Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search Redirector/Trojan Viruse(s)


  • This topic is locked This topic is locked
13 replies to this topic

#1 swalker25

swalker25

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 26 November 2010 - 09:01 PM

My buddy has gotten some viruses on his computer and I told him I fix it. I used Malwarebytes to find and delete a couple of viruses, but there appear to be more and/or still there.

Symptoms:

-While using Google, searches get redirected to various websites after clicking on the search link.
-Malwarebytes and Spybot websites were being blocked and I couldn't download or update the programs.

Steps Already Taken:

-I was able to get Malwarebytes installed and it was able to find and delete 2 viruses. I am now able to update Malwarebytes and Spybot.
-Malwarebytes then found and deleted 2 more viruses after updating.
-Files deleted by Malwarebytes: G7i3q7.dll (Rootkit.TDSS), 9m17wS1e9.sys (Rootkit.TDSS)

Malwarebytes now finds nothing during current scans and the Malwarebytes website is no longer blocked, but Google searches are still being redirected.


DDS (Ver_10-11-10.01) - NTFSx86
Run by Mel at 19:32:30.95 on Fri 11/26/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3068.2582 [GMT -6:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Mel\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240075734806
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1242751847357&h=c383edb18921d71b4f42ff03d8fdfd6f/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://irbsearch.webex.com/client/T26L/webex/ieatgpc.cab
DPF: {F1EA17CB-F7BD-4108-A742-1BC7774383FF} - hxxps://secure.accurint.com/bps/273/cab/GraphViewCtl.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mel\applic~1\mozilla\firefox\profiles\8rhe23v9.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2007-12-18 2189240]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-11-21 238736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101123.051\NAVENG.SYS [2010-11-24 86064]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101123.051\NAVEX15.SYS [2010-11-24 1371184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9f4433ffac9da;Google Update Service (gupdate1c9f4433ffac9da);c:\program files\google\update\GoogleUpdate.exe [2009-6-23 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-4-18 1684736]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 EraserUtilDrvI4;EraserUtilDrvI4;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi4.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI4.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 vsdatant;vsdatant;a --> a [?]

=============== Created Last 30 ================

2010-11-26 23:15:58 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-11-26 22:53:55 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-11-26 22:53:55 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-11-26 22:53:55 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-11-26 22:53:55 13312 ----a-w- c:\windows\system32\irclass.dll
2010-11-26 22:53:41 16535 ----a-r- c:\windows\SETF1.tmp
2010-11-26 22:53:38 1088840 ----a-r- c:\windows\SETE5.tmp
2010-11-26 22:53:37 1296669 ----a-r- c:\windows\SETE2.tmp
2010-11-25 18:07:16 -------- d-sh--w- C:\$RECYCLE.BIN
2010-11-22 17:19:48 -------- d-----w- c:\windows\system32\winrm
2010-11-22 17:19:48 -------- d-----w- c:\windows\system32\GroupPolicy
2010-11-22 17:19:43 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-11-22 16:48:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-22 16:48:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-11-22 16:28:37 -------- d-----w- c:\program files\Panda Security
2010-11-22 16:06:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-22 16:06:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-22 16:06:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================


============= FINISH: 19:33:02.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 03 December 2010 - 12:40 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 swalker25

swalker25
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 03 December 2010 - 08:50 PM

Hello and thanks for the reply.

The computer has been sitting dormant since my first post, so nothing should be different. The only change I made was to install a new motherboard. But I'm 99% sure the problem was a hardware one and not software. I believe a transistor on the motherboard got damaged during transportation of the computer.

As stated above:

Symptoms:

-While using Google, searches get redirected to various websites after clicking on the search link.
-Malwarebytes and Spybot websites were being blocked and I couldn't download or update the programs.

Steps Already Taken:

-I was able to get Malwarebytes installed and it was able to find and delete 2 viruses. I am now able to update Malwarebytes and Spybot.
-Malwarebytes then found and deleted 2 more viruses after updating.
-Files deleted by Malwarebytes the second time around: G7i3q7.dll (Rootkit.TDSS), 9m17wS1e9.sys (Rootkit.TDSS)

Malwarebytes now finds nothing during current scans and the Malwarebytes website is no longer blocked; but Google searches are still being redirected.

Also, I had an svchost.exe error upon logging into Windows. This error only started right before I made my first post. The Google redirect issuesark had been happening for weeks. Before I could run any of the scans, or even open simple programs such as Microsoft Office, I had to do a repair install of Windows XP. That fixed the svchost.exe error and I was able to run the scans.

