Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with the XP Home Security 2011 Virus


  • This topic is locked This topic is locked
12 replies to this topic

#1 chuck3778

chuck3778

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 14 March 2011 - 02:02 PM

My PC is infected with the XP Home Security 2011 Virus and I beleive probably some other virus' as well. Ran the Stopzilla software and it saw GASF, vundo.9a, fake antivirus .B, Smart security, winscenter, Inet 2000 IBIS. websearch wintools toolbar, clearsearch IgetNet, and search hijacker proxy but nothing about XP Home security 2011. I have installed and run Malwarebytes but it does not seem to help. I also have Reimage Repair but it also does not help. I also get a lot of "Generic Host Process for Win32 Services" errors. Can you help me with this problem?

Mod Edit:Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logss forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.



I have some updated news. First I forgot to say I'm running Windows XP SP3. Since my last post, I've lost the ability to do executables and was having trouble with redirects on IE. In doing some reading here I tried TDSSKiller and it worked in getting rid of TDSS. Now I can get Microsoft updates, which I couldn't before. I also downloaded OTL and ran it. Attached are the logs. I would really appreciate someone looking them over and giving me some help with the executables and probably some other viruses.


OTL logfile created on: 3/17/2011 12:07:43 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.88 Gb Total Space | 16.23 Gb Free Space | 47.91% Space Free | Partition Type: NTFS

Computer Name: FAMILYDELL | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\user\Desktop\OTL.com (OldTimer Tools)
PRC - C:\Program Files\STOPzilla!\STOPzilla.exe (iS3, Inc.)
PRC - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
PRC - C:\WINDOWS\SYSTEM32\IPROSetMonitor.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Internet Content Filter\mfp.exe (McAfee, Inc.)
PRC - C:\Program Files\Internet Content Filter\UpdateService.exe (McAfee, Inc.)
PRC - C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe (Foxconn Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\user\Desktop\OTL.com (OldTimer Tools)
MOD - C:\WINDOWS\SYSTEM32\CIDATUTL.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\tapi32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\rtutils.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\rasapi32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\rasman.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\iphlpapi.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (szserver) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (ServicepointService) -- C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
SRV - (Intel® PROSet Monitoring Service) Intel® -- C:\WINDOWS\SYSTEM32\IPROSetMonitor.exe (Intel Corporation)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McOobeSv) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (fpUpdateSvc) -- C:\Program Files\Internet Content Filter\UpdateService.exe (McAfee, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\SYSTEM32\DRIVERS\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys (McAfee, Inc.)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (szkgfs) -- C:\WINDOWS\system32\drivers\szkgfs.sys (iS3, Inc.)
DRV - (Tcpip6) -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys (Microsoft Corporation)
DRV - (szkg5) -- C:\WINDOWS\system32\DRIVERS\szkg.sys (iS3 Inc.)
DRV - (is3srv) -- C:\WINDOWS\system32\drivers\is3srv.sys (iS3 Inc.)
DRV - (PTDUMdm) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTDUMdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTDUWWAN) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTDUWWAN.sys (DEVGURU Co., LTD.)
DRV - (PTDUBus) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTDUBus.sys (DEVGURU Co., LTD.)
DRV - (PTDUVsp) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTDUVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTDUWFLT) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTDUWFLT.sys (DEVGURU Co., LTD.)
DRV - (BCM43XX) -- C:\WINDOWS\SYSTEM32\DRIVERS\WN311B.sys (Broadcom Corporation)
DRV - (KMWDFILTER) -- C:\WINDOWS\SYSTEM32\DRIVERS\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV - (uoyoadh) -- C:\WINDOWS\SYSTEM32\DRIVERS\uoyoadh.sys (McAfee, Inc.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (IntelC53) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (IntelC52) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (AWINDIS5) -- C:\WINDOWS\SYSTEM32\AWINDIS5.SYS (AMBIT Microsystems Corporation.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/central
IE - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\..\URLSearchHook: {41e64f2b-bb63-4fcf-b98f-3921aea84d7e} - C:\Program Files\Reimage_PC_Repair\prxtbRei0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/08/17 19:28:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/08/18 12:47:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{429BA9E0-2C86-492B-B548-EEA073640F53}: C:\Documents and Settings\user\Local Settings\Application Data\{429BA9E0-2C86-492B-B548-EEA073640F53} [2011/02/26 18:54:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/13 19:31:15 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/03/04 18:02:12 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (Reimage PC Repair Toolbar) - {41e64f2b-bb63-4fcf-b98f-3921aea84d7e} - C:\Program Files\Reimage_PC_Repair\prxtbRei0.dll (Conduit Ltd.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110313213608.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Drop Down Deals\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Reimage PC Repair Toolbar) - {41e64f2b-bb63-4fcf-b98f-3921aea84d7e} - C:\Program Files\Reimage_PC_Repair\prxtbRei0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\..\Toolbar\WebBrowser: (Reimage PC Repair Toolbar) - {41E64F2B-BB63-4FCF-B98F-3921AEA84D7E} - C:\Program Files\Reimage_PC_Repair\prxtbRei0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\SYSTEM32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006..\Run: [googletalk] C:\Documents and Settings\user\Application Data\Google Talk\googletalk.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - File not found
O15 - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O15 - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282087880937 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006..exefile [open] -- "C:\DOCUME~1\user\LOCALS~1\Temp\exe.exe" -a "%1" %*
O36 - AppCertDlls: EDLIEMON - (C:\WINDOWS\system32\CIDATUTL.dll) - C:\WINDOWS\SYSTEM32\CIDATUTL.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\qxk.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\qxk.exe" -a "%1" %*
O37 - HKU\S-1-5-21-4018511625-2458006549-1441198334-1006\...exe [@ = exefile] -- "C:\DOCUME~1\user\LOCALS~1\Temp\exe.exe" -a "%1" %*

