OS: 32 bit MS Windows XP 2002 Edition SP3
Affects both Firefox 3.6 and Firefox 4 beta 8.
Things that didn't work:
Malwarebytes quick scan and full scan.
Trend Micro Office Scan
Lavasoft Ad-Aware Free Edition scan.
Disabling all Firefox plugins.
Disabling Javascript in Firefox.
Gooredfix.exe - No "Suspect Goored Entries" section in log.
tdsskiller.exe
Installing and using Firefox 4 beta 8 (per suggestion at hxxp://yangyangli.info/?p=191)
--
DDS (Ver_10-12-12.02) - NTFSx86
Run by DiCarlV at 13:30:52.59 on Mon 12/27/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2368 [GMT -8:00]
AV: Trend Micro OfficeScan Antivirus *Disabled/Outdated* {A384FB96-8BEA-4A63-A99E-12DFEB187A48}
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {4C7A6A72-3CBE-4D73-8639-F82AA5378785}
FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Disabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Disabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Disabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Disabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Disabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled*
FW: Trend Micro Personal Firewall *Enabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SC\CAM\bin\cam.exe
C:\Program Files\CA\SC\Csam\SockAdapter\bin\csampmux.exe
C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\casplitegent.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\SC\Systems Performance LiteAgent\bin\rtaAgent.exe
C:\WINDOWS\LogWatNT.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
C:\Program Files\Verdiem\SurveyorSD\Bin\SurveyorSD.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAG.EXE
C:\Program Files\CA\DSM\bin\caf.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\DSM\Bin\cfsmsmd.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Verdiem\SurveyorSD\bin\SurveyorSession.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\CA\DSM\Bin\ccnfagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe
C:\Program Files\shortkey\SHORTKEY.EXE
C:\Program Files\CA\DSM\Bin\ccsmagtd.exe
C:\Program Files\CA\DSM\Bin\rcHost.exe
C:\Program Files\CA\DSM\Bin\amswmagt.exe
C:\Program Files\CA\DSM\Bin\cfftplugin.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\WINDOWS\TEMP\AMCAA1.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\NoteTab Light\NoteTab.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
C:\Documents and Settings\DiCarlV\My Documents\1ctemp\Defogger.exe
C:\Documents and Settings\DiCarlV\My Documents\1ctemp\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
mDefault_Page_URL = hxxp://doj-portal.caldoj.net/dsb_global/jwsm/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NWTRAY] NWTRAY.EXE
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [CA-Update] j:\caupdate\updt.cmd
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SDJobCheck] "c:\program files\ca\unicenter software delivery\sd\..\bin\triggusr.exe"
mRun: [SurveyorSession] c:\program files\verdiem\surveyorsd\bin\SurveyorSession.exe
mRun: [CA-AMAgent] "c:\program files\ca\unicenter asset management\agents\amagent.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [CAF_SystemTray] "c:\program files\ca\dsm\bin\cfSysTray.exe"
mRun: [DsmSxplog] "c:\program files\ca\dsm\bin\sxpstub.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
StartupFolder: c:\docume~1\dicarlv\startm~1\programs\startup\shortk~1.lnk - c:\program files\shortkey\SHORTKEY.EXE
uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoDFSTab = 1 (0x1)
uPolicies-explorer: ConfirmFileDelete = 1 (0x1)
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: NoAutoUpdate = 1 (0x1)
uPolicies-explorer: NoWindowsUpdate = 48 (0x30)
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send To CaseMap - c:\windows\system32\lnToCM.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\PGPlsp.dll
Trusted Zone: ca.gov\cadojnet.doj
Trusted Zone: lexis-nexis.com
Trusted Zone: lexisnexis.com
Trusted Zone: lexisone.com
Trusted Zone: lexisultimaterewards.com
Trusted Zone: nexis.com
Trusted Zone: reed-elsevier.com
Trusted Zone: uscourts.gov\ecf.caed
Trusted Zone: uscourts.gov\pacer.psc
Trusted Zone: westlaw.com\print
Trusted Zone: westlaw.com\web2
Trusted Zone: SAAGSFIL
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://saagappsvr01:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://hdcosce01:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {18350088-453C-4407-87ED-361E70FD3285} - hxxps://relativity.encorelegal.com/Relativity/ActiveX/webclientmanager.cab
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://saagappsvr01:4343/officescan/console/html/root/AtxEnc.cab
DPF: {3F777025-3835-4117-B9FA-5E5230669310} - hxxp://law.lexisnexis.com/resources/fyi/dataflight_fyi.cab
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://hdcosce01:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268259637796