Here are the new scans:


DDS (Ver_10-11-10.01) - NTFSx86
Run by Mel at 9:09:58.46 on Sat 12/04/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2503 [GMT -6:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mel\Desktop\Virus Removal\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240075734806
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1242751847357&h=c383edb18921d71b4f42ff03d8fdfd6f/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://irbsearch.webex.com/client/T26L/webex/ieatgpc.cab
DPF: {F1EA17CB-F7BD-4108-A742-1BC7774383FF} - hxxps://secure.accurint.com/bps/273/cab/GraphViewCtl.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mel\applic~1\mozilla\firefox\profiles\8rhe23v9.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-11-9 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2007-12-18 2189240]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-11-21 238736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101123.051\NAVENG.SYS [2010-11-24 86064]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101123.051\NAVEX15.SYS [2010-11-24 1371184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9f4433ffac9da;Google Update Service (gupdate1c9f4433ffac9da);c:\program files\google\update\GoogleUpdate.exe [2009-6-23 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-4-18 1684736]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 EraserUtilDrvI4;EraserUtilDrvI4;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi4.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI4.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 vsdatant;vsdatant;a --> a [?]

=============== Created Last 30 ================

2010-11-27 01:49:45 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-11-27 01:47:52 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-27 01:45:03 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-27 01:45:03 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-27 01:45:03 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-27 01:45:02 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-11-26 23:15:58 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-11-26 22:53:55 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-11-26 22:53:55 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-11-26 22:53:55 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-11-26 22:53:55 13312 ----a-w- c:\windows\system32\irclass.dll
2010-11-26 22:53:41 16535 ----a-r- c:\windows\SETF1.tmp
2010-11-26 22:53:38 1088840 ----a-r- c:\windows\SETE5.tmp
2010-11-26 22:53:37 1296669 ----a-r- c:\windows\SETE2.tmp
2010-11-25 18:07:16 -------- d-sh--w- C:\$RECYCLE.BIN
2010-11-22 17:19:48 -------- d-----w- c:\windows\system32\winrm
2010-11-22 17:19:48 -------- d-----w- c:\windows\system32\GroupPolicy
2010-11-22 17:19:43 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-11-22 16:48:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-22 16:48:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-11-22 16:28:37 -------- d-----w- c:\program files\Panda Security
2010-11-22 16:06:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-22 16:06:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-22 16:06:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-09-18 18:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16:29 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49:49 369664 ----a-w- c:\windows\system32\html.iec

============= FINISH: 9:10:36.28 ===============

Attached Files



#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:37 PM

Posted 04 December 2010 - 07:43 AM

Hello swalker25

Welcome to BleepingComputer :)
==========================

One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you still want to clean it please do the following


===================
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
========
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 swalker25

swalker25
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 04 December 2010 - 04:32 PM

No problems running the scans.