========== Files/Folders - Created Within 360 Days ==========

[2011/03/17 11:48:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.com
[2011/03/17 11:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Verizon
[2011/03/17 10:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\tdsskiller
[2011/03/17 00:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/03/17 00:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/03/14 12:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\whitesmoketoolbar
[2011/03/14 12:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Drop Down Deals
[2011/03/14 12:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/03/14 10:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/03/14 10:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/03/14 10:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/03/14 10:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/03/14 10:31:10 | 000,509,440 | ---- | C] (iS3, Inc.) -- C:\Documents and Settings\user\Desktop\STOPzilla_Setup.exe
[2011/03/13 19:27:32 | 000,320,528 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\seinst.dll
[2011/03/13 19:27:32 | 000,299,024 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\ICF.dll
[2011/03/13 19:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Content Filter
[2011/03/13 19:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Family Protection
[2011/03/13 19:23:26 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2011/03/13 19:23:17 | 000,386,840 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2011/03/13 19:23:17 | 000,088,544 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2011/03/13 19:23:17 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2011/03/13 19:23:17 | 000,084,072 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2011/03/13 19:23:16 | 000,313,288 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2011/03/13 19:23:16 | 000,152,960 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2011/03/13 19:23:16 | 000,095,600 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2011/03/13 19:23:16 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2011/03/13 19:23:16 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2011/03/13 19:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2011/03/13 19:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/03/13 19:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Verizon Servicepoint
[2011/03/13 19:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
[2011/03/13 14:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
[2011/03/12 23:40:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/03/10 17:54:38 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/03/10 17:54:36 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/03/10 17:54:36 | 000,452,048 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/03/10 17:54:36 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/03/10 17:54:36 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/03/10 17:54:36 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/03/10 17:54:34 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/03/10 17:54:34 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/03/10 17:54:34 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/03/10 17:54:34 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/03/10 17:54:32 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/03/10 17:54:32 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/03/06 14:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Threat Expert
[2011/03/05 23:13:33 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/03/05 20:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/05 20:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/03/05 11:40:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/03/04 19:35:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2011/03/04 19:35:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/03/04 18:06:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2011/03/04 18:06:37 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2011/03/04 18:06:36 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2011/03/04 18:06:36 | 000,016,432 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmx_mode.dll
[2011/03/04 18:06:35 | 000,164,912 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmx_fb.dll
[2011/03/04 18:06:33 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2011/03/04 18:06:33 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2011/03/04 18:06:25 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2011/03/04 18:06:20 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2011/03/04 18:06:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2011/03/04 18:06:20 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2011/03/04 18:06:18 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2011/03/04 18:06:17 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2011/03/04 18:06:17 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2011/03/04 18:06:17 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2011/03/04 18:06:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2011/03/04 18:06:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2011/03/04 18:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2011/03/04 18:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2011/03/04 18:05:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/03/04 17:50:57 | 000,000,000 | ---D | C] -- C:\ReimageUndo
[2011/03/04 16:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Repair
[2011/03/04 16:37:29 | 000,000,000 | ---D | C] -- C:\rei
[2011/03/04 16:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/03/04 16:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/03/04 16:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\ConduitEngine
[2011/03/04 16:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/03/04 16:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Reimage_PC_Repair
[2011/03/04 16:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Temp
[2011/03/04 16:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage_PC_Repair
[2011/03/04 16:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Conduit
[2011/03/04 13:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\McAfee
[2011/03/03 16:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/03/03 16:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/03/03 16:26:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\MSNInstaller
[2011/03/03 15:21:35 | 000,135,265 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\AW32n50.dll
[2011/03/03 15:21:35 | 000,016,194 | ---- | C] (AMBIT Microsystems Corporation.) -- C:\WINDOWS\System32\AWINDIS5.SYS
[2011/03/03 15:21:34 | 001,286,144 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\WN311B.sys
[2011/03/03 15:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2011/03/03 15:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WN311B Smart Wizard
[2011/03/03 10:13:42 | 000,109,728 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\IPROSetMonitor.exe
[2011/03/02 20:48:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/03/02 19:55:00 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2011/03/02 19:55:00 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2011/03/02 19:55:00 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2011/03/02 19:54:58 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2011/03/02 19:54:58 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2011/03/02 19:54:58 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2011/03/02 19:54:58 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2011/03/02 19:54:58 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2011/03/02 19:54:58 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2011/03/02 19:54:58 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2011/03/02 19:54:58 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2011/03/02 19:54:58 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2011/03/02 19:54:58 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2011/03/02 19:54:58 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2011/03/02 19:54:58 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2011/03/02 19:54:57 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2011/03/02 19:54:57 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2011/03/02 19:54:57 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2011/03/02 19:54:57 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2011/03/02 19:54:57 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2011/03/02 19:54:57 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2011/03/02 19:54:57 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2011/03/02 19:54:57 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2011/03/02 19:54:57 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2011/03/02 19:54:57 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2011/03/02 19:54:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2011/03/02 19:54:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2011/03/02 19:54:57 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2011/03/02 19:54:57 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2011/03/02 19:54:57 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2011/03/02 19:54:56 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2011/03/02 19:54:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2011/03/02 19:54:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2011/03/02 19:54:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2011/03/02 19:54:55 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2011/03/02 19:54:55 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2011/03/02 19:54:55 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2011/03/02 19:54:55 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2011/03/02 19:54:55 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2011/03/02 19:54:55 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2011/03/02 19:54:55 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2011/03/02 19:54:54 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2011/03/02 19:54:54 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2011/03/02 19:54:54 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2011/03/02 19:54:54 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2011/03/02 19:54:54 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2011/03/02 19:54:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2011/03/02 19:54:54 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2011/03/02 19:54:54 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2011/03/02 19:54:54 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2011/03/02 19:54:54 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2011/03/02 19:54:54 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2011/03/02 19:54:54 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2011/03/02 19:54:54 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2011/03/02 19:54:54 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2011/03/02 19:54:53 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2011/03/02 19:54:53 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2011/03/02 19:54:53 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2011/03/02 19:54:53 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2011/03/02 19:54:53 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2011/03/02 19:54:53 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2011/03/02 19:54:53 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2011/03/02 19:54:53 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2011/03/02 19:54:53 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2011/03/02 19:54:53 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2011/03/02 19:54:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2011/03/02 19:54:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2011/03/02 19:54:52 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2011/03/02 19:52:16 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2011/03/02 19:52:16 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2011/03/02 19:52:16 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2011/03/02 19:52:16 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2011/03/02 19:52:16 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2011/03/02 19:52:16 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2011/03/02 19:52:16 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2011/03/02 19:52:16 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2011/03/02 19:52:16 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2011/03/02 19:52:16 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2011/03/02 19:52:16 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2011/03/02 19:52:16 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2011/03/02 19:52:16 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2011/03/02 19:52:16 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2011/03/02 19:52:16 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2011/03/02 19:52:16 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2011/03/02 19:52:16 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2011/03/02 19:52:16 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2011/03/02 19:52:16 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2011/03/02 19:52:15 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2011/03/02 19:52:15 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2011/03/02 19:52:15 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2011/03/02 19:52:15 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2011/03/02 19:52:15 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2011/03/02 19:52:15 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2011/03/02 19:52:15 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2011/03/02 19:52:15 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2011/03/02 19:52:15 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2011/03/02 19:52:15 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2011/03/02 19:52:15 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2011/03/02 19:52:15 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2011/03/02 19:52:15 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2011/03/02 19:52:15 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2011/03/02 19:52:15 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2011/03/02 19:52:15 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2011/03/02 19:52:15 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2011/03/02 19:52:14 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2011/03/02 19:52:14 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2011/03/02 19:52:14 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2011/03/02 19:52:14 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2011/03/02 19:52:14 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2011/03/02 19:52:14 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2011/03/02 19:52:14 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2011/03/02 19:52:14 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2011/03/02 19:52:14 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2011/03/02 19:52:14 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2011/03/02 19:52:14 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2011/03/02 19:52:14 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2011/03/02 19:52:14 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2011/03/02 19:52:14 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2011/03/02 19:52:13 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2011/03/02 19:52:13 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2011/03/02 19:52:13 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2011/03/02 19:52:13 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2011/03/02 19:52:13 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2011/03/02 19:52:13 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2011/03/02 19:52:13 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2011/03/02 18:14:55 | 000,000,000 | ---D | C] -- C:\ERDNT
[2011/03/01 17:56:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$ntservicepackuninstall$
[2011/03/01 17:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2011/03/01 12:52:36 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\simptcp.dll
[2011/03/01 12:52:36 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2011/03/01 12:52:30 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iprip.dll
[2011/02/27 20:51:28 | 000,281,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\sediag.exe
[2011/02/27 20:24:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Verizon
[2011/02/27 20:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2011/02/27 20:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Verizon
[2011/02/27 10:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/02/27 10:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/02/27 10:34:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/02/27 10:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/02/27 09:58:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2011/02/26 23:31:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/26 23:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/26 23:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/26 23:31:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/26 23:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/26 18:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\{429BA9E0-2C86-492B-B548-EEA073640F53}
[2011/02/26 18:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\hIkFlKc15400
[2011/02/20 11:09:33 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Client
[2011/02/19 18:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/02/19 12:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/02/19 12:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/02/19 10:44:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Google Talk
[2011/02/19 10:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/02/19 10:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/02/15 17:41:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Google
[2011/02/15 17:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/02/15 17:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Google
[2011/02/15 17:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/02/15 17:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/02/02 03:58:35 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2011/01/27 07:57:06 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2011/01/21 10:44:37 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/01/11 23:04:20 | 000,183,296 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\Ncs2Setp.dll
[2011/01/11 22:56:10 | 000,659,576 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ncs2dmix.dll
[2011/01/11 22:56:02 | 000,514,168 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\accesor.dll
[2011/01/11 22:25:06 | 000,135,288 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ncs2instutility.dll
[2011/01/11 22:01:24 | 001,930,360 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ncscolib.dll
[2010/12/16 14:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\My Scans
[2010/12/14 15:11:54 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/14 15:10:56 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/08 07:34:30 | 000,030,368 | ---- | C] (Intel Corporation ) -- C:\WINDOWS\System32\drivers\iqvw32.sys
[2010/11/29 12:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/11/18 14:12:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2010/11/10 22:58:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/11/09 10:52:35 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2010/11/09 10:52:35 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbc32.dll
[2010/11/09 10:52:35 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2010/11/09 10:52:35 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2010/11/09 10:52:35 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2010/11/09 10:52:35 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2010/11/08 08:41:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2010/11/08 08:41:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2010/11/08 08:41:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2010/11/08 08:41:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2010/11/08 08:41:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2010/10/14 03:18:36 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/10/14 03:18:36 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/14 03:18:35 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/14 03:18:30 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/09 10:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Leadertech
[2010/09/30 05:24:30 | 000,120,016 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ianswxp.sys
[2010/09/18 12:23:26 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll
[2010/09/09 07:03:52 | 000,239,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\PRONtObj.dll
[2010/09/03 15:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\AdobeUM
[2010/09/03 15:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Adobe
[2010/09/03 08:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\My eBooks
[2010/09/03 08:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Adobe
[2010/09/03 08:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/08/29 14:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\My Albums
[2010/08/27 01:57:43 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srvsvc.dll
[2010/08/25 21:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/08/22 20:23:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\IsolatedStorage
[2010/08/22 20:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\My Videos
[2010/08/22 20:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\HP
[2010/08/22 19:37:42 | 000,000,000 | ---D | C] -- C:\col6596
[2010/08/22 19:27:42 | 000,626,960 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hpvaut32.dll
[2010/08/22 19:27:42 | 000,487,424 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hpvcp70.dll
[2010/08/22 19:27:42 | 000,344,064 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hpvcr70.dll
[2010/08/22 19:27:42 | 000,082,432 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSXML4r.dll
[2010/08/22 19:27:42 | 000,044,544 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSXML4a.dll
[2010/08/22 19:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/08/22 19:24:10 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/08/22 19:23:37 | 000,204,800 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipr12.dll
[2010/08/22 19:23:37 | 000,094,208 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipt12.dll
[2010/08/22 19:23:37 | 000,065,536 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
[2010/08/22 19:23:37 | 000,061,440 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZinw12.exe
[2010/08/22 19:23:37 | 000,057,344 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZisn12.dll
[2010/08/22 19:23:36 | 000,278,584 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZidr12.dll
[2010/08/22 19:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/08/22 19:21:39 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/08/22 19:20:31 | 000,270,336 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPZc3212.dll
[2010/08/22 19:20:30 | 000,278,528 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpgwiamd.dll
[2010/08/22 19:20:17 | 000,344,064 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpzcon10.dll
[2010/08/22 19:20:17 | 000,196,608 | ---- | C] (HP) -- C:\WINDOWS\System32\hpzcoi10.dll
[2010/08/22 19:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\My Downloads
[2010/08/22 19:03:05 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2010/08/21 21:28:59 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/21 20:40:32 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/21 20:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Sunbelt Software
[2010/08/21 20:20:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/08/18 19:12:45 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/08/18 19:12:44 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/08/18 13:45:19 | 000,028,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2010/08/18 13:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2010/08/18 13:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2010/08/18 13:41:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/08/18 13:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/08/18 13:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/08/18 13:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/08/18 13:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/08/18 13:21:37 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2010/08/18 13:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Windows Search
[2010/08/18 12:57:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2010/08/18 12:57:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010/08/18 12:57:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010/08/18 10:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/08/18 10:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2010/08/18 09:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/08/18 09:52:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/08/18 09:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/08/18 09:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/08/18 09:51:15 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/08/18 09:51:15 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/08/18 09:51:15 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/08/18 09:51:15 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/08/18 09:51:15 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/08/18 09:51:15 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/08/18 09:51:14 | 000,000,000 | ---D | C] -- C:\f73262027342729d1322e3c73193e24a
[2010/08/18 09:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Identities
[2010/08/18 09:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Windows Desktop Search
[2010/08/18 09:46:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/08/18 09:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/08/18 09:45:21 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2010/08/18 09:45:21 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2010/08/18 09:45:20 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2010/08/18 09:45:12 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/08/18 09:44:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/08/18 09:43:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/08/18 09:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/08/18 09:41:47 | 000,036,864 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2010/08/18 09:41:46 | 000,225,280 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxeud.dll
[2010/08/18 09:41:46 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdiag.exe
[2010/08/18 09:41:46 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxhk.dll
[2010/08/18 09:41:46 | 000,045,056 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdgps.dll
[2010/08/18 07:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/08/18 06:57:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\IECompatCache
[2010/08/18 06:56:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\PrivacIE
[2010/08/18 06:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Verizon Wireless
[2010/08/18 06:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Verizon Wireless
[2010/08/18 06:46:26 | 000,113,680 | ---- | C] (DEVGURU Co., LTD.) -- C:\WINDOWS\System32\drivers\PTDUWWAN.sys
[2010/08/18 06:46:26 | 000,011,920 | ---- | C] (DEVGURU Co., LTD.) -- C:\WINDOWS\System32\drivers\PTDUWFLT.sys
[2010/08/18 06:46:24 | 000,160,272 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\PTDUVsp.sys
[2010/08/18 06:46:23 | 000,160,272 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\PTDUMdm.sys
[2010/08/18 06:46:16 | 000,054,416 | ---- | C] (DEVGURU Co., LTD.) -- C:\WINDOWS\System32\drivers\PTDUBus.sys
[2010/08/18 06:46:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/08/18 06:46:13 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DIFxAPI.dll
[2010/08/18 06:46:13 | 000,111,704 | ---- | C] (DEVGURU) -- C:\WINDOWS\System32\PTDUWmcp64.dll
[2010/08/18 06:46:13 | 000,100,952 | ---- | C] (DEVGURU) -- C:\WINDOWS\System32\PTDUWmcp.dll
[2010/08/18 06:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\PANTECH
[2010/08/18 06:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\InstallShield
[2010/08/18 06:44:28 | 000,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2010/08/18 06:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Symantec
[2010/08/18 06:39:49 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2010/08/18 06:37:55 | 000,000,000 | ---D | C] -- C:\sav10tmp
[2010/08/18 06:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\BVRP Software
[2010/08/17 22:36:52 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2010/08/17 22:19:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/08/17 22:19:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/08/17 22:19:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/08/17 22:19:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/08/17 22:14:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/08/17 22:10:54 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2010/08/17 22:10:54 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2010/08/17 22:10:52 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2010/08/17 22:10:47 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsst.dll
[2010/08/17 22:10:47 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsapi.dll
[2010/08/17 22:10:47 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscomex.dll
[2010/08/17 22:10:47 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscover.exe
[2010/08/17 22:10:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsclnt.exe
[2010/08/17 22:10:47 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscom.dll
[2010/08/17 22:10:47 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsevent.dll
[2010/08/17 22:10:47 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsdrv.dll
[2010/08/17 22:10:47 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsmon.dll
[2010/08/17 22:10:47 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsext32.dll
[2010/08/17 22:10:47 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsperf.dll
[2010/08/17 22:10:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsres.dll
[2010/08/17 22:10:46 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsxp32.dll
[2010/08/17 22:10:46 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxstiff.dll
[2010/08/17 22:10:46 | 000,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2010/08/17 22:10:46 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxst30.dll
[2010/08/17 22:10:46 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxswzrd.dll
[2010/08/17 22:10:46 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsui.dll
[2010/08/17 22:10:42 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2010/08/17 22:10:31 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2010/08/17 22:10:31 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2010/08/17 22:10:25 | 000,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autoconv.exe
[2010/08/17 22:10:25 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2010/08/17 22:10:25 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\desk.cpl
[2010/08/17 22:10:25 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe
[2010/08/17 22:10:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2010/08/17 22:10:25 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\format.com
[2010/08/17 22:10:25 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe
[2010/08/17 22:10:24 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll
[2010/08/17 22:10:24 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasdlg.dll
[2010/08/17 22:10:24 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2010/08/17 22:10:24 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\localspl.dll
[2010/08/17 22:10:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasapi32.dll
[2010/08/17 22:10:24 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwprovau.dll
[2010/08/17 22:10:24 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntprint.dll
[2010/08/17 22:10:24 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2010/08/17 22:10:24 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfctrs.dll
[2010/08/17 22:10:24 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll
[2010/08/17 22:10:24 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mgmtapi.dll
[2010/08/17 22:10:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntlsapi.dll
[2010/08/17 22:10:23 | 001,854,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2010/08/17 22:10:23 | 000,990,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\syssetup.dll
[2010/08/17 22:10:23 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samsrv.dll
[2010/08/17 22:10:23 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\untfs.dll
[2010/08/17 22:10:23 | 000,275,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ulib.dll
[2010/08/17 22:10:23 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32spl.dll
[2010/08/17 22:10:23 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasman.dll
[2010/08/17 22:10:23 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rastapi.dll
[2010/08/17 22:10:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys
[2010/08/17 22:10:23 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmonui.dll
[2010/08/17 22:10:23 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys
[2010/08/17 22:10:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2010/08/17 22:10:22 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2010/08/17 22:10:22 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys
[2010/08/17 22:10:22 | 000,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys
[2010/08/17 22:10:22 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2010/08/17 22:10:22 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys
[2010/08/17 22:10:22 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys
[2010/08/17 22:10:22 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys
[2010/08/17 22:10:22 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys
[2010/08/17 22:10:21 | 000,314,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\uoyoadh.sys
[2010/08/17 22:10:21 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2010/08/17 22:10:21 | 000,088,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys
[2010/08/17 22:10:21 | 000,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys
[2010/08/17 22:10:21 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2010/08/17 22:10:20 | 000,226,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2010/08/17 22:10:20 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys
[2010/08/17 22:10:20 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys
[2010/08/17 22:10:20 | 000,134,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\HAL.DLL
[2010/08/17 22:10:20 | 000,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys
[2010/08/17 22:10:20 | 000,081,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys
[2010/08/17 22:10:20 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2010/08/17 22:10:20 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys
[2010/08/17 22:10:20 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys
[2010/08/17 22:10:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys
[2010/08/17 22:10:20 | 000,025,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys
[2010/08/17 22:10:20 | 000,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys
[2010/08/17 22:10:20 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys
[2010/08/17 22:10:20 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys
[2010/08/17 22:10:20 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys
[2010/08/17 22:10:19 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2010/08/17 22:10:19 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2010/08/17 22:10:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/08/17 21:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2010/08/17 21:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Macromedia
[2010/08/17 21:45:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\IETldCache
[2010/08/17 21:38:46 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/08/17 21:38:46 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/08/17 21:38:45 | 011,080,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/08/17 21:38:45 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/08/17 21:38:45 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/08/17 21:38:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/08/17 21:38:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/08/17 21:36:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/08/17 21:14:42 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2010/08/17 21:04:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/08/17 20:13:31 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/08/17 20:13:07 | 000,357,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/08/17 20:11:59 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/08/17 20:11:51 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/08/17 20:11:35 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/08/17 20:11:13 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/08/17 20:11:13 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/08/17 20:11:07 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/08/17 20:11:07 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/08/17 20:11:06 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/08/17 20:11:05 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/08/17 20:10:17 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/08/17 20:06:12 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/08/17 20:05:59 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010/08/17 19:57:32 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2010/08/17 19:57:16 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/08/17 19:57:15 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/08/17 19:56:50 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2010/08/17 19:44:24 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010/08/17 19:44:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/08/17 19:43:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/08/17 19:40:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/08/17 19:30:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\UserData
[2010/08/17 19:30:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/17 19:28:16 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/17 19:28:16 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/17 19:28:16 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/17 19:18:44 | 000,000,000 | --SD | C] -- C:\Documents and Settings\user\Application Data\Microsoft
[2010/08/17 19:18:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Application Data
[2010/08/17 19:18:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Favorites
[2010/08/17 19:18:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\Cookies
[2010/08/17 19:18:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\Application Data\Gtek
[2010/08/17 19:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Sun
[2010/08/17 19:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Sonic
[2010/08/17 19:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Microsoft
[2010/08/17 19:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Jasc Software Inc
[2010/08/17 19:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Identities
[2010/08/17 19:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop
[2010/08/17 19:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\ApplicationHistory
[2010/08/17 19:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2010/08/17 19:18:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\SendTo
[2010/08/17 19:18:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
[2010/08/17 19:18:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Startup
[2010/08/17 19:18:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Start Menu
[2010/08/17 19:18:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\My Pictures
[2010/08/17 19:18:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\My Music
[2010/08/17 19:18:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents
[2010/08/17 19:18:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Accessories
[2010/08/17 19:18:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\Templates
[2010/08/17 19:18:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\Local Settings
[2010/08/17 19:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\PrintHood
[2010/08/17 19:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\NetHood
[2010/08/17 19:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\My PSP8 Files
[2010/08/17 19:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Dell Accessories
[2010/08/17 19:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Dell
[2010/08/17 19:17:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/08/17 09:17:06 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spoolsv.exe
[2010/07/16 08:05:55 | 001,288,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ole32.dll
[2010/06/18 13:45:17 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2010/05/12 17:01:06 | 000,059,280 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\drivers\SZKGFS.sys
[2010/05/02 01:22:50 | 001,854,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2010/04/20 01:51:20 | 000,290,048 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2010/04/16 12:09:09 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/04/16 12:09:08 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/04/16 12:09:07 | 005,961,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/04/16 12:09:07 | 001,509,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2010/04/16 12:09:05 | 001,025,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2010/04/16 12:09:05 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/04/16 11:36:56 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usp10.dll
[2010/04/16 11:36:48 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2010/03/30 12:24:40 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdecd.dll
[2010/03/30 00:52:26 | 000,262,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4ds32.ax
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 360 Days ==========