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268259583188
DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://secure.doj.ca.gov/CACHE/sdesktop/install/binaries/instweb.cab
DPF: {832BF1DE-74EE-4FA6-AC05-63EA5D374403} - hxxps://relativity.encorelegal.com/Relativity/ActiveX/webclientmanager.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://encorediscovery.webex.com/client/T27LB/webex/ieatgpc.cab
TCP: {896AF44A-C7B4-4138-BBF2-81DBBBEEA4E0} = 167.10.22.58,167.10.54.47,167.10.32.80
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: rcHostExt - c:\program files\ca\dsm\bin\rcLoginExt.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 nwv1_0
LSA: Notification Packages = scecli PGPpwflt
mASetup: {4F3c187E-1F9F-44d4-BDDC-5704D67829DB} - regedit.exe /s H:\ProLaw_Prefs.reg
mASetup: CaseMap7 - regedit.exe /s "c:\program files\casesoft\casemap 7\UserPref.reg"
mASetup: HD2008UserPrefs - regedit.exe /s "c:\program files\hotdocs 6\UserPref.reg"
mASetup: Lexus JIS v.2 - regedit.exe /s "c:\program files\hotdocs 6\lnjis.reg"
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\dicarlv\applic~1\mozilla\firefox\profiles\bug0s8xn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\dicarlv\application data\mozilla\firefox\profiles\bug0s8xn.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np_gp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 4.0 beta 8\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: QuickRestart: {F645A8C9-E969-42D9-B3F3-F325537222FD} - %profile%\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: TinyURL Generator: tinyurl.addon@fast-chat.co.uk - %profile%\extensions\tinyurl.addon@fast-chat.co.uk
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-23 64160]
R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2007-6-14 97792]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R1 wscam6300;wscam6300;c:\windows\system32\drivers\wscam6300.sys [2008-5-31 33792]
R1 wstdi;wstdi;c:\windows\system32\drivers\wstdixp.sys [2008-5-31 35584]
R2 CA-MessageQueuing;CA Message Queuing Server;c:\program files\ca\sc\cam\bin\cam.exe [2009-9-14 181512]
R2 CA-SAM-Pmux;CA Connection Broker;c:\program files\ca\sc\csam\sockadapter\bin\CSAMPmux.exe [2010-3-5 169224]
R2 caf;CA DSM r12 Common Application Framework;c:\program files\ca\dsm\bin\CAF.exe [2010-4-26 208648]
R2 CASPLiteAgent;CA Systems Performance LiteAgent;c:\program files\ca\sc\systems performance liteagent\bin\casplitegent.exe [2009-2-12 135168]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [2004-6-8 49152]
R2 SDService;Unicenter Software Delivery;c:\program files\ca\unicenter software delivery\bin\SDServ.exe [2006-2-22 32768]
R2 SurveyorSD;Verdiem Surveyor Client;c:\program files\verdiem\surveyorsd\bin\SurveyorSD.exe [2008-8-1 2200832]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2008-11-26 249424]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2008-11-26 36432]
R2 WebsenseDesktopClient;Websense Desktop Client;c:\program files\websense\wdc\WDC.exe [2008-5-31 479232]
R3 rcSmCard;rcSmCard;c:\windows\system32\drivers\rcSmCard.sys [2009-4-17 26128]
R3 rcVidCap;rcVidCap;c:\windows\system32\drivers\rcVidMpt.sys [2009-4-17 9872]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-10-8 335888]
R3 TmPfw;OfficeScan NT Firewall;c:\program files\trend micro\officescan client\TmPfw.exe [2008-10-8 488768]
S3 CA_LIC_CLNT;CA-License Client;c:\windows\LIC98RMT.exe [2004-6-8 73728]
S3 CA_LIC_SRVR;CA-License Server;c:\windows\LIC98RMTD.exe [2004-6-8 73728]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2010-10-4 114704]
S3 RCSpyDDML;RCSpyDDML;c:\windows\system32\drivers\RCSpyMP.sys [2005-8-9 14336]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2008-10-8 652552]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
=============== Created Last 30 ================
2010-12-27 21:06:52 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 8
2010-12-22 18:32:21 49152 ----a-r- c:\docume~1\dicarlv\applic~1\microsoft\installer\{68301107-b9db-4341-bd5f-d87d931e81d8}\Winjis.exe_5EBF60338A25438EA0B38CAFDB8E57D7.exe
2010-12-22 18:32:21 49152 ----a-r- c:\docume~1\dicarlv\applic~1\microsoft\installer\{68301107-b9db-4341-bd5f-d87d931e81d8}\NewShortcut11_6CFF1E7389234A949C07687ECFA1D3A1.exe
2010-12-22 18:32:20 49152 ----a-r- c:\docume~1\dicarlv\applic~1\microsoft\installer\{68301107-b9db-4341-bd5f-d87d931e81d8}\ARPPRODUCTICON.exe
2010-12-09 01:14:59 87552 --sha-r- c:\windows\system32\MSSTDFMTH.dll
==================== Find3M ====================
2010-12-22 20:33:09 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-10-19 18:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
============= FINISH: 13:31:38.58 ===============
Attached Files
Edited by Orange Blossom, 30 December 2010 - 12:35 AM.
Deactivated link. ~ OB