2010/12/05 02:12:21.0734 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/05 02:12:21.0734 ================================================================================
2010/12/05 02:12:21.0734 SystemInfo:
2010/12/05 02:12:21.0734
2010/12/05 02:12:21.0734 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/05 02:12:21.0734 Product type: Workstation
2010/12/05 02:12:21.0734 ComputerName: PFAX8883
2010/12/05 02:12:21.0734 UserName: Mel
2010/12/05 02:12:21.0734 Windows directory: C:\WINDOWS
2010/12/05 02:12:21.0734 System windows directory: C:\WINDOWS
2010/12/05 02:12:21.0734 Processor architecture: Intel x86
2010/12/05 02:12:21.0734 Number of processors: 2
2010/12/05 02:12:21.0734 Page size: 0x1000
2010/12/05 02:12:21.0734 Boot type: Normal boot
2010/12/05 02:12:21.0734 ================================================================================
2010/12/05 02:12:21.0875 Initialize success
2010/12/05 02:12:34.0718 ================================================================================
2010/12/05 02:12:34.0718 Scan started
2010/12/05 02:12:34.0718 Mode: Manual;
2010/12/05 02:12:34.0718 ================================================================================
2010/12/05 02:12:35.0921 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/05 02:12:35.0968 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/05 02:12:36.0046 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/05 02:12:36.0109 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/05 02:12:36.0265 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/12/05 02:12:36.0390 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/05 02:12:36.0500 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/05 02:12:36.0531 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/05 02:12:36.0578 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/05 02:12:36.0609 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/05 02:12:36.0640 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/05 02:12:36.0687 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/05 02:12:36.0750 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/05 02:12:36.0781 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/05 02:12:36.0812 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/05 02:12:36.0890 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\WINDOWS\system32\Drivers\COH_Mon.sys
2010/12/05 02:12:37.0015 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/05 02:12:37.0062 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/05 02:12:37.0234 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2010/12/05 02:12:37.0265 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/05 02:12:37.0281 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/05 02:12:37.0359 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/05 02:12:37.0390 e1yexpress (a2c9c1d2ec535737a63ed3e13608d9f2) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
2010/12/05 02:12:37.0484 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/12/05 02:12:37.0531 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/12/05 02:12:37.0562 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/05 02:12:37.0609 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/05 02:12:37.0640 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/05 02:12:37.0687 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/05 02:12:37.0703 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/05 02:12:37.0734 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/05 02:12:37.0765 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/05 02:12:37.0828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/05 02:12:37.0859 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/05 02:12:37.0875 HECI (e4a123ad734a3731d29ebd3a01b3e535) C:\WINDOWS\system32\DRIVERS\HECI.sys
2010/12/05 02:12:37.0921 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/05 02:12:38.0000 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/05 02:12:38.0078 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/05 02:12:38.0109 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/05 02:12:38.0250 IntcAzAudAddService (f9bb9063a6557098dbaf7396e026c922) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/05 02:12:38.0312 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/05 02:12:38.0328 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/05 02:12:38.0375 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/05 02:12:38.0390 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/05 02:12:38.0406 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/05 02:12:38.0421 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/05 02:12:38.0453 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/05 02:12:38.0484 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/05 02:12:38.0515 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/05 02:12:38.0531 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/05 02:12:38.0546 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/05 02:12:38.0609 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/05 02:12:38.0703 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/05 02:12:38.0734 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/05 02:12:38.0812 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/12/05 02:12:38.0875 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/05 02:12:38.0906 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/05 02:12:38.0921 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/05 02:12:38.0968 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/05 02:12:39.0015 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/05 02:12:39.0062 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/05 02:12:39.0078 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/05 02:12:39.0109 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/05 02:12:39.0125 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/05 02:12:39.0156 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/05 02:12:39.0171 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/05 02:12:39.0218 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101123.051\NAVENG.SYS
2010/12/05 02:12:39.0265 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101123.051\NAVEX15.SYS
2010/12/05 02:12:39.0281 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/05 02:12:39.0312 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/05 02:12:39.0328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/05 02:12:39.0343 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/05 02:12:39.0375 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/05 02:12:39.0390 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/05 02:12:39.0406 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/05 02:12:39.0453 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/05 02:12:39.0484 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/05 02:12:39.0500 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/05 02:12:39.0562 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/05 02:12:39.0578 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/05 02:12:39.0593 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/05 02:12:39.0625 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/05 02:12:39.0671 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/05 02:12:39.0687 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/05 02:12:39.0718 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/05 02:12:39.0750 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/05 02:12:39.0781 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/05 02:12:39.0812 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/05 02:12:40.0000 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/05 02:12:40.0031 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/05 02:12:40.0046 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/05 02:12:40.0171 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/05 02:12:40.0187 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/05 02:12:40.0218 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/05 02:12:40.0234 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/05 02:12:40.0281 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/05 02:12:40.0296 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/05 02:12:40.0343 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/05 02:12:40.0375 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/05 02:12:40.0421 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/05 02:12:40.0500 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/05 02:12:40.0531 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/05 02:12:40.0562 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/05 02:12:40.0609 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/05 02:12:40.0765 SPBBCDrv (cb5a4e90451d80d415f0a6dbb86d1d9f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/12/05 02:12:40.0796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/05 02:12:40.0843 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/05 02:12:40.0890 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2010/12/05 02:12:40.0921 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2010/12/05 02:12:40.0953 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2010/12/05 02:12:41.0000 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/05 02:12:41.0015 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/05 02:12:41.0062 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/05 02:12:41.0125 SymEvent (4517bd567d4eab459194feccfa654a51) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/12/05 02:12:41.0156 SYMREDRV (829830a3ca1c5e329d68e26c9cd2de8d) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/12/05 02:12:41.0187 SYMTDI (b1aa9704124b494c34e8d372e6654196) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/12/05 02:12:41.0250 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/05 02:12:41.0312 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/05 02:12:41.0343 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/05 02:12:41.0359 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/05 02:12:41.0390 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/05 02:12:41.0500 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/05 02:12:41.0578 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/05 02:12:41.0640 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/05 02:12:41.0656 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/05 02:12:41.0687 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/05 02:12:41.0734 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/05 02:12:41.0765 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/05 02:12:41.0781 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/05 02:12:41.0796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/05 02:12:41.0843 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/05 02:12:41.0890 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/05 02:12:41.0953 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/05 02:12:42.0093 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/05 02:12:42.0109 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/05 02:12:42.0296 ================================================================================
2010/12/05 02:12:42.0296 Scan finished
2010/12/05 02:12:42.0296 ================================================================================
2010/12/05 02:13:21.0046 Deinitialize success

Attached Files



#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:37 PM

Posted 04 December 2010 - 08:45 PM

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 swalker25

swalker25
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 05 December 2010 - 12:24 AM