[2011/03/17 11:48:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.com
[2011/03/17 11:45:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/17 11:32:13 | 000,000,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/03/17 11:28:26 | 000,001,589 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Verizon Internet Security Suite.lnk
[2011/03/17 11:28:09 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/17 11:28:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/03/17 11:28:01 | 3210,891,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/17 11:14:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/17 00:37:48 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/16 23:27:46 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/03/16 22:38:57 | 000,312,242 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/16 22:38:57 | 000,040,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/16 22:34:38 | 000,259,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/16 21:57:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/03/14 10:48:52 | 000,011,834 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\584387417
[2011/03/14 10:48:52 | 000,011,834 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\584387417
[2011/03/14 10:14:06 | 000,509,440 | ---- | M] (iS3, Inc.) -- C:\Documents and Settings\user\Desktop\STOPzilla_Setup.exe
[2011/03/14 09:07:14 | 000,058,880 | -H-- | M] () -- C:\WINDOWS\System32\CIDATUTL.dll
[2011/03/13 19:27:31 | 000,001,491 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Configure Family Protection.lnk
[2011/03/13 16:00:18 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\vtscheduletask.job
[2011/03/12 23:43:31 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/12 17:42:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/12 17:24:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\reimage.rep
[2011/03/12 17:22:29 | 000,000,320 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2011/03/12 17:22:28 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/03/12 17:04:18 | 000,009,216 | ---- | M] () -- C:\WINDOWS\System32\Native.exe
[2011/03/12 16:52:02 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk
[2011/03/12 16:48:48 | 000,014,476 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\1429839057
[2011/03/12 16:48:48 | 000,014,476 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1429839057
[2011/03/10 17:54:38 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/03/10 17:54:36 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/03/10 17:54:36 | 000,452,048 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/03/10 17:54:36 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/03/10 17:54:36 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/03/10 17:54:36 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/03/10 17:54:34 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/03/10 17:54:34 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/03/10 17:54:34 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/03/10 17:54:34 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/03/10 17:54:32 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/03/10 17:54:32 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/03/08 13:51:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\USER_FAMILYDELL40D8C619
[2011/03/05 23:14:14 | 000,652,078 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/03/05 21:40:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/03/04 18:10:01 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.bak
[2011/03/04 18:02:14 | 000,164,912 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\vmx_fb.dll
[2011/03/04 18:02:14 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2011/03/04 18:02:14 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2011/03/04 18:02:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpui.dll
[2011/03/04 18:02:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpcore.dll
[2011/03/04 18:02:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpcd.dll
[2011/03/04 18:02:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wmp.ocx
[2011/03/04 18:02:14 | 000,016,432 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\vmx_mode.dll
[2011/03/04 18:02:14 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2011/03/04 18:02:13 | 000,605,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2011/03/04 18:02:13 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2011/03/04 18:02:13 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2011/03/04 18:02:13 | 000,065,536 | ---- | M] (Johnson-Grace Company) -- C:\WINDOWS\System32\jgsh400.dll
[2011/03/04 18:02:13 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2011/03/04 18:02:13 | 000,045,568 | ---- | M] (America Online) -- C:\WINDOWS\System32\jgsd400.dll
[2011/03/04 18:02:13 | 000,044,544 | ---- | M] (Johnson-Grace Company) -- C:\WINDOWS\System32\jgaw400.dll
[2011/03/04 18:02:13 | 000,044,544 | ---- | M] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2011/03/04 18:02:13 | 000,035,840 | ---- | M] (Johnson-Grace Company) -- C:\WINDOWS\System32\jgmd400.dll
[2011/03/04 18:02:13 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MPG4DMOD.dll
[2011/03/04 18:02:12 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drmclien.dll
[2011/03/04 18:02:12 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2011/03/04 18:02:12 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2011/03/04 18:02:12 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drmstor.dll
[2011/03/04 18:02:12 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2011/03/04 18:02:12 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2011/03/04 18:02:12 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2011/03/04 18:02:12 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/04 18:02:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2011/03/04 18:02:12 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2011/03/04 18:02:12 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/03/04 18:02:10 | 000,017,062 | ---- | M] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/03/04 18:02:10 | 000,001,272 | ---- | M] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/03/04 18:02:08 | 000,065,978 | ---- | M] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/03/04 18:02:08 | 000,065,954 | ---- | M] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/03/04 18:02:08 | 000,065,832 | ---- | M] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/03/04 18:02:08 | 000,026,680 | ---- | M] () -- C:\WINDOWS\River Sumida.bmp
[2011/03/04 18:02:08 | 000,026,582 | ---- | M] () -- C:\WINDOWS\Greenstone.bmp
[2011/03/04 18:02:08 | 000,017,362 | ---- | M] () -- C:\WINDOWS\Rhododendron.bmp
[2011/03/04 18:02:08 | 000,017,336 | ---- | M] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/03/04 18:02:08 | 000,016,730 | ---- | M] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/03/04 18:02:08 | 000,009,522 | ---- | M] () -- C:\WINDOWS\Zapotec.bmp
[2011/03/04 18:00:50 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/03/04 17:24:29 | 000,016,118 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3544389075
[2011/03/04 17:24:28 | 000,016,118 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\3544389075
[2011/03/04 13:12:10 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/03/04 10:01:30 | 000,016,156 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\330039552
[2011/03/04 10:01:30 | 000,016,156 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\330039552
[2011/03/03 16:44:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\zwgyydtiquewrbodkrtchaqevrkbdhzbhaefrwl
[2011/03/03 16:44:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\lrlgnguzvikhuweqnpytdlopjywpzr
[2011/03/03 15:37:16 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WN311B Smart Wizard.lnk
[2011/03/02 19:52:01 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2011/02/28 19:09:22 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/02/28 19:09:22 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/02/28 18:47:40 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/02/28 15:47:53 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\MAPISVC.INF
[2011/02/27 20:21:40 | 000,032,580 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Internet Security Suite order.TIF
[2011/02/27 15:07:41 | 000,001,159 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/02/27 10:02:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Mhohuto.bin
[2011/02/26 22:46:42 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Thuvatuxofumu.dat
[2011/02/26 22:46:30 | 000,003,828 | ---- | M] () -- C:\Documents and Settings\user\Application Data\9F12.3B2
[2011/02/26 18:52:25 | 000,000,205 | ---- | M] () -- C:\Documents and Settings\user\delme.bat
[2011/02/09 09:53:52 | 000,270,848 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2011/02/09 09:53:52 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011/02/02 03:58:35 | 002,067,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2011/01/27 07:57:06 | 000,677,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2011/01/21 10:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011/01/21 10:44:37 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/01/11 23:04:20 | 000,183,296 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\Ncs2Setp.dll
[2011/01/11 22:56:10 | 000,659,576 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ncs2dmix.dll
[2011/01/11 22:56:02 | 000,514,168 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\accesor.dll
[2011/01/11 22:25:06 | 000,135,288 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ncs2instutility.dll
[2011/01/11 22:01:24 | 001,930,360 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\ncscolib.dll
[2011/01/11 14:51:54 | 000,266,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Prounstl.exe
[2011/01/07 10:09:02 | 000,290,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2011/01/07 10:09:02 | 000,290,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2010/12/31 09:10:33 | 001,854,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2010/12/31 09:10:33 | 001,854,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2010/12/22 08:34:28 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2010/12/21 06:29:20 | 011,080,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/12/20 19:59:20 | 005,961,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/12/20 19:59:20 | 001,210,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/12/20 19:59:20 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/12/20 19:59:20 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/12/20 19:59:20 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/12/20 19:59:20 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/12/20 19:59:20 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/12/20 19:59:19 | 001,991,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/12/20 19:59:19 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/12/20 19:59:19 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/12/20 19:59:19 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/12/20 19:59:19 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/12/20 19:59:19 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/12/20 19:59:19 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/12/20 19:59:19 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/12/20 19:59:19 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/12/20 19:59:19 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2010/12/20 19:59:19 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2010/12/20 19:59:19 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/12/20 19:59:19 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/12/20 19:59:16 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/12/20 19:59:16 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/12/20 19:59:16 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/12/20 19:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 19:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/20 13:26:00 | 000,730,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll
[2010/12/20 13:26:00 | 000,730,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/12/20 08:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2010/12/20 08:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2010/12/20 08:55:26 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2010/12/09 10:30:22 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2010/12/09 10:30:22 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2010/12/09 09:42:26 | 002,148,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2010/12/09 09:42:26 | 002,148,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/12/09 09:38:47 | 002,192,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/12/09 09:07:07 | 002,027,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/12/09 09:07:07 | 002,027,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2010/12/09 09:07:05 | 002,069,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/12/08 07:34:30 | 000,030,368 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\drivers\iqvw32.sys
[2010/12/06 13:00:06 | 000,109,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\IPROSetMonitor.exe
[2010/11/29 12:19:45 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/11/29 12:19:45 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2010/11/18 14:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2010/11/18 14:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2010/11/12 14:17:32 | 000,386,840 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/11/12 14:17:32 | 000,313,288 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/11/12 14:17:32 | 000,152,960 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/11/12 14:17:32 | 000,095,600 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/11/12 14:17:32 | 000,088,544 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/11/12 14:17:32 | 000,084,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/11/12 14:17:32 | 000,084,072 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/11/12 14:17:32 | 000,055,840 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/11/12 14:17:32 | 000,052,104 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/11/12 14:17:32 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/11/09 10:52:35 | 000,536,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2010/11/09 10:52:35 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\odbc32.dll
[2010/11/09 10:52:35 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbc32.dll
[2010/11/09 10:52:35 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2010/11/09 10:52:35 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2010/11/09 10:52:35 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2010/11/09 10:52:35 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2010/11/08 08:41:00 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2010/11/08 08:41:00 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2010/11/08 08:41:00 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2010/11/08 08:41:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2010/11/08 08:41:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2010/11/06 21:05:23 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/11/02 11:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/10/11 10:59:30 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/09/30 05:24:30 | 000,120,016 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ianswxp.sys
[2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll
[2010/09/18 12:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll
[2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll
[2010/09/18 02:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll
[2010/09/18 02:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll
[2010/09/18 02:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/09/09 07:03:52 | 000,239,768 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\PRONtObj.dll
[2010/08/27 04:02:29 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\t2embed.dll
[2010/08/27 04:02:29 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/08/27 01:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srvsvc.dll
[2010/08/26 09:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/08/25 23:36:02 | 010,841,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll
[2010/08/23 12:12:04 | 000,617,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/08/22 20:56:18 | 000,000,064 | ---- | M] () -- C:\WINDOWS\qwimp.ini
[2010/08/22 20:06:07 | 000,000,127 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2010/08/22 19:34:19 | 000,000,214 | ---- | M] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/08/18 18:45:27 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2010/08/18 13:45:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/08/18 09:46:22 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/08/18 09:43:19 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/08/18 06:48:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vpc32.INI
[2010/08/18 03:16:44 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/08/17 21:15:09 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/08/17 19:28:09 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/17 19:28:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/17 19:28:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/17 19:28:09 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/17 19:28:08 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/17 19:18:03 | 000,000,211 | -HS- | M] () -- C:\BOOT.INI
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spoolsv.exe
[2010/08/16 04:45:00 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2010/08/12 08:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/16 08:05:55 | 001,288,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ole32.dll
[2010/07/05 16:40:04 | 000,057,667 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf
[2010/06/30 08:31:35 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2010/06/18 13:45:17 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winsrv.dll
[2010/06/18 13:45:17 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2010/06/18 09:36:12 | 003,558,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/06/17 10:03:00 | 000,080,384 | ---- | M] (Radius Inc.) -- C:\WINDOWS\System32\iccvid.dll
[2010/06/15 12:17:24 | 000,143,422 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codecx.ax
[2010/06/14 10:31:20 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/06/14 03:41:45 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/06/09 03:43:36 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/05/12 17:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\drivers\SZKGFS.sys
[2010/04/16 12:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2010/04/16 12:09:05 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2010/04/16 11:36:56 | 000,406,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usp10.dll
[2010/04/06 04:52:46 | 002,462,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WMVCore.dll
[2010/04/06 04:52:46 | 002,462,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMVCore.dll
[2010/03/30 12:24:40 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mp4sdecd.dll
[2010/03/30 12:24:40 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdecd.dll
[2010/03/30 00:52:26 | 000,262,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mpg4ds32.ax
[2010/03/30 00:52:26 | 000,262,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4ds32.ax
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/17 11:32:13 | 000,000,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/03/14 13:34:50 | 3210,891,264 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/14 13:01:06 | 000,001,589 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Verizon Internet Security Suite.lnk
[2011/03/14 09:07:14 | 000,058,880 | -H-- | C] () -- C:\WINDOWS\System32\CIDATUTL.dll
[2011/03/13 21:14:54 | 000,011,834 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\584387417
[2011/03/13 21:14:54 | 000,011,834 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\584387417
[2011/03/13 19:27:31 | 000,001,491 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Configure Family Protection.lnk
[2011/03/12 17:42:39 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/08 13:51:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\USER_FAMILYDELL40D8C619
[2011/03/05 23:13:58 | 000,652,078 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/03/05 18:07:33 | 000,014,476 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\1429839057
[2011/03/05 18:07:33 | 000,014,476 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1429839057
[2011/03/04 18:10:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\reimage.rep
[2011/03/04 18:06:58 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/03/04 18:06:54 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Windows Media Player.lnk
[2011/03/04 18:06:54 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Outlook Express.lnk
[2011/03/04 18:06:51 | 000,002,006 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/03/04 18:06:51 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/03/04 18:06:00 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/03/04 18:06:00 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/03/04 18:05:56 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/03/04 18:05:56 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/03/04 18:05:56 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/03/04 18:05:55 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/03/04 18:05:55 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/03/04 18:05:55 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/03/04 18:05:55 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/03/04 18:05:55 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/03/04 18:05:54 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/03/04 17:50:58 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\Native.exe
[2011/03/04 16:46:19 | 000,000,320 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/03/04 16:37:30 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk
[2011/03/04 13:12:10 | 000,001,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/03/04 13:12:10 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\vtscheduletask.job
[2011/03/04 13:05:36 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/03/04 09:50:21 | 000,015,576 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\3544389075
[2011/03/04 09:32:40 | 000,016,156 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\330039552
[2011/03/04 09:31:59 | 000,016,156 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\330039552
[2011/03/04 09:31:59 | 000,016,118 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\3544389075
[2011/03/04 09:16:20 | 000,016,118 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3544389075
[2011/03/04 09:16:20 | 000,015,568 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\3544389075
[2011/03/03 16:44:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\zwgyydtiquewrbodkrtchaqevrkbdhzbhaefrwl
[2011/03/03 16:44:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\lrlgnguzvikhuweqnpytdlopjywpzr
[2011/03/03 16:28:52 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/03 16:28:52 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Internet Explorer.lnk
[2011/03/03 15:21:35 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\ASupplicant.dll
[2011/03/03 15:21:32 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WN311B Smart Wizard.lnk
[2011/03/03 10:13:01 | 000,001,904 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2011/03/02 19:52:15 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/03/02 19:52:15 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/03/02 19:52:14 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/02/28 18:47:40 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/02/28 18:47:40 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/02/27 20:21:40 | 000,032,580 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Internet Security Suite order.TIF
[2011/02/26 18:54:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mhohuto.bin
[2011/02/26 18:54:46 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Thuvatuxofumu.dat
[2011/02/26 18:52:25 | 000,000,205 | ---- | C] () -- C:\Documents and Settings\user\delme.bat
[2011/02/26 18:51:54 | 000,003,828 | ---- | C] () -- C:\Documents and Settings\user\Application Data\9F12.3B2
[2011/02/19 10:08:10 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/15 17:40:25 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/15 17:40:22 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/09 09:53:52 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2011/02/09 09:53:52 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2010/11/29 12:19:45 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2010/11/29 12:19:44 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
[2010/11/29 12:19:44 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/08/22 20:56:17 | 000,000,064 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2010/08/22 20:09:20 | 000,001,159 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/08/22 20:06:07 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2010/08/22 19:34:19 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/08/21 20:46:44 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/18 18:45:27 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/08/18 13:45:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/18 09:46:22 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2010/08/18 09:46:22 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/08/18 09:43:19 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/08/18 06:48:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/08/17 21:15:09 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/08/17 19:18:52 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2010/08/17 19:18:52 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/08/17 19:18:52 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/17 19:18:44 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Remote Assistance.lnk
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/03/12 11:25:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/12 11:23:20 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/12 11:19:16 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/03/12 11:03:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/03/12 11:01:50 | 000,312,242 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/03/12 11:01:50 | 000,040,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/03/12 10:44:06 | 000,000,370 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 00:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 15:08:08 | 000,259,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 15:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 15:02:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:08:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/10 12:08:26 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/07/19 18:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/02/26 20:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2011/02/27 09:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hIkFlKc15400
[2011/03/16 22:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2011/03/17 11:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/03/14 12:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/03/06 10:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/03/12 11:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/03/14 12:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\whitesmoketoolbar
[2011/03/13 14:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
[2010/10/09 10:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech
[2011/03/03 16:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\MSNInstaller
[2010/08/18 09:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Desktop Search
[2010/08/18 13:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Search
[2011/03/05 21:40:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/03/13 16:00:18 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\vtscheduletask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >



