temporary Files dialog box appears.
  • Click OK on the Delete Temporary Files window.
    NOTE: This deletes all the Downloaded Applications and Applets from the cache!
  • Click OK on the Temporary Files Settings window.
  • Close the Java Control Panel.

    You can also view these instructions along with screenshots here.
please empty java cache that will delete all the files found by Eset:


Afterwards please update your software:
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 22 (JDK or JRE)"
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version 9.4. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • Once the installation is finished, open Adobe Reader and accept the warranty if prompted.
  • Click on Help and select Check for Updates.
  • A window will open and Adobe will check for Updates. If any updates are found to be available click on Download.
  • Once the update is downloaded you will get a system notification telling you so. Click on the popup to restore the window.
  • In the window that opens click Install.
  • Once the update is done click Close.
Your Adobe Reader is now up to date!

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 caligula11

caligula11
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 15 November 2010 - 10:13 PM

Hi Myrti,
I did the Java steps. When I went to download Adobe Reader 9.4, it told me it was already installed. I don't have any other version loaded. Please advise.

Thanks,
Larry

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:45 AM

Posted 16 November 2010 - 02:21 AM

Hi,

you have Adobe Reader 7.0.8 installed, please try uninstalling it first.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 caligula11

caligula11
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 19 November 2010 - 09:39 PM

Hi Myrti,
When I go to my control panel, Adobe Reader 9 is all I see. I was going to attach a screenshot for you, but the even a zipped file with it is too big for me to upload. Please advise me what to do next.

Thanks,
Larry

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:45 AM

Posted 22 November 2010 - 05:19 PM

Hi,

can you please visit secunia: http://secunia.com/vulnerability_scanning/online/?task=intro

Click on start scanner, it may want to install a plugin. Accept that and follow the prompts.
It will see which outdated programs can currently be reached through your browser and tell you where they are. It will also encourage you to switch to the latest available versions.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 caligula11

caligula11
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 26 November 2010 - 10:23 AM

Hi Myrti,
I'll run it again this evening and let you know.

Thanks,
Larry




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users