OTL logfile created on: 12/4/2010 11:20:29 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Mel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 213.83 Gb Free Space | 91.82% Space Free | Partition Type: NTFS
Drive E: | 7.46 Gb Total Space | 3.12 Gb Free Space | 41.87% Space Free | Partition Type: FAT32

Computer Name: PFAX8883 | User Name: Mel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Mel\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (EraserUtilDrvI4) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI4.sys File not found
DRV - (catchme) -- C:\DOCUME~1\Mel\LOCALS~1\Temp\catchme.sys File not found
DRV - (BCM43XX) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys File not found
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101123.051\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101123.051\NAVENG.SYS (Symantec Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (e1yexpress) Intel® -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (HECI) Intel® -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 14:16:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/19 10:50:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 06:57:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 06:57:26 | 000,000,000 | ---D | M]

[2010/05/14 10:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel\Application Data\Mozilla\Extensions
[2010/05/14 10:13:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mel\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/11/23 08:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\8rhe23v9.default\extensions
[2010/06/24 07:07:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mel\Application Data\Mozilla\Firefox\Profiles\8rhe23v9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/14 10:12:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/29 06:57:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/10/29 06:57:22 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/10/29 06:57:22 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/10/29 06:57:24 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/09/10 07:03:37 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/09/10 07:03:37 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/09/10 07:03:37 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/09/10 07:03:37 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/09/10 07:03:38 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/09/10 07:03:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/09/10 07:03:38 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2008/04/14 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240075734806 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1242751847357&h=c383edb18921d71b4f42ff03d8fdfd6f/&filename=jinstall-6u13-windows-i586-jc.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://irbsearch.webex.com/client/T26L/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {F1EA17CB-F7BD-4108-A742-1BC7774383FF} https://secure.accurint.com/bps/273/cab/GraphViewCtl.cab (Seisint GraphView Control 1.0)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Mel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/18 22:04:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/12/04 23:19:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTL.exe
[2010/12/04 15:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/12/04 15:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/12/04 15:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Local Settings\Application Data\Identities
[2010/12/04 15:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Application Data\Windows Desktop Search
[2010/12/04 15:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/12/04 15:46:54 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/12/04 15:35:02 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/12/04 15:35:02 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/12/04 15:35:00 | 001,986,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/12/04 15:35:00 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/12/04 15:34:58 | 011,080,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/12/04 15:27:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/04 13:53:45 | 000,015,872 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\GTNDIS5.sys
[2010/12/04 13:52:09 | 000,000,000 | ---D | C] -- C:\Linksys Driver
[2010/12/04 13:19:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/04 13:19:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/04 13:19:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/04 13:19:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/04 13:19:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/04 13:15:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/26 19:49:45 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/11/26 19:47:52 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/11/26 19:45:03 | 002,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/11/26 19:45:03 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/11/26 19:45:03 | 002,024,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/11/26 19:45:02 | 002,066,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/11/26 17:23:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/11/26 17:16:23 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010/11/26 17:16:23 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010/11/26 17:16:23 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010/11/26 17:16:23 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010/11/26 17:16:22 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010/11/26 17:16:22 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010/11/26 17:16:22 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010/11/26 17:16:22 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010/11/26 17:16:21 | 000,364,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2010/11/26 17:16:21 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2010/11/26 17:16:21 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2010/11/26 17:16:21 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2010/11/26 17:16:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2010/11/26 17:16:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2010/11/26 17:16:21 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2010/11/26 17:16:20 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010/11/26 17:16:20 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010/11/26 17:16:20 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010/11/26 17:16:19 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010/11/26 17:16:19 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010/11/26 17:16:18 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2010/11/26 17:16:18 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2010/11/26 17:16:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010/11/26 17:16:17 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/11/26 17:16:17 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/11/26 17:16:17 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/11/26 17:16:17 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/11/26 17:16:17 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010/11/26 17:16:17 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010/11/26 17:16:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/11/26 17:16:16 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010/11/26 17:16:15 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010/11/26 17:16:15 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2010/11/26 17:16:15 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2010/11/26 17:16:15 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2010/11/26 17:16:15 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2010/11/26 17:16:14 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/11/26 17:16:14 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2010/11/26 17:16:14 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010/11/26 17:16:13 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010/11/26 17:16:13 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2010/11/26 17:16:13 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2010/11/26 17:16:13 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2010/11/26 17:16:13 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2010/11/26 17:16:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2010/11/26 17:16:13 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/11/26 17:16:13 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2010/11/26 17:16:12 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2010/11/26 17:16:12 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010/11/26 17:16:12 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010/11/26 17:16:12 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010/11/26 17:16:12 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010/11/26 17:16:12 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010/11/26 17:16:12 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010/11/26 17:16:12 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010/11/26 17:16:12 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/11/26 17:16:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010/11/26 17:16:12 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2010/11/26 17:16:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/11/26 17:16:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/11/26 17:16:11 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010/11/26 17:16:11 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010/11/26 17:16:11 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010/11/26 17:16:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010/11/26 17:16:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010/11/26 17:16:11 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010/11/26 17:16:11 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/11/26 17:16:09 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2010/11/26 17:16:09 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/11/26 17:16:09 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/11/26 17:16:09 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010/11/26 17:16:09 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/11/26 17:16:09 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010/11/26 17:16:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2010/11/26 17:16:08 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2010/11/26 17:16:08 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010/11/26 17:16:08 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2010/11/26 17:16:07 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010/11/26 17:16:07 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2010/11/26 17:16:07 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010/11/26 17:16:06 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010/11/26 17:16:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010/11/26 17:16:06 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010/11/26 17:16:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2010/11/26 17:16:05 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010/11/26 17:16:05 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/11/26 17:16:05 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/11/26 17:16:05 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010/11/26 17:16:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010/11/26 17:16:04 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/11/26 17:16:04 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010/11/26 17:16:04 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/11/26 17:16:04 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2010/11/26 17:16:04 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2010/11/26 