OTL Extras logfile created on: 3/17/2011 12:07:43 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.88 Gb Total Space | 16.23 Gb Free Space | 47.91% Space Free | Partition Type: NTFS

Computer Name: FAMILYDELL | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\qxk.exe" -a "%1" %*

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\qxk.exe" -a "%1" %*

[HKEY_USERS\S-1-5-21-4018511625-2458006549-1441198334-1006\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\DOCUME~1\user\LOCALS~1\Temp\exe.exe" -a "%1" %*
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Verizon\VSP\ServicepointService.exe" = C:\Program Files\Verizon\VSP\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0006AB1D-9B22-43DF-8D14-6EBD18DED4EE}" = Intel® Network Connections 16.0.19.0
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{08DE682A-3858-4591-9EBB-E5290E4DC3DD}" = Family Protection
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1047106F-3AED-4661-B919-6D377BF641CF}" = RangeMax™ NEXT Wireless Adapter WN311B
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73CB01A1-A9D0-41CA-B490-348880975F48}" = STOPzilla
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C13AF9C7-8E06-4354-B629-DF6192CE4A66}" = PANTECH UM175 Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"conduitEngine" = Conduit Engine
"DellSupport" = Dell Support 5.0.0 (630)
"ie8" = Windows Internet Explorer 8
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = Verizon Internet Security Suite
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyWaySearchAssistantDE" = My Way Search Assistant
"PowerShell" = Windows PowerShell™ 1.0
"QuickTime" = QuickTime
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.7.44
"RealPlayer 6.0" = RealPlayer Basic
"Reimage Repair" = Reimage Repair
"Reimage_PC_Repair Toolbar" = Reimage PC Repair Toolbar
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/17/2011 11:24:44 AM | Computer Name = FAMILYDELL | Source = Application Error | ID = 1000
Description = Faulting application DRWTSN32.EXE, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 3/17/2011 11:25:01 AM | Computer Name = FAMILYDELL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/17/2011 11:29:13 AM | Computer Name = FAMILYDELL | Source = Google Update | ID = 20
Description =

Error - 3/17/2011 11:36:14 AM | Computer Name = FAMILYDELL | Source = Google Update | ID = 20
Description =

Error - 3/17/2011 11:45:03 AM | Computer Name = FAMILYDELL | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module wininet.dll, version 8.0.6001.19019, fault address 0x000b0a14.

Error - 3/17/2011 11:45:19 AM | Computer Name = FAMILYDELL | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module wininet.dll, version 8.0.6001.19019, fault address 0x000b0a16.

Error - 3/17/2011 11:48:01 AM | Computer Name = FAMILYDELL | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module wininet.dll, version 8.0.6001.19019, fault address 0x000b0a14.

Error - 3/17/2011 11:50:27 AM | Computer Name = FAMILYDELL | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module wininet.dll, version 8.0.6001.19019, fault address 0x000b0a14.

Error - 3/17/2011 11:50:37 AM | Computer Name = FAMILYDELL | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module wininet.dll, version 8.0.6001.19019, fault address 0x000b0a14.

Error - 3/17/2011 11:50:57 AM | Computer Name = FAMILYDELL | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module wininet.dll, version 8.0.6001.19019, fault address 0x000b0a14.

[ System Events ]
Error - 3/17/2011 10:44:14 AM | Computer Name = FAMILYDELL | Source = NetBT | ID = 4307
Description = Initialization failed because the transport refused to open initial
Addresses.

Error - 3/17/2011 10:46:03 AM | Computer Name = FAMILYDELL | Source = Service Control Manager | ID = 7022
Description = The IPv6 Helper Service service hung on starting.

Error - 3/17/2011 10:46:03 AM | Computer Name = FAMILYDELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 3/17/2011 11:01:40 AM | Computer Name = FAMILYDELL | Source = NetBT | ID = 4307
Description = Initialization failed because the transport refused to open initial
Addresses.

Error - 3/17/2011 11:03:03 AM | Computer Name = FAMILYDELL | Source = Service Control Manager | ID = 7022
Description = The IPv6 Helper Service service hung on starting.

Error - 3/17/2011 11:03:03 AM | Computer Name = FAMILYDELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 3/17/2011 11:09:30 AM | Computer Name = FAMILYDELL | Source = Tcpip | ID = 4198
Description = The system detected an address conflict for IP address 192.168.1.2
with the system having network hardware address 00:24:36:B6:AE:BC. The local interface
has been disabled.

Error - 3/17/2011 11:16:44 AM | Computer Name = FAMILYDELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 3/17/2011 11:30:03 AM | Computer Name = FAMILYDELL | Source = Service Control Manager | ID = 7022
Description = The IPv6 Helper Service service hung on starting.

Error - 3/17/2011 11:30:03 AM | Computer Name = FAMILYDELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde


< End of report >


Thanks in advance for someone's help,
Chuck3778

Edited by boopme, 17 March 2011 - 02:33 PM.


BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:29 AM

Posted 19 March 2011 - 07:43 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 chuck3778

chuck3778
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 19 March 2011 - 01:56 PM

Hello Casey_boy and thanks for replying. Here are answers to your questions and the logs you requested.

#4 chuck3778

chuck3778
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 19 March 2011 - 02:09 PM

Hello Casey_boy and thanks for replying. Here are answers to your questions and the logs you requested.

1. I do believe I have solved the original problem of the XP Home Security 2011 virus. I downloaded and ran Spybot Search and Destroy and Ad-Aware and they found and fixed a number of my problems. I can now access executables and get updates from Microsoft. The computer seems to be working much better but I still get a lot of IE crashed.
2. I'm able to creat the logs you requested - they are below.
3. I do have the original Windows CD.

Attached are the DDS logs and the GMER log you requested:

Again thanks for all your help,
Chuck3778

Attached Files



#5 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:29 AM

Posted 23 March 2011 - 01:53 AM

Hi,

Sorry for delayed reply. If there're any symptoms still left post fresh dds logs, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#6 chuck3778

chuck3778
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 23 March 2011 - 11:06 AM