17:16:03 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/11/26 17:16:03 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010/11/26 17:16:03 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010/11/26 17:16:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/11/26 17:16:02 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2010/11/26 17:16:02 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010/11/26 17:16:01 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2010/11/26 17:16:00 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/11/26 17:16:00 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2010/11/26 17:15:58 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/11/26 17:15:58 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/11/26 17:15:55 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010/11/26 17:15:55 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010/11/26 17:15:55 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2010/11/26 17:15:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2010/11/26 17:15:54 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010/11/26 17:15:54 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2010/11/26 17:15:54 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2010/11/26 17:15:54 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2010/11/26 17:15:54 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2010/11/26 17:15:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2010/11/26 17:15:53 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2010/11/26 17:15:53 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2010/11/26 17:15:52 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/11/26 17:15:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/11/26 17:15:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/11/26 17:15:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/11/26 17:15:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/11/26 17:15:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/11/26 17:15:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/11/26 17:15:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/11/26 17:15:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/11/26 17:15:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/11/26 17:15:51 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/11/26 17:15:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/11/26 17:15:51 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/11/26 17:15:51 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2010/11/26 17:15:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2010/11/26 17:15:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2010/11/26 17:15:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/11/26 17:15:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/11/26 17:15:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/11/26 17:15:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/11/26 17:15:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/11/26 17:15:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/11/26 17:15:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/11/26 17:15:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/11/26 17:15:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/11/26 17:15:50 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010/11/26 17:15:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2010/11/26 17:15:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2010/11/26 17:15:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/11/26 17:15:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2010/11/26 17:15:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/11/26 17:15:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/11/26 17:15:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/11/26 17:15:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/11/26 17:15:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/11/26 17:15:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/11/26 17:15:50 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/11/26 17:15:50 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/11/26 17:15:50 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/11/26 17:15:49 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2010/11/26 17:15:49 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2010/11/26 17:15:49 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2010/11/26 17:15:49 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2010/11/26 17:15:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2010/11/26 17:15:48 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/11/26 17:15:48 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010/11/26 17:15:48 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2010/11/26 17:15:48 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010/11/26 17:15:48 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2010/11/26 17:15:47 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/11/26 17:15:47 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/11/26 17:15:47 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/11/26 17:15:47 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/11/26 17:15:47 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/11/26 17:15:47 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/11/26 17:15:47 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/11/26 17:15:47 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/11/26 17:15:46 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/11/26 17:15:46 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/11/26 17:15:46 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/11/26 17:15:46 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010/11/26 17:15:46 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/11/26 17:15:46 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/11/26 17:15:46 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/11/26 17:15:46 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/11/26 17:15:45 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2010/11/26 17:15:45 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/11/26 17:15:45 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010/11/26 17:15:45 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/11/26 17:15:45 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2010/11/26 17:15:45 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2010/11/26 17:15:45 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/11/26 17:15:45 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2010/11/26 17:15:45 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2010/11/26 17:15:45 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2010/11/26 17:15:45 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2010/11/26 17:15:45 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2010/11/26 17:15:41 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/11/26 17:15:36 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/11/26 17:15:36 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2010/11/26 17:15:36 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2010/11/26 17:15:36 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2010/11/26 17:15:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2010/11/26 17:15:35 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/11/26 17:15:35 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2010/11/26 17:15:34 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2010/11/26 17:15:34 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2010/11/26 17:15:34 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2010/11/26 17:15:34 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2010/11/26 17:15:34 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2010/11/26 17:15:34 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2010/11/26 17:15:34 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2010/11/26 17:15:34 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/11/26 17:15:34 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/11/26 17:15:33 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2010/11/26 17:15:33 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2010/11/26 17:15:33 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2010/11/26 17:15:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2010/11/26 17:15:33 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/11/26 17:15:33 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/11/26 17:15:33 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2010/11/26 17:15:33 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2010/11/26 17:15:33 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2010/11/26 17:15:33 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2010/11/26 17:15:33 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2010/11/26 17:15:33 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2010/11/26 17:15:33 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2010/11/26 17:15:32 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2010/11/26 17:15:32 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2010/11/26 17:15:32 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2010/11/26 17:15:32 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010/11/26 17:15:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010/11/26 17:15:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2010/11/26 17:15:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/11/26 17:15:31 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2010/11/26 17:15:31 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2010/11/26 17:15:31 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010/11/26 17:15:31 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2010/11/26 17:15:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2010/11/26 17:15:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2010/11/26 17:15:30 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/11/26 17:15:30 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/11/26 17:15:30 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/11/26 17:15:30 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010/11/26 17:15:27 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010/11/26 17:15:27 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2010/11/26 17:15:26 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/11/26 17:15:26 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2010/11/26 17:15:26 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2010/11/26 17:15:26 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2010/11/26 17:15:26 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010/11/26 17:15:25 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/11/26 17:15:25 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2010/11/26 17:15:25 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/11/26 17:15:24 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/11/26 17:15:24 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/11/26 17:15:24 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/11/26 17:15:24 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/11/26 17:15:24 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/11/26 17:15:23 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/11/26 17:15:23 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010/11/26 17:15:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010/11/26 17:15:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010/11/26 17:15:23 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010/11/26 17:15:22 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2010/11/26 17:15:22 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/11/26 17:15:22 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/11/26 17:15:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/11/26 17:15:18 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2010/11/26 17:15:17 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2010/11/26 17:15:17 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2010/11/26 17:15:17 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2010/11/26 17:15:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2010/11/26 17:15:17 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2010/11/26 17:15:16 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2010/11/26 17:15:16 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010/11/26 17:15:16 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2010/11/26 17:15:16 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2010/11/26 17:15:16 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2010/11/26 17:15:16 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2010/11/26 17:15:16 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2010/11/26 17:15:16 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2010/11/26 17:15:15 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2010/11/26 17:15:15 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2010/11/26 17:15:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2010/11/26 17:15:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010/11/26 17:15:13 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2010/11/26 17:15:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2010/11/26 17:15:12 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2010/11/26 17:15:12 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2010/11/26 17:15:12 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2010/11/26 17:15:12 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2010/11/26 17:15:12 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2010/11/26 17:15:12 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2010/11/26 17:15:10 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2010/11/26 17:15:09 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2010/11/26 17:15:09 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2010/11/26 17:15:09 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2010/11/26 17:15:09 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2010/11/26 17:15:09 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2010/11/26 17:15:09 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2010/11/26 17:15:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2010/11/26 17:15:09 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2010/11/26 17:15:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2010/11/26 17:15:08 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2010/11/26 17:15:08 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010/11/26 17:15:08 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010/11/26 17:15:08 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2010/11/26 17:15:08 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2010/11/26 17:15:08 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2010/11/26 17:15:08 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2010/11/26 17:15:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2010/11/26 17:15:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2010/11/26 17:15:07 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2010/11/26 17:15:07 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2010/11/26 17:15:07 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2010/11/26 17:15:07 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2010/11/26 17:15:07 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2010/11/26 17:15:07 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2010/11/26 17:15:07 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2010/11/26 17:15:07 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2010/11/26 17:15:07 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2010/11/26 17:15:07 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2010/11/26 17:15:07 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2010/11/26 17:15:06 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2010/11/26 17:15:06 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010/11/26 17:15:06 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2010/11/26 17:15:06 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2010/11/26 17:15:06 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2010/11/26 17:15:06 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2010/11/26 17:15:05 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2010/11/26 17:15:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2010/11/26 17:15:05 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2010/11/26 17:15:05 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2010/11/26 17:15:04 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2010/11/26 16:53:55 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/11/26 16:53:55 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010/11/26 16:53:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/11/26 16:53:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010/11/25 11:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel\Desktop\Virus Removal
[2010/11/22 11:19:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010/11/22 11:19:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/11/22 11:19:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010/11/22 10:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/22 10:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/22 10:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/11/22 10:06:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/22 10:06:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/22 10:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/04 23:18:42 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/04 23:18:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/04 23:18:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/04 23:12:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel\Desktop\OTL.exe
[2010/12/04 16:17:54 | 000,527,042 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/04 16:17:54 | 000,096,390 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/04 16:03:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/04 15:49:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/04 15:49:08 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/04 15:49:08 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/04 15:49:06 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/04 15:49:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/12/04 15:47:40 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/12/04 15:46:49 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/12/04 15:46:49 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/12/04 15:43:45 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FDB695C8-DA48-4DB6-B096-AA68725A666A}.job
[2010/12/04 15:27:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/04 14:08:25 | 000,004,270 | ---- | M] () -- C:\WINDOWS\System32\WLAN.INI
[2010/12/04 08:58:29 | 001,041,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/26 17:42:42 | 000,000,182 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/11/26 17:25:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mel\defogger_reenable
[2010/11/26 17:16:48 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/11/26 17:14:52 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/11/26 17:14:41 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/26 17:13:05 | 000,023,348 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/26 17:12:10 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/26 17:11:17 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/11/26 16:32:05 | 000,112,526 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/11/24 14:23:24 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Mel\Desktop\Microsoft Office Word 2007.lnk
[2010/11/22 10:06:43 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/22 10:01:46 | 001,575,936 | ---- | M] () -- C:\Documents and Settings\Mel\Desktop\Wilbanks SET UP 2010.doc
[2010/11/22 09:50:13 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/17 16:43:37 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Mel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/04 15:49:08 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/04 15:49:06 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/04 15:49:06 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/04 15:49:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/12/04 15:47:40 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/12/04 15:27:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/04 15:27:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/04 13:53:45 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/12/04 13:53:45 | 000,031,930 | ---- | C] () -- C:\WINDOWS\System32\GTNDIS3.VXD
[2010/12/04 13:53:40 | 000,004,270 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2010/12/04 13:19:15 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/04 13:19:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/04 13:19:15 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/04 13:19:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/04 13:19:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/26 17:25:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mel\defogger_reenable
[2010/11/26 17:16:04 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/11/26 17:15:53 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/11/26 17:15:48 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/11/26 17:15:47 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/11/26 17:15:45 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/11/26 17:15:39 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/11/26 17:15:35 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/11/26 17:15:32 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/11/26 17:15:24 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/11/26 16:53:47 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/11/26 16:53:47 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/11/26 16:53:47 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/11/26 16:53:46 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/11/26 16:53:46 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/11/26 16:53:46 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/11/26 16:53:46 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/11/26 16:53:46 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/11/26 16:53:46 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/11/26 16:53:46 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/11/26 16:53:46 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/11/26 16:53:46 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/11/26 16:53:46 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/11/26 16:53:46 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/11/26 16:53:46 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/11/26 16:53:46 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/11/26 16:53:46 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/11/26 16:53:46 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/11/22 10:06:43 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/22 10:01:46 | 001,575,936 | ---- | C] () -- C:\Documents and Settings\Mel\Desktop\Wilbanks SET UP 2010.doc
[2010/03/08 08:33:57 | 000,010,718 | -HS- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\ksY41JP0et2Ke
[2009/08/21 14:51:39 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\4A05DFD519.dll
[2009/04/20 12:32:26 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Mel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/20 11:53:50 | 000,000,182 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/04/18 17:38:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== LOP Check ==========