Hello Blade81 and thanks for replying. Yes I still have some symptoms - mostly a slow IE and a lot of IE must close dialog boxes. Here are the new dds logs.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by user at 8:53:54.74 on Wed 03/23/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2588 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: McAfee Personal Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Content Filter\UpdateService.exe
C:\WINDOWS\system32\IProsetMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Content Filter\mfp.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\user\Desktop\dds.pif
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.verizon.net/central
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Reimage PC Repair Toolbar: {41e64f2b-bb63-4fcf-b98f-3921aea84d7e} - c:\program files\reimage_pc_repair\prxtbRei0.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Reimage PC Repair Toolbar: {41e64f2b-bb63-4fcf-b98f-3921aea84d7e} - c:\program files\reimage_pc_repair\prxtbRei0.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110318160141.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Reimage PC Repair Toolbar: {41e64f2b-bb63-4fcf-b98f-3921aea84d7e} - c:\program files\reimage_pc_repair\prxtbRei0.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [googletalk] c:\documents and settings\user\application data\google talk\googletalk.exe /autostart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: ICF.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\www.update
Trusted Zone: windowsupdate.com\download
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281909396171
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282087880937
DPF: {D27CDB6E-AE6D-11CF-96B8-444543540000} - hxxp://active.macromedia.com/flash5/cabs/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli scecli
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-21 64512]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-13 84072]
R1 uoyoadh;uoyoadh;c:\windows\system32\drivers\uoyoadh.sys [2010-8-17 314272]
R2 fpUpdateSvc;Family Protection Update Service;c:\program files\internet content filter\UpdateService.exe [2011-3-13 235024]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-3-3 109728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-13 271480]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-13 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-13 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-13 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-13 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-13 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2011-3-13 141792]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2011-3-13 689464]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2011-3-3 16194]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-13 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-13 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-13 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-13 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-13 88544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-15 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-16 1405384]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-16 15232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-13 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-13 84264]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2010-8-18 54416]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2010-8-18 160272]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2010-8-18 160272]
S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\PTDUWFLT.sys [2010-8-18 11920]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2010-8-18 113680]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 McOobeSv;McAfee OOBE Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-13 271480]
.
=============== Created Last 30 ================
.
2011-03-21 14:31:14 -------- d-sh--r- C:\cmdcons
2011-03-21 14:31:12 -------- d-----w- c:\windows\setup.pss
2011-03-21 14:30:39 -------- d-----w- c:\windows\setupupd
2011-03-21 13:36:05 -------- d-----w- c:\program files\ACW
2011-03-21 13:07:50 -------- d-----w- c:\docume~1\user\applic~1\Systweak
2011-03-21 13:07:27 -------- d-----w- c:\program files\RegClean Pro
2011-03-21 03:32:14 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-03-21 03:32:11 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-03-21 03:32:10 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-03-21 03:32:06 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-03-21 03:32:02 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-03-21 03:30:58 12127 ----a-w- c:\windows\system32\dllcache\wadv02nt.sys
2011-03-21 03:29:59 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-03-21 03:28:58 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-03-21 03:27:58 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-03-21 03:26:58 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2011-03-21 03:25:58 35913 ----a-w- c:\windows\system32\dllcache\smcirda.sys
2011-03-21 03:24:58 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-03-21 03:23:59 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys
2011-03-21 03:22:59 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
2011-03-21 03:21:59 8832 ----a-w- c:\windows\system32\dllcache\powerfil.sys
2011-03-21 03:20:56 39424 ----a-w- c:\windows\system32\dllcache\ovcoms.exe
2011-03-21 03:19:58 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-03-21 03:18:59 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll
2011-03-21 03:17:58 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2011-03-21 03:16:59 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-03-21 03:15:58 38784 ----a-w- c:\windows\system32\dllcache\io8.sys
2011-03-21 03:14:58 10129408 ----a-w- c:\windows\system32\dllcache\hwxkor.dll
2011-03-21 03:13:58 126976 ----a-w- c:\windows\system32\dllcache\hpgt34tk.dll
2011-03-21 03:12:58 34173 ----a-w- c:\windows\system32\dllcache\forehe.sys
2011-03-21 03:11:59 114944 ----a-w- c:\windows\system32\dllcache\epstw2k.sys
2011-03-21 03:10:59 38985 ----a-w- c:\windows\system32\dllcache\disrvsu.dll
2011-03-21 03:09:59 6912 ----a-w- c:\windows\system32\dllcache\ctlfacem.sys
2011-03-21 03:08:59 3168 ----a-w- c:\windows\system32\dllcache\brparimg.sys
2011-03-21 03:07:43 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-03-21 02:42:09 -------- d-----w- c:\docume~1\user\applic~1\ElevatedDiagnostics
2011-03-18 21:01:12 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-18 20:41:39 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{870E601A-FE70-4098-94B2-6E9963FCAA51}
2011-03-18 20:41:18 -------- d-----w- c:\program files\Lavasoft
2011-03-18 18:27:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-18 18:27:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-03-17 19:41:38 -------- d--h--w- c:\windows\PIF
2011-03-14 16:44:02 -------- d-----w- c:\program files\Drop Down Deals
2011-03-14 16:44:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer
2011-03-14 14:35:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2011-03-13 23:27:32 320528 ----a-w- c:\windows\system32\seinst.dll
2011-03-13 23:27:32 299024 ----a-w- c:\windows\system32\ICF.dll
2011-03-13 23:27:31 -------- d-----w- c:\program files\Internet Content Filter
2011-03-13 23:23:26 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-03-13 23:23:17 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-03-13 23:23:17 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-03-13 23:23:17 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-03-13 23:23:17 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-03-13 23:23:16 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-03-13 23:23:16 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-03-13 23:23:16 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-03-13 23:23:16 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-03-13 23:23:16 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-03-13 23:23:07 -------- d-----w- c:\program files\common files\Mcafee
2011-03-13 23:23:06 -------- d-----w- c:\program files\McAfee.com
2011-03-13 23:16:49 -------- d-----w- c:\program files\Verizon
2011-03-13 03:40:06 -------- dc-h--w- c:\windows\ie8
2011-03-06 18:41:23 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Threat Expert
2011-03-06 03:13:33 -------- d-----w- c:\program files\PC Tools Security
2011-03-06 00:52:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-03-05 15:42:27 -------- d--h--w- c:\windows\msdownld.tmp
2011-03-05 15:40:44 -------- d-----w- c:\windows\Logs
2011-03-04 22:05:55 -------- d-----w- c:\windows\SxsCaPendDel
2011-03-04 21:50:58 9216 ----a-w- c:\windows\system32\Native.exe
2011-03-04 21:50:57 -------- d-----w- C:\ReimageUndo
2011-03-04 20:37:29 -------- d-----w- C:\rei
2011-03-04 20:37:25 -------- d-----w- c:\program files\Reimage
2011-03-04 20:32:43 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-04 20:24:37 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Reimage_PC_Repair
2011-03-04 20:24:36 -------- d-----w- c:\program files\Reimage_PC_Repair
2011-03-04 20:24:36 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Temp
2011-03-04 20:24:36 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Conduit
2011-03-04 17:12:10 -------- d-----w- c:\docume~1\user\applic~1\McAfee
2011-03-03 20:51:58 -------- d-----w- c:\program files\McAfee
2011-03-03 20:26:18 -------- d-----w- c:\docume~1\user\applic~1\MSNInstaller
2011-03-03 19:21:35 16194 ----a-w- c:\windows\system32\AWINDIS5.SYS
2011-03-03 19:21:35 135265 ----a-w- c:\windows\system32\AW32n50.dll
2011-03-03 19:21:35 102400 ----a-w- c:\windows\system32\ASupplicant.dll
2011-03-03 19:21:34 1286144 ----a-w- c:\windows\system32\drivers\WN311B.sys
2011-03-03 19:21:32 -------- d-----w- c:\program files\NETGEAR
2011-03-03 14:13:42 109728 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2011-03-02 23:55:00 79872 ----a-w- c:\windows\system32\dllcache\msxml6r.dll
2011-03-02 23:55:00 79872 ------w- c:\windows\system32\msxml6r.dll
2011-03-02 23:55:00 577536 ----a-w- c:\windows\system32\dllcache\sprc041b.dll
2011-03-02 23:55:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2011-03-02 23:55:00 1372672 ----a-w- c:\windows\system32\dllcache\msxml6.dll
2011-03-02 23:53:57 39936 ----a-w- c:\windows\system32\dllcache\snmpthrd.dll
2011-03-02 23:53:57 331264 ----a-w- c:\windows\system32\dllcache\aqueue.dll
2011-03-02 23:53:57 101888 ----a-w- c:\windows\system32\dllcache\evntagnt.dll
2011-03-02 23:51:18 19569 ----a-w- c:\windows\002466_.tmp
2011-03-02 22:14:55 -------- d-----w- C:\ERDNT
2011-03-01 21:40:25 -------- d-----w- c:\program files\msn gaming zone
2011-03-01 16:52:36 18944 ----a-w- c:\windows\system32\simptcp.dll
2011-03-01 16:52:36 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2011-03-01 16:52:30 35328 ----a-w- c:\windows\system32\iprip.dll
2011-03-01 16:52:30 35328 ----a-w- c:\windows\system32\dllcache\iprip.dll
2011-02-28 22:47:40 1409 ----a-w- c:\windows\QTFont.for
2011-02-28 00:51:28 281616 ----a-w- c:\windows\sediag.exe
2011-02-28 00:24:48 -------- d-----w- c:\docume~1\user\applic~1\Verizon
2011-02-28 00:24:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Radialpoint
2011-02-28 00:24:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Verizon
2011-02-27 13:58:42 -------- d-----w- c:\docume~1\user\applic~1\Malwarebytes
2011-02-27 03:31:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-27 03:31:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-27 03:31:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-27 03:31:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-26 22:54:50 0 ----a-w- c:\windows\Mhohuto.bin
2011-02-26 22:54:29 -------- d-----w- c:\docume~1\user\locals~1\applic~1\{429BA9E0-2C86-492B-B548-EEA073640F53}
2011-02-26 22:52:25 205 ----a-w- c:\documents and settings\user\delme.bat
2011-02-26 22:49:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\hIkFlKc15400
.
==================== Find3M ====================
.
2011-03-21 21:27:19 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-12 03:04:20 183296 ----a-w- c:\windows\system32\Ncs2Setp.dll
2011-01-12 02:56:10 659576 ----a-w- c:\windows\system32\ncs2dmix.dll
2011-01-12 02:56:02 514168 ----a-w- c:\windows\system32\accesor.dll
2011-01-12 02:25:06 135288 ----a-w- c:\windows\system32\ncs2instutility.dll
2011-01-12 02:01:24 1930360 ----a-w- c:\windows\system32\ncscolib.dll
2011-01-11 18:51:54 266440 ----a-w- c:\windows\system32\Prounstl.exe
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 8:55:20.24 ===============

Attached Files



#7 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:29 AM

Posted 23 March 2011 - 11:22 AM

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#8 chuck3778

chuck3778
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 23 March 2011 - 03:18 PM

Hello Blade 81. I've run combo fix and attached are the logs requested. Thanks again for your help!