[2009/08/21 14:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/08/21 14:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2010/05/07 17:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/07 16:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel\Application Data\Auslogics
[2009/06/15 10:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel\Application Data\LexisNexis
[2009/05/01 08:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel\Application Data\webex
[2010/12/04 15:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel\Application Data\Windows Desktop Search
[2010/12/04 15:43:45 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FDB695C8-DA48-4DB6-B096-AA68725A666A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF778051

< End of report >


OTL Extras logfile created on: 12/4/2010 11:20:29 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Mel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 213.83 Gb Free Space | 91.82% Space Free | Partition Type: NTFS
Drive E: | 7.46 Gb Total Space | 3.12 Gb Free Space | 41.87% Space Free | Partition Type: FAT32

Computer Name: PFAX8883 | User Name: Mel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{777AD08E-B32A-4456-AFE1-094DBECEB268}" = Intel® Network Connections 13.5.32.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D49B0B95-DF54-40E9-9169-8BB6A6A1E03F}" = The Print Shop 23
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D}" = Symantec Endpoint Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"HECI" = Intel® Management Engine Interface
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PROHYBRIDR" = 2007 Microsoft Office system
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/5/2010 4:13:12 AM | Computer Name = PFAX8883 | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.18702, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x000095c8.

Error - 12/4/2010 3:18:52 PM | Computer Name = PFAX8883 | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.18702, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x000095c8.

Error - 12/4/2010 3:28:39 PM | Computer Name = PFAX8883 | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.18702, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x000095c8.

Error - 12/4/2010 3:33:33 PM | Computer Name = PFAX8883 | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.18702, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x000095c8.