Combo Fix Log:
ComboFix 11-03-23.03 - user 03/23/2011 15:33:29.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2494 [GMT -4:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: McAfee Personal Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\user\delme.bat
c:\documents and settings\user\Local Settings\Application Data\{429BA9E0-2C86-492B-B548-EEA073640F53}
c:\documents and settings\user\Local Settings\Application Data\{429BA9E0-2C86-492B-B548-EEA073640F53}\chrome.manifest
c:\documents and settings\user\Local Settings\Application Data\{429BA9E0-2C86-492B-B548-EEA073640F53}\chrome\content\_cfg.js
c:\documents and settings\user\Local Settings\Application Data\{429BA9E0-2C86-492B-B548-EEA073640F53}\chrome\content\overlay.xul
c:\documents and settings\user\Local Settings\Application Data\{429BA9E0-2C86-492B-B548-EEA073640F53}\install.rdf
c:\program files\Drop Down Deals
c:\windows\SYSTEM32\DRIVERS\uoyoadh.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_uoyoadh
-------\Service_uoyoadh
.
.
((((((((((((((((((((((((( Files Created from 2011-02-23 to 2011-03-23 )))))))))))))))))))))))))))))))
.
.
2011-03-21 13:36 . 2011-03-21 13:36 -------- d-----w- c:\program files\ACW
2011-03-21 13:07 . 2011-03-21 20:54 -------- d-----w- c:\documents and settings\user\Application Data\Systweak
2011-03-21 13:07 . 2011-03-21 20:54 -------- d-----w- c:\program files\RegClean Pro
2011-03-21 03:32 . 2008-04-14 09:42 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-03-21 03:32 . 2001-08-18 02:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-03-21 03:32 . 2008-04-14 09:42 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-03-21 03:32 . 2001-08-18 02:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-03-21 03:32 . 2001-08-18 02:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-03-21 03:30 . 2008-04-14 02:04 12127 ----a-w- c:\windows\system32\dllcache\wadv02nt.sys
2011-03-21 03:29 . 2001-08-17 17:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-03-21 03:28 . 2001-08-17 16:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-03-21 03:27 . 2001-08-17 16:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-03-21 03:26 . 2001-08-17 17:51 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2011-03-21 03:25 . 2001-08-17 16:10 35913 ----a-w- c:\windows\system32\dllcache\smcirda.sys
2011-03-21 03:24 . 2001-08-17 16:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-03-21 03:23 . 2001-08-17 16:50 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys
2011-03-21 03:22 . 2001-08-17 16:19 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
2011-03-21 03:21 . 2008-04-14 04:10 8832 ----a-w- c:\windows\system32\dllcache\powerfil.sys
2011-03-21 03:20 . 2001-08-18 02:36 39424 ----a-w- c:\windows\system32\dllcache\ovcoms.exe
2011-03-21 03:19 . 2001-08-17 17:53 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-03-21 03:18 . 2001-08-18 02:36 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll
2011-03-21 03:17 . 2001-08-17 16:50 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2011-03-21 03:16 . 2008-04-14 04:10 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-03-21 03:15 . 2001-08-17 17:50 38784 ----a-w- c:\windows\system32\dllcache\io8.sys
2011-03-21 03:14 . 2004-08-04 11:00 10129408 ----a-w- c:\windows\system32\dllcache\hwxkor.dll
2011-03-21 03:13 . 2001-08-18 02:36 126976 ----a-w- c:\windows\system32\dllcache\hpgt34tk.dll
2011-03-21 03:12 . 2008-04-14 02:05 34173 ----a-w- c:\windows\system32\dllcache\forehe.sys
2011-03-21 03:11 . 2001-08-17 17:50 114944 ----a-w- c:\windows\system32\dllcache\epstw2k.sys
2011-03-21 03:10 . 2001-08-18 02:36 38985 ----a-w- c:\windows\system32\dllcache\disrvsu.dll
2011-03-21 03:09 . 2001-08-17 16:19 6912 ----a-w- c:\windows\system32\dllcache\ctlfacem.sys
2011-03-21 03:08 . 2001-08-17 17:12 3168 ----a-w- c:\windows\system32\dllcache\brparimg.sys
2011-03-21 03:07 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-03-21 02:42 . 2011-03-21 03:00 -------- d-----w- c:\documents and settings\user\Application Data\ElevatedDiagnostics
2011-03-19 15:10 . 2011-03-21 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2011-03-18 21:01 . 2011-03-16 08:05 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-18 20:41 . 2011-03-18 20:41 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{870E601A-FE70-4098-94B2-6E9963FCAA51}
2011-03-18 20:41 . 2011-03-18 20:41 -------- d-----w- c:\program files\Lavasoft
2011-03-18 18:27 . 2011-03-18 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-03-18 18:27 . 2011-03-18 18:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-17 19:41 . 2011-03-17 19:41 -------- d--h--w- c:\windows\PIF
2011-03-17 04:31 . 2011-03-17 04:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2011-03-17 04:30 . 2011-03-17 04:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-03-14 14:35 . 2011-03-21 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-03-13 23:27 . 2010-03-09 13:39 320528 ----a-w- c:\windows\system32\seinst.dll
2011-03-13 23:27 . 2010-03-09 13:39 299024 ----a-w- c:\windows\system32\ICF.dll
2011-03-13 23:27 . 2011-03-13 23:27 -------- d-----w- c:\program files\Internet Content Filter
2011-03-13 23:23 . 2010-11-12 18:17 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-03-13 23:23 . 2010-11-12 18:17 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-03-13 23:23 . 2010-11-12 18:17 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-03-13 23:23 . 2010-11-12 18:17 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-03-13 23:23 . 2010-11-12 18:17 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-03-13 23:23 . 2010-11-12 18:17 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-03-13 23:23 . 2010-11-12 18:17 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-03-13 23:23 . 2010-11-12 18:17 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-03-13 23:23 . 2010-11-12 18:17 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-03-13 23:23 . 2010-11-12 18:17 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-03-13 23:23 . 2011-03-13 23:23 -------- d-----w- c:\program files\Common Files\Mcafee
2011-03-13 23:16 . 2011-03-13 23:16 -------- d-----w- c:\program files\Verizon
2011-03-13 03:40 . 2011-03-13 03:41 -------- dc-h--w- c:\windows\ie8
2011-03-06 18:41 . 2011-03-06 18:41 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Threat Expert
2011-03-06 03:13 . 2011-03-06 18:41 -------- d-----w- c:\program files\PC Tools Security
2011-03-06 00:55 . 2011-03-06 14:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-06 00:52 . 2011-03-06 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-03-05 15:42 . 2011-03-05 19:45 -------- d--h--w- c:\windows\msdownld.tmp
2011-03-05 15:40 . 2011-03-05 19:49 -------- d-----w- c:\windows\Logs
2011-03-04 23:35 . 2011-03-04 23:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2011-03-04 22:05 . 2011-03-04 22:05 -------- d-----w- c:\windows\SxsCaPendDel
2011-03-04 21:50 . 2011-03-21 21:20 9216 ----a-w- c:\windows\system32\Native.exe
2011-03-04 21:50 . 2011-03-04 22:07 -------- d-----w- C:\ReimageUndo
2011-03-04 20:37 . 2011-03-21 21:36 -------- d-----w- C:\rei
2011-03-04 20:37 . 2011-03-04 20:37 -------- d-----w- c:\program files\Reimage
2011-03-04 20:32 . 2011-03-04 20:32 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-04 20:24 . 2011-03-23 15:58 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Reimage_PC_Repair
2011-03-04 20:24 . 2011-03-21 21:08 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Temp
2011-03-04 20:24 . 2011-03-04 20:24 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Conduit
2011-03-04 17:12 . 2011-03-04 17:12 -------- d-----w- c:\documents and settings\user\Application Data\McAfee
2011-03-03 20:51 . 2011-03-18 19:22 -------- d-----w- c:\program files\McAfee
2011-03-03 20:42 . 2011-03-13 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-03-03 20:26 . 2011-03-03 20:26 -------- d-----w- c:\documents and settings\user\Application Data\MSNInstaller
2011-03-03 19:21 . 2007-01-18 15:29 102400 ----a-w- c:\windows\system32\ASupplicant.dll
2011-03-03 19:21 . 2006-09-18 13:25 135265 ----a-w- c:\windows\system32\AW32n50.dll
2011-03-03 19:21 . 2002-04-11 22:43 16194 ----a-w- c:\windows\system32\AWINDIS5.SYS
2011-03-03 19:21 . 2008-11-06 21:33 1286144 ----a-w- c:\windows\system32\drivers\WN311B.sys
2011-03-03 19:21 . 2011-03-03 19:21 -------- d-----w- c:\program files\NETGEAR
2011-03-03 14:13 . 2010-12-06 17:00 109728 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2011-03-02 23:55 . 2009-07-31 14:05 1372672 ----a-w- c:\windows\system32\msxml6.dll
2011-03-02 23:55 . 2009-07-31 14:05 1372672 ----a-w- c:\windows\system32\dllcache\msxml6.dll
2011-03-02 23:55 . 2008-04-14 05:10 577536 ----a-w- c:\windows\system32\dllcache\sprc041b.dll
2011-03-02 23:55 . 2008-04-14 03:57 79872 ----a-w- c:\windows\system32\dllcache\msxml6r.dll
2011-03-02 23:55 . 2008-04-14 03:57 79872 ------w- c:\windows\system32\msxml6r.dll
2011-03-02 23:53 . 2008-04-14 10:42 39936 ----a-w- c:\windows\system32\dllcache\snmpthrd.dll
2011-03-02 23:53 . 2008-04-14 10:41 101888 ----a-w- c:\windows\system32\dllcache\evntagnt.dll
2011-03-02 23:53 . 2008-04-14 10:41 331264 ----a-w- c:\windows\system32\dllcache\aqueue.dll
2011-03-02 23:51 . 2006-12-29 05:31 19569 ----a-w- c:\windows\002466_.tmp
2011-03-02 22:14 . 2011-03-03 13:35 -------- d-----w- C:\ERDNT
2011-03-01 16:52 . 2004-08-04 11:00 18944 ----a-w- c:\windows\system32\simptcp.dll
2011-03-01 16:52 . 2004-08-04 11:00 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2011-03-01 16:52 . 2008-04-14 10:41 35328 ----a-w- c:\windows\system32\iprip.dll
2011-03-01 16:52 . 2008-04-14 10:41 35328 ----a-w- c:\windows\system32\dllcache\iprip.dll
2011-02-28 22:47 . 2011-02-28 22:47 1409 ----a-w- c:\windows\QTFont.for
2011-02-28 00:51 . 2010-03-09 13:39 281616 ----a-w- c:\windows\sediag.exe
2011-02-28 00:24 . 2011-02-28 00:24 -------- d-----w- c:\documents and settings\user\Application Data\Verizon
2011-02-28 00:24 . 2011-03-17 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Radialpoint
2011-02-28 00:24 . 2011-02-28 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon
2011-02-27 14:38 . 2011-02-27 14:38 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2011-02-27 14:35 . 2011-02-27 14:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-02-27 14:34 . 2011-02-27 14:34 -------- d-----w- c:\windows\Sun
2011-02-27 13:58 . 2011-02-27 13:58 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2011-02-27 03:31 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-27 03:31 . 2011-02-27 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-27 03:31 . 2011-03-12 21:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-27 03:31 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-26 23:45 . 2011-02-27 00:22 -------- d-----w- c:\documents and settings\Administrator
2011-02-26 22:54 . 2011-02-27 14:02 0 ----a-w- c:\windows\Mhohuto.bin
2011-02-26 22:49 . 2011-02-27 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\hIkFlKc15400
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 21:37 . 2010-08-18 02:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2011-03-21 21:27 . 2005-03-12 15:14 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-03-21 21:27 . 2004-08-04 11:00 209624 ----a-w- c:\windows\system32\wuweb.dll
2011-03-16 08:05 . 2010-08-22 00:40 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-04 22:02 . 2004-08-04 11:00 20480 ----a-w- c:\windows\system32\wmpui.dll
2011-03-04 22:02 . 2004-08-04 11:00 20480 ----a-w- c:\windows\system32\wmpcore.dll
2011-03-04 22:02 . 2004-08-04 11:00 20480 ----a-w- c:\windows\system32\wmpcd.dll
2011-03-04 22:02 . 2004-08-04 11:00 20480 ----a-w- c:\windows\system32\wmp.ocx
2011-03-04 22:02 . 2004-08-04 11:00 65536 ----a-w- c:\windows\system32\jgsh400.dll
2011-03-04 22:02 . 2004-08-04 11:00 45568 ----a-w- c:\windows\system32\jgsd400.dll
2011-03-04 22:02 . 2004-08-04 11:00 44544 ----a-w- c:\windows\system32\jgaw400.dll
2011-03-04 22:02 . 2004-08-04 11:00 4096 ----a-w- c:\windows\system32\MPG4DMOD.dll
2011-03-04 22:02 . 2004-08-04 11:00 35840 ----a-w- c:\windows\system32\jgmd400.dll
2011-03-04 22:02 . 2004-08-04 11:00 87040 ----a-w- c:\windows\system32\drmstor.dll
2011-03-04 22:02 . 2004-08-04 11:00 299520 ----a-w- c:\windows\system32\drmclien.dll
2011-02-09 13:53 . 2004-08-04 11:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 11:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-04 11:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-04 11:00 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 11:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-12 03:04 . 2011-01-12 03:04 183296 ----a-w- c:\windows\system32\Ncs2Setp.dll
2011-01-12 02:56 . 2011-01-12 02:56 659576 ----a-w- c:\windows\system32\ncs2dmix.dll
2011-01-12 02:56 . 2011-01-12 02:56 514168 ----a-w- c:\windows\system32\accesor.dll
2011-01-12 02:25 . 2011-01-12 02:25 135288 ----a-w- c:\windows\system32\ncs2instutility.dll
2011-01-12 02:01 . 2011-01-12 02:01 1930360 ----a-w- c:\windows\system32\ncscolib.dll
2011-01-11 18:51 . 2003-11-21 21:26 266440 ----a-w- c:\windows\system32\Prounstl.exe
2011-01-07 14:09 . 2004-08-04 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2010-08-18 02:10 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{41e64f2b-bb63-4fcf-b98f-3921aea84d7e}"= "c:\program files\Reimage_PC_Repair\prxtbRei0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{41e64f2b-bb63-4fcf-b98f-3921aea84d7e}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41e64f2b-bb63-4fcf-b98f-3921aea84d7e}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Reimage_PC_Repair\prxtbRei0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41e64f2b-bb63-4fcf-b98f-3921aea84d7e}"= "c:\program files\Reimage_PC_Repair\prxtbRei0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{41e64f2b-bb63-4fcf-b98f-3921aea84d7e}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{41E64F2B-BB63-4FCF-B98F-3921AEA84D7E}"= "c:\program files\Reimage_PC_Repair\prxtbRei0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{41e64f2b-bb63-4fcf-b98f-3921aea84d7e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\documents and settings\user\Application Data\Google Talk\googletalk.exe" [2011-02-19 131584]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2004-05-06 155648]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2004-05-06 118784]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-05-06 118784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-03-12 98304]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-12-16 1195920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
.
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [8/21/2010 8:40 PM 64512]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [3/13/2011 7:23 PM 84072]
R2 fpUpdateSvc;Family Protection Update Service;c:\program files\Internet Content Filter\UpdateService.exe [3/13/2011 7:27 PM 235024]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\SYSTEM32\IPROSetMonitor.exe [3/3/2011 10:13 AM 109728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/13/2011 7:23 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/13/2011 7:23 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/13/2011 7:23 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [3/13/2011 7:23 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [3/13/2011 7:23 PM 141792]
R2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [3/13/2011 7:16 PM 689464]
R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [3/13/2011 7:23 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [3/13/2011 7:23 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [3/13/2011 7:23 PM 88544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/15/2011 5:40 PM 136176]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\SYSTEM32\AWINDIS5.SYS [3/3/2011 3:21 PM 16194]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/16/2011 4:05 AM 1405384]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [3/16/2011 4:05 AM 15232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [3/13/2011 7:23 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [3/13/2011 7:23 PM 84264]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\SYSTEM32\DRIVERS\PTDUBus.sys [8/18/2010 6:46 AM 54416]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\SYSTEM32\DRIVERS\PTDUMdm.sys [8/18/2010 6:46 AM 160272]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\PTDUVsp.sys [8/18/2010 6:46 AM 160272]
S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\SYSTEM32\DRIVERS\PTDUWFLT.sys [8/18/2010 6:46 AM 11920]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\SYSTEM32\DRIVERS\PTDUWWAN.sys [8/18/2010 6:46 AM 113680]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 McOobeSv;McAfee OOBE Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/13/2011 7:23 PM 271480]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-03-16 08:05]
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-15 21:40]
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-15 21:40]
.
2011-03-23 c:\windows\Tasks\vtscheduletask.job
- c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2011-03-04 19:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.verizon.net/central
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
LSP: ICF.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\www.update
Trusted Zone: windowsupdate.com\download
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Microsoft Interactive Training - c:\windows\orun32.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-23 15:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4018511625-2458006549-1441198334-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1220)
c:\windows\system32\ICF.dll
.
- - - - - - - > 'explorer.exe'(2076)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Internet Content Filter\mfp.exe
.
**************************************************************************
.
Completion time: 2011-03-23 16:04:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-23 20:04
.
Pre-Run: 14,171,447,296 bytes free
Post-Run: 14,188,302,336 bytes free
.
- - End Of File - - 2E62B33CCBF047ACA5ADFACF21478842

New DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by user at 16:10:16.18 on Wed 03/23/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2606 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: McAfee Personal Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Internet Content Filter\UpdateService.exe
C:\WINDOWS\system32\IProsetMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Content Filter\mfp.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\user\Desktop\dds.pif
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.verizon.net/central
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Reimage PC Repair Toolbar: {41e64f2b-bb63-4fcf-b98f-3921aea84d7e} - c:\program files\reimage_pc_repair\prxtbRei0.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Reimage PC Repair Toolbar: {41e64f2b-bb63-4fcf-b98f-3921aea84d7e} - c:\program files\reimage_pc_repair\prxtbRei0.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110318160141.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Reimage PC Repair Toolbar: {41e64f2b-bb63-4fcf-b98f-3921aea84d7e} - c:\program files\reimage_pc_repair\prxtbRei0.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [googletalk] c:\documents and settings\user\application data\google talk\googletalk.exe /autostart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: ICF.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\www.update
Trusted Zone: windowsupdate.com\download
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281909396171
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282087880937
DPF: {D27CDB6E-AE6D-11CF-96B8-444543540000} - hxxp://active.macromedia.com/flash5/cabs/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-21 64512]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-13 84072]
R2 fpUpdateSvc;Family Protection Update Service;c:\program files\internet content filter\UpdateService.exe [2011-3-13 235024]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-3-3 109728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-13 271480]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-13 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-13 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-13 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-13 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-13 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2011-3-13 141792]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2011-3-13 689464]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2011-3-3 16194]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-13 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-13 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-13 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-13 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-13 88544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-15 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-16 1405384]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-16 15232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-13 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-13 84264]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2010-8-18 54416]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2010-8-18 160272]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2010-8-18 160272]
S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\PTDUWFLT.sys [2010-8-18 11920]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2010-8-18 113680]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 McOobeSv;McAfee OOBE Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-13 271480]
.
=============== Created Last 30 ================
.
2011-03-23 19:31:26 98816 ----a-w- c:\windows\sed.exe
2011-03-23 19:31:26 89088 ----a-w- c:\windows\MBR.exe
2011-03-23 19:31:26 256512 ----a-w- c:\windows\PEV.exe
2011-03-23 19:31:26 161792 ----a-w- c:\windows\SWREG.exe
2011-03-21 14:31:14 -------- d-sha-r- C:\cmdcons
2011-03-21 14:31:12 -------- d-----w- c:\windows\setup.pss
2011-03-21 14:30:39 -------- d-----w- c:\windows\setupupd
2011-03-21 13:36:05 -------- d-----w- c:\program files\ACW
2011-03-21 13:07:50 -------- d-----w- c:\docume~1\user\applic~1\Systweak
2011-03-21 13:07:27 -------- d-----w- c:\program files\RegClean Pro
2011-03-21 03:32:14 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-03-21 03:32:11 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-03-21 03:32:10 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-03-21 03:32:06 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-03-21 03:32:02 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-03-21 03:30:58 12127 ----a-w- c:\windows\system32\dllcache\wadv02nt.sys
2011-03-21 03:29:59 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-03-21 03:28:58 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-03-21 03:27:58 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-03-21 03:26:58 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2011-03-21 03:25:58 35913 ----a-w- c:\windows\system32\dllcache\smcirda.sys
2011-03-21 03:24:58 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-03-21 03:23:59 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys
2011-03-21 03:22:59 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
2011-03-21 03:21:59 8832 ----a-w- c:\windows\system32\dllcache\powerfil.sys
2011-03-21 03:20:56 39424 ----a-w- c:\windows\system32\dllcache\ovcoms.exe
2011-03-21 03:19:58 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-03-21 03:18:59 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll
2011-03-21 03:17:58 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2011-03-21 03:16:59 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-03-21 03:15:58 38784 ----a-w- c:\windows\system32\dllcache\io8.sys
2011-03-21 03:14:58 10129408 ----a-w- c:\windows\system32\dllcache\hwxkor.dll
2011-03-21 03:13:58 126976 ----a-w- c:\windows\system32\dllcache\hpgt34tk.dll
2011-03-21 03:12:58 34173 ----a-w- c:\windows\system32\dllcache\forehe.sys
2011-03-21 03:11:59 114944 ----a-w- c:\windows\system32\dllcache\epstw2k.sys
2011-03-21 03:10:59 38985 ----a-w- c:\windows\system32\dllcache\disrvsu.dll
2011-03-21 03:09:59 6912 ----a-w- c:\windows\system32\dllcache\ctlfacem.sys
2011-03-21 03:08:59 3168 ----a-w- c:\windows\system32\dllcache\brparimg.sys
2011-03-21 03:07:43 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-03-21 02:42:09 -------- d-----w- c:\docume~1\user\applic~1\ElevatedDiagnostics
2011-03-18 21:01:12 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-18 20:41:39 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{870E601A-FE70-4098-94B2-6E9963FCAA51}
2011-03-18 20:41:18 -------- d-----w- c:\program files\Lavasoft
2011-03-18 18:27:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-18 18:27:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-03-17 19:41:38 -------- d--h--w- c:\windows\PIF
2011-03-14 14:35:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2011-03-13 23:27:32 320528 ----a-w- c:\windows\system32\seinst.dll
2011-03-13 23:27:32 299024 ----a-w- c:\windows\system32\ICF.dll
2011-03-13 23:27:31 -------- d-----w- c:\program files\Internet Content Filter
2011-03-13 23:23:26 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-03-13 23:23:17 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-03-13 23:23:17 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-03-13 23:23:17 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-03-13 23:23:17 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-03-13 23:23:16 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-03-13 23:23:16 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-03-13 23:23:16 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-03-13 23:23:16 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-03-13 23:23:16 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-03-13 23:23:07 -------- d-----w- c:\program files\common files\Mcafee
2011-03-13 23:23:06 -------- d-----w- c:\program files\McAfee.com
2011-03-13 23:16:49 -------- d-----w- c:\program files\Verizon
2011-03-13 03:40:06 -------- dc-h--w- c:\windows\ie8
2011-03-06 18:41:23 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Threat Expert
2011-03-06 03:13:33 -------- d-----w- c:\program files\PC Tools Security
2011-03-06 00:52:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-03-05 15:42:27 -------- d--h--w- c:\windows\msdownld.tmp
2011-03-05 15:40:44 -------- d-----w- c:\windows\Logs
2011-03-04 22:05:55 -------- d-----w- c:\windows\SxsCaPendDel
2011-03-04 21:50:58 9216 ----a-w- c:\windows\system32\Native.exe
2011-03-04 21:50:57 -------- d-----w- C:\ReimageUndo
2011-03-04 20:37:29 -------- d-----w- C:\rei
2011-03-04 20:37:25 -------- d-----w- c:\program files\Reimage
2011-03-04 20:32:43 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-04 20:24:37 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Reimage_PC_Repair
2011-03-04 20:24:36 -------- d-----w- c:\program files\Reimage_PC_Repair
2011-03-04 20:24:36 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Temp
2011-03-04 20:24:36 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Conduit
2011-03-04 17:12:10 -------- d-----w- c:\docume~1\user\applic~1\McAfee
2011-03-03 20:51:58 -------- d-----w- c:\program files\McAfee
2011-03-03 20:26:18 -------- d-----w- c:\docume~1\user\applic~1\MSNInstaller
2011-03-03 19:21:35 16194 ----a-w- c:\windows\system32\AWINDIS5.SYS
2011-03-03 19:21:35 135265 ----a-w- c:\windows\system32\AW32n50.dll
2011-03-03 19:21:35 102400 ----a-w- c:\windows\system32\ASupplicant.dll
2011-03-03 19:21:34 1286144 ----a-w- c:\windows\system32\drivers\WN311B.sys
2011-03-03 19:21:32 -------- d-----w- c:\program files\NETGEAR
2011-03-03 14:13:42 109728 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2011-03-02 23:55:00 79872 ----a-w- c:\windows\system32\dllcache\msxml6r.dll
2011-03-02 23:55:00 79872 ------w- c:\windows\system32\msxml6r.dll
2011-03-02 23:55:00 577536 ----a-w- c:\windows\system32\dllcache\sprc041b.dll
2011-03-02 23:55:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2011-03-02 23:55:00 1372672 ----a-w- c:\windows\system32\dllcache\msxml6.dll
2011-03-02 23:53:57 39936 ----a-w- c:\windows\system32\dllcache\snmpthrd.dll
2011-03-02 23:53:57 331264 ----a-w- c:\windows\system32\dllcache\aqueue.dll
2011-03-02 23:53:57 101888 ----a-w- c:\windows\system32\dllcache\evntagnt.dll
2011-03-02 23:51:18 19569 ----a-w- c:\windows\002466_.tmp
2011-03-02 22:14:55 -------- d-----w- C:\ERDNT
2011-03-01 21:40:25 -------- d-----w- c:\program files\msn gaming zone
2011-03-01 16:52:36 18944 ----a-w- c:\windows\system32\simptcp.dll
2011-03-01 16:52:36 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2011-03-01 16:52:30 35328 ----a-w- c:\windows\system32\iprip.dll
2011-03-01 16:52:30 35328 ----a-w- c:\windows\system32\dllcache\iprip.dll
2011-02-28 22:47:40 1409 ----a-w- c:\windows\QTFont.for
2011-02-28 00:51:28 281616 ----a-w- c:\windows\sediag.exe
2011-02-28 00:24:48 -------- d-----w- c:\docume~1\user\applic~1\Verizon
2011-02-28 00:24:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Radialpoint
2011-02-28 00:24:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Verizon
2011-02-27 13:58:42 -------- d-----w- c:\docume~1\user\applic~1\Malwarebytes
2011-02-27 03:31:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-27 03:31:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-27 03:31:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-27 03:31:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-26 22:54:50 0 ----a-w- c:\windows\Mhohuto.bin
2011-02-26 22:49:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\hIkFlKc15400
.
==================== Find3M ====================
.
2011-03-21 21:27:19 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-12 03:04:20 183296 ----a-w- c:\windows\system32\Ncs2Setp.dll
2011-01-12 02:56:10 659576 ----a-w- c:\windows\system32\ncs2dmix.dll
2011-01-12 02:56:02 514168 ----a-w- c:\windows\system32\accesor.dll
2011-01-12 02:25:06 135288 ----a-w- c:\windows\system32\ncs2instutility.dll
2011-01-12 02:01:24 1930360 ----a-w- c:\windows\system32\ncscolib.dll
2011-01-11 18:51:54 266440 ----a-w- c:\windows\system32\Prounstl.exe
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 16:10:47.71 ===============

Attached Files



#9 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:29 AM

Posted 24 March 2011 - 01:02 AM

Hi again,

Uninstall (if not familiar with):
Reimage PC Repair Toolbar
Reimage Repair



Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\Mhohuto.bin
DirLook::
c:\docume~1\alluse~1\applic~1\hIkFlKc15400
DDS::
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one ((Adobe Reader X + 10.0.1 update for it)) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 24.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is not checked.
  • Click Scan
  • Wait for the scan to finish.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Edited by Blade81, 24 March 2011 - 01:03 AM.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#10 chuck3778

chuck3778
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 24 March 2011 - 03:49 PM

Hello Blade81,

I've left the Reimage PC Repair Toolbar and Reimage Repair files on my computer - I am familiary with them and have paid for their use.
I've run the ComboFix script and have attached the log as requested.
I've removed the old versions of Adobe Reader and Java and replaced with the newest.
I've ran the online ESET scan but didn't see a report that I could attach but the end result was:
Scanned files: 93869
Unfected files: 0
Cleaned files: 0
Total Scan time: 01:33:33
Scan Status: Finished

I've also attached the new DDS logs.

I do have a question - assuming I'm bug free now do I need to have both Spybot Search and Destroy and Ad-Aware programs on my computer and run them periodically? I'm already using a McAfee Security Suite from my internet provider which is supposed to scan continuously. Thanks for your advice.