Error - 12/4/2010 3:38:27 PM | Computer Name = PFAX8883 | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.18702, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x000095c8.

Error - 12/4/2010 3:53:10 PM | Computer Name = PFAX8883 | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.18702, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x000095c8.

Error - 12/4/2010 3:54:10 PM | Computer Name = PFAX8883 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module urlmon.dll, version 6.0.2900.6036, fault address 0x0003e59f.

Error - 12/4/2010 4:03:04 PM | Computer Name = PFAX8883 | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.18702, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x000095c8.

Error - 12/4/2010 4:08:55 PM | Computer Name = PFAX8883 | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.18702, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x000095c8.

Error - 12/4/2010 4:13:47 PM | Computer Name = PFAX8883 | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.18702, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x000095c8.

[ OSession Events ]
Error - 7/10/2009 3:31:25 PM | Computer Name = PFAX8883 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 19118
seconds with 5400 seconds of active time. This session ended with a crash.

Error - 2/10/2010 2:57:30 PM | Computer Name = PFAX8883 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1779
seconds with 1680 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/4/2010 3:16:03 PM | Computer Name = PFAX8883 | Source = Service Control Manager | ID = 7031
Description = The Symantec Endpoint Protection service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 10000
milliseconds: Restart the service.

Error - 12/4/2010 3:16:46 PM | Computer Name = PFAX8883 | Source = Service Control Manager | ID = 7031
Description = The Symantec Endpoint Protection service terminated unexpectedly.
It has done this 2 time(s). The following corrective action will be taken in 10000
milliseconds: Restart the service.

Error - 12/4/2010 3:53:54 PM | Computer Name = PFAX8883 | Source = BCM43XX | ID = 5005
Description = \DEVICE\{5F916413-8789-4CC4-8C1D-3B7CB4A15598} : Has encountered an
internal error and has failed.

Error - 12/4/2010 4:00:09 PM | Computer Name = PFAX8883 | Source = BCM43XX | ID = 5005
Description = \DEVICE\{5F916413-8789-4CC4-8C1D-3B7CB4A15598} : Has encountered an
internal error and has failed.

Error - 12/4/2010 4:03:29 PM | Computer Name = PFAX8883 | Source = BCM43XX | ID = 5005
Description = \DEVICE\{5F916413-8789-4CC4-8C1D-3B7CB4A15598} : Has encountered an
internal error and has failed.

Error - 12/4/2010 4:04:00 PM | Computer Name = PFAX8883 | Source = PlugPlayManager | ID = 12
Description = The device 'HL-DT-ST DVD-RAM GH22NS30' (IDE\CdRomHL-DT-ST_DVD-RAM_GH22NS30_______________1.00____\5&22c38011&0&0.1.0)
disappeared from the system without first being prepared for removal.

Error - 12/4/2010 4:04:41 PM | Computer Name = PFAX8883 | Source = BCM43XX | ID = 5005
Description = \DEVICE\{5F916413-8789-4CC4-8C1D-3B7CB4A15598} : Has encountered an
internal error and has failed.

Error - 12/4/2010 4:08:43 PM | Computer Name = PFAX8883 | Source = BCM43XX | ID = 5005
Description = \DEVICE\{657C5D8E-28A5-4FF3-9398-0ECC2BBA702E} : Has encountered an
internal error and has failed.

Error - 12/4/2010 4:16:19 PM | Computer Name = PFAX8883 | Source = BCM43XX | ID = 5005
Description = \DEVICE\{657C5D8E-28A5-4FF3-9398-0ECC2BBA702E} : Has encountered an
internal error and has failed.

Error - 12/4/2010 5:33:42 PM | Computer Name = PFAX8883 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:37 PM

Posted 05 December 2010 - 06:21 PM

Are you getting redirected still or any abnormalities?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 swalker25

swalker25
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 05 December 2010 - 07:22 PM

I haven't been using the computer much, but I did sit down for about 10 minutes with it to test it out and I didn't experience any issues.

Are the logs all clean and good to go?

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:37 PM

Posted 06 December 2010 - 08:06 AM

Yes they are clean at this point.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 swalker25

swalker25
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 06 December 2010 - 09:26 AM

The computer is going into full time use again today. I'll let you know if any problems come up at the end of the day. If not, you could probably close the thread.

Edited by swalker25, 06 December 2010 - 10:45 AM.


#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:37 PM

Posted 06 December 2010 - 01:49 PM

Ok after you let me know I will close it up.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 swalker25

swalker25
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 06 December 2010 - 07:45 PM

No more noticeable problems with the computer and all the scans come back clean. I think we're good to go.

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:37 PM

Posted 06 December 2010 - 08:37 PM

You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users