ComboFix 11-03-23.03 - user 03/24/2011 8:48.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2532 [GMT -4:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
FILE ::
"c:\windows\Mhohuto.bin"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Mhohuto.bin
.
.
((((((((((((((((((((((((( Files Created from 2011-02-24 to 2011-03-24 )))))))))))))))))))))))))))))))
.
.
2011-03-21 13:36 . 2011-03-21 13:36 -------- d-----w- c:\program files\ACW
2011-03-21 13:07 . 2011-03-21 20:54 -------- d-----w- c:\documents and settings\user\Application Data\Systweak
2011-03-21 13:07 . 2011-03-21 20:54 -------- d-----w- c:\program files\RegClean Pro
2011-03-21 03:32 . 2008-04-14 09:42 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-03-21 03:32 . 2001-08-18 02:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-03-21 03:32 . 2008-04-14 09:42 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-03-21 03:32 . 2001-08-18 02:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-03-21 03:32 . 2001-08-18 02:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-03-21 03:30 . 2008-04-14 02:04 12127 ----a-w- c:\windows\system32\dllcache\wadv02nt.sys
2011-03-21 03:29 . 2001-08-17 17:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-03-21 03:28 . 2001-08-17 16:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-03-21 03:27 . 2001-08-17 16:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-03-21 03:26 . 2001-08-17 17:51 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2011-03-21 03:25 . 2001-08-17 16:10 35913 ----a-w- c:\windows\system32\dllcache\smcirda.sys
2011-03-21 03:24 . 2001-08-17 16:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-03-21 03:23 . 2001-08-17 16:50 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys
2011-03-21 03:22 . 2001-08-17 16:19 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
2011-03-21 03:21 . 2008-04-14 04:10 8832 ----a-w- c:\windows\system32\dllcache\powerfil.sys
2011-03-21 03:20 . 2001-08-18 02:36 39424 ----a-w- c:\windows\system32\dllcache\ovcoms.exe
2011-03-21 03:19 . 2001-08-17 17:53 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-03-21 03:18 . 2001-08-18 02:36 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll
2011-03-21 03:17 . 2001-08-17 16:50 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2011-03-21 03:16 . 2008-04-14 04:10 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-03-21 03:15 . 2001-08-17 17:50 38784 ----a-w- c:\windows\system32\dllcache\io8.sys
2011-03-21 03:14 . 2004-08-04 11:00 10129408 ----a-w- c:\windows\system32\dllcache\hwxkor.dll
2011-03-21 03:13 . 2001-08-18 02:36 126976 ----a-w- c:\windows\system32\dllcache\hpgt34tk.dll
2011-03-21 03:12 . 2008-04-14 02:05 34173 ----a-w- c:\windows\system32\dllcache\forehe.sys
2011-03-21 03:11 . 2001-08-17 17:50 114944 ----a-w- c:\windows\system32\dllcache\epstw2k.sys
2011-03-21 03:10 . 2001-08-18 02:36 38985 ----a-w- c:\windows\system32\dllcache\disrvsu.dll
2011-03-21 03:09 . 2001-08-17 16:19 6912 ----a-w- c:\windows\system32\dllcache\ctlfacem.sys
2011-03-21 03:08 . 2001-08-17 17:12 3168 ----a-w- c:\windows\system32\dllcache\brparimg.sys
2011-03-21 03:07 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-03-21 02:42 . 2011-03-21 03:00 -------- d-----w- c:\documents and settings\user\Application Data\ElevatedDiagnostics
2011-03-19 15:10 . 2011-03-21 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2011-03-18 21:01 . 2011-03-16 08:05 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-18 20:41 . 2011-03-18 20:41 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{870E601A-FE70-4098-94B2-6E9963FCAA51}
2011-03-18 20:41 . 2011-03-18 20:41 -------- d-----w- c:\program files\Lavasoft
2011-03-18 18:27 . 2011-03-18 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-03-18 18:27 . 2011-03-18 18:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-17 19:41 . 2011-03-17 19:41 -------- d--h--w- c:\windows\PIF
2011-03-17 04:31 . 2011-03-17 04:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2011-03-17 04:30 . 2011-03-17 04:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-03-14 14:35 . 2011-03-21 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-03-13 23:27 . 2010-03-09 13:39 320528 ----a-w- c:\windows\system32\seinst.dll
2011-03-13 23:27 . 2010-03-09 13:39 299024 ----a-w- c:\windows\system32\ICF.dll
2011-03-13 23:27 . 2011-03-13 23:27 -------- d-----w- c:\program files\Internet Content Filter
2011-03-13 23:23 . 2010-11-12 18:17 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-03-13 23:23 . 2010-11-12 18:17 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-03-13 23:23 . 2010-11-12 18:17 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-03-13 23:23 . 2010-11-12 18:17 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-03-13 23:23 . 2010-11-12 18:17 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-03-13 23:23 . 2010-11-12 18:17 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-03-13 23:23 . 2010-11-12 18:17 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-03-13 23:23 . 2010-11-12 18:17 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-03-13 23:23 . 2010-11-12 18:17 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-03-13 23:23 . 2010-11-12 18:17 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-03-13 23:23 . 2011-03-13 23:23 -------- d-----w- c:\program files\Common Files\Mcafee
2011-03-13 23:16 . 2011-03-13 23:16 -------- d-----w- c:\program files\Verizon
2011-03-13 03:40 . 2011-03-13 03:41 -------- dc-h--w- c:\windows\ie8
2011-03-06 18:41 . 2011-03-06 18:41 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Threat Expert
2011-03-06 03:13 . 2011-03-06 18:41 -------- d-----w- c:\program files\PC Tools Security
2011-03-06 00:55 . 2011-03-06 14:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-06 00:52 . 2011-03-06 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-03-05 15:42 . 2011-03-05 19:45 -------- d--h--w- c:\windows\msdownld.tmp
2011-03-05 15:40 . 2011-03-05 19:49 -------- d-----w- c:\windows\Logs
2011-03-04 23:35 . 2011-03-04 23:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2011-03-04 22:05 . 2011-03-04 22:05 -------- d-----w- c:\windows\SxsCaPendDel
2011-03-04 21:50 . 2011-03-21 21:20 9216 ----a-w- c:\windows\system32\Native.exe
2011-03-04 21:50 . 2011-03-04 22:07 -------- d-----w- C:\ReimageUndo
2011-03-04 20:37 . 2011-03-21 21:36 -------- d-----w- C:\rei
2011-03-04 20:37 . 2011-03-04 20:37 -------- d-----w- c:\program files\Reimage
2011-03-04 20:32 . 2011-03-04 20:32 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-04 20:24 . 2011-03-23 15:58 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Reimage_PC_Repair
2011-03-04 20:24 . 2011-03-21 21:08 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Temp
2011-03-04 20:24 . 2011-03-04 20:24 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Conduit
2011-03-04 17:12 . 2011-03-04 17:12 -------- d-----w- c:\documents and settings\user\Application Data\McAfee
2011-03-03 20:51 . 2011-03-18 19:22 -------- d-----w- c:\program files\McAfee
2011-03-03 20:42 . 2011-03-13 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-03-03 20:26 . 2011-03-03 20:26 -------- d-----w- c:\documents and settings\user\Application Data\MSNInstaller
2011-03-03 19:21 . 2007-01-18 15:29 102400 ----a-w- c:\windows\system32\ASupplicant.dll
2011-03-03 19:21 . 2006-09-18 13:25 135265 ----a-w- c:\windows\system32\AW32n50.dll
2011-03-03 19:21 . 2002-04-11 22:43 16194 ----a-w- c:\windows\system32\AWINDIS5.SYS
2011-03-03 19:21 . 2008-11-06 21:33 1286144 ----a-w- c:\windows\system32\drivers\WN311B.sys
2011-03-03 19:21 . 2011-03-03 19:21 -------- d-----w- c:\program files\NETGEAR
2011-03-03 14:13 . 2010-12-06 17:00 109728 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2011-03-02 23:55 . 2009-07-31 14:05 1372672 ----a-w- c:\windows\system32\msxml6.dll
2011-03-02 23:55 . 2009-07-31 14:05 1372672 ----a-w- c:\windows\system32\dllcache\msxml6.dll
2011-03-02 23:55 . 2008-04-14 05:10 577536 ----a-w- c:\windows\system32\dllcache\sprc041b.dll
2011-03-02 23:55 . 2008-04-14 03:57 79872 ----a-w- c:\windows\system32\dllcache\msxml6r.dll
2011-03-02 23:55 . 2008-04-14 03:57 79872 ------w- c:\windows\system32\msxml6r.dll
2011-03-02 23:53 . 2008-04-14 10:42 39936 ----a-w- c:\windows\system32\dllcache\snmpthrd.dll
2011-03-02 23:53 . 2008-04-14 10:41 101888 ----a-w- c:\windows\system32\dllcache\evntagnt.dll
2011-03-02 23:53 . 2008-04-14 10:41 331264 ----a-w- c:\windows\system32\dllcache\aqueue.dll
2011-03-02 23:51 . 2006-12-29 05:31 19569 ----a-w- c:\windows\002466_.tmp
2011-03-02 22:14 . 2011-03-03 13:35 -------- d-----w- C:\ERDNT
2011-03-01 16:52 . 2004-08-04 11:00 18944 ----a-w- c:\windows\system32\simptcp.dll
2011-03-01 16:52 . 2004-08-04 11:00 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2011-03-01 16:52 . 2008-04-14 10:41 35328 ----a-w- c:\windows\system32\iprip.dll
2011-03-01 16:52 . 2008-04-14 10:41 35328 ----a-w- c:\windows\system32\dllcache\iprip.dll
2011-02-28 22:47 . 2011-02-28 22:47 1409 ----a-w- c:\windows\QTFont.for
2011-02-28 00:51 . 2010-03-09 13:39 281616 ----a-w- c:\windows\sediag.exe
2011-02-28 00:24 . 2011-02-28 00:24 -------- d-----w- c:\documents and settings\user\Application Data\Verizon
2011-02-28 00:24 . 2011-03-17 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Radialpoint
2011-02-28 00:24 . 2011-02-28 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon
2011-02-27 14:38 . 2011-02-27 14:38 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2011-02-27 14:35 . 2011-02-27 14:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-02-27 14:34 . 2011-02-27 14:34 -------- d-----w- c:\windows\Sun
2011-02-27 13:58 . 2011-02-27 13:58 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2011-02-27 03:31 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-27 03:31 . 2011-02-27 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-27 03:31 . 2011-03-12 21:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-27 03:31 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-26 23:45 . 2011-02-27 00:22 -------- d-----w- c:\documents and settings\Administrator
2011-02-26 22:49 . 2011-02-27 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\hIkFlKc15400
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 21:37 . 2010-08-18 02:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2011-03-21 21:27 . 2005-03-12 15:14 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-03-21 21:27 . 2004-08-04 11:00 209624 ----a-w- c:\windows\system32\wuweb.dll
2011-03-16 08:05 . 2010-08-22 00:40 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-04 22:02 . 2004-08-04 11:00 20480 ----a-w- c:\windows\system32\wmpui.dll
2011-03-04 22:02 . 2004-08-04 11:00 20480 ----a-w- c:\windows\system32\wmpcore.dll
2011-03-04 22:02 . 2004-08-04 11:00 20480 ----a-w- c:\windows\system32\wmpcd.dll
2011-03-04 22:02 . 2004-08-04 11:00 20480 ----a-w- c:\windows\system32\wmp.ocx
2011-03-04 22:02 . 2004-08-04 11:00 65536 ----a-w- c:\windows\system32\jgsh400.dll
2011-03-04 22:02 . 2004-08-04 11:00 45568 ----a-w- c:\windows\system32\jgsd400.dll
2011-03-04 22:02 . 2004-08-04 11:00 44544 ----a-w- c:\windows\system32\jgaw400.dll
2011-03-04 22:02 . 2004-08-04 11:00 4096 ----a-w- c:\windows\system32\MPG4DMOD.dll
2011-03-04 22:02 . 2004-08-04 11:00 35840 ----a-w- c:\windows\system32\jgmd400.dll
2011-03-04 22:02 . 2004-08-04 11:00 87040 ----a-w- c:\windows\system32\drmstor.dll
2011-03-04 22:02 . 2004-08-04 11:00 299520 ----a-w- c:\windows\system32\drmclien.dll
2011-02-09 13:53 . 2004-08-04 11:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 11:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-04 11:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-04 11:00 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 11:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-12 03:04 . 2011-01-12 03:04 183296 ----a-w- c:\windows\system32\Ncs2Setp.dll
2011-01-12 02:56 . 2011-01-12 02:56 659576 ----a-w- c:\windows\system32\ncs2dmix.dll
2011-01-12 02:56 . 2011-01-12 02:56 514168 ----a-w- c:\windows\system32\accesor.dll
2011-01-12 02:25 . 2011-01-12 02:25 135288 ----a-w- c:\windows\system32\ncs2instutility.dll
2011-01-12 02:01 . 2011-01-12 02:01 1930360 ----a-w- c:\windows\system32\ncscolib.dll
2011-01-11 18:51 . 2003-11-21 21:26 266440 ----a-w- c:\windows\system32\Prounstl.exe
2011-01-07 14:09 . 2004-08-04 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2010-08-18 02:10 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\docume~1\alluse~1\applic~1\hIkFlKc15400 ----
.
2011-02-26 22:49 . 2011-02-27 02:48 98 ----a-w- c:\docume~1\alluse~1\applic~1\hIkFlKc15400\hIkFlKc15400
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{41e64f2b-bb63-4fcf-b98f-3921aea84d7e}"= "c:\program files\Reimage_PC_Repair\prxtbRei0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{41e64f2b-bb63-4fcf-b98f-3921aea84d7e}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41e64f2b-bb63-4fcf-b98f-3921aea84d7e}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Reimage_PC_Repair\prxtbRei0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41e64f2b-bb63-4fcf-b98f-3921aea84d7e}"= "c:\program files\Reimage_PC_Repair\prxtbRei0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{41e64f2b-bb63-4fcf-b98f-3921aea84d7e}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{41E64F2B-BB63-4FCF-B98F-3921AEA84D7E}"= "c:\program files\Reimage_PC_Repair\prxtbRei0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{41e64f2b-bb63-4fcf-b98f-3921aea84d7e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\documents and settings\user\Application Data\Google Talk\googletalk.exe" [2011-02-19 131584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2004-05-06 155648]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2004-05-06 118784]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-05-06 118784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-03-12 98304]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-12-16 1195920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
.
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [8/21/2010 8:40 PM 64512]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [3/13/2011 7:23 PM 84072]
R2 fpUpdateSvc;Family Protection Update Service;c:\program files\Internet Content Filter\UpdateService.exe [3/13/2011 7:27 PM 235024]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\SYSTEM32\IPROSetMonitor.exe [3/3/2011 10:13 AM 109728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/13/2011 7:23 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/13/2011 7:23 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/13/2011 7:23 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [3/13/2011 7:23 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [3/13/2011 7:23 PM 141792]
R2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [3/13/2011 7:16 PM 689464]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\SYSTEM32\AWINDIS5.SYS [3/3/2011 3:21 PM 16194]
R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [3/13/2011 7:23 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [3/13/2011 7:23 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [3/13/2011 7:23 PM 88544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/15/2011 5:40 PM 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/16/2011 4:05 AM 1405384]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [3/16/2011 4:05 AM 15232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [3/13/2011 7:23 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [3/13/2011 7:23 PM 84264]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\SYSTEM32\DRIVERS\PTDUBus.sys [8/18/2010 6:46 AM 54416]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\SYSTEM32\DRIVERS\PTDUMdm.sys [8/18/2010 6:46 AM 160272]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\PTDUVsp.sys [8/18/2010 6:46 AM 160272]
S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\SYSTEM32\DRIVERS\PTDUWFLT.sys [8/18/2010 6:46 AM 11920]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\SYSTEM32\DRIVERS\PTDUWWAN.sys [8/18/2010 6:46 AM 113680]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 McOobeSv;McAfee OOBE Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/13/2011 7:23 PM 271480]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-03-16 08:05]
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-15 21:40]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-15 21:40]
.
2011-03-23 c:\windows\Tasks\vtscheduletask.job
- c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2011-03-04 19:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.verizon.net/central
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
LSP: ICF.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\www.update
Trusted Zone: windowsupdate.com\download
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-24 08:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4018511625-2458006549-1441198334-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1220)
c:\windows\system32\ICF.dll
.
Completion time: 2011-03-24 08:58:31
ComboFix-quarantined-files.txt 2011-03-24 12:58
ComboFix2.txt 2011-03-23 20:04
.
Pre-Run: 14,186,143,744 bytes free
Post-Run: 14,150,750,208 bytes free
.
- - End Of File - - 76218C1E79E1BFE1755760B5C899BFBE

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by user at 16:27:41.87 on Thu 03/24/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2442 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: McAfee Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Content Filter\UpdateService.exe
C:\WINDOWS\system32\IProsetMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Content Filter\mfp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\dds.pif
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.verizon.net/central
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Reimage PC Repair Toolbar: {41e64f2b-bb63-4fcf-b98f-3921aea84d7e} - c:\program files\reimage_pc_repair\prxtbRei0.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Reimage PC Repair Toolbar: {41e64f2b-bb63-4fcf-b98f-3921aea84d7e} - c:\program files\reimage_pc_repair\prxtbRei0.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110318160141.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Reimage PC Repair Toolbar: {41e64f2b-bb63-4fcf-b98f-3921aea84d7e} - c:\program files\reimage_pc_repair\prxtbRei0.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [googletalk] c:\documents and settings\user\application data\google talk\googletalk.exe /autostart
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: ICF.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\www.update
Trusted Zone: windowsupdate.com\download
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281909396171
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282087880937
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444543540000} - hxxp://active.macromedia.com/flash5/cabs/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-21 64512]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-13 84072]
R2 fpUpdateSvc;Family Protection Update Service;c:\program files\internet content filter\UpdateService.exe [2011-3-13 235024]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-3-3 109728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-13 271480]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-13 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-13 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-13 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-13 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-13 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2011-3-13 141792]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2011-3-13 689464]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2011-3-3 16194]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-13 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-13 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-13 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-13 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-13 88544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-15 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-16 1405384]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-16 15232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-13 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-13 84264]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2010-8-18 54416]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2010-8-18 160272]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2010-8-18 160272]
S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\PTDUWFLT.sys [2010-8-18 11920]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2010-8-18 113680]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 McOobeSv;McAfee OOBE Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-13 271480]
.
=============== Created Last 30 ================
.
2011-03-24 14:07:07 -------- d-----w- c:\program files\ESET
2011-03-23 19:31:26 98816 ----a-w- c:\windows\sed.exe
2011-03-23 19:31:26 89088 ----a-w- c:\windows\MBR.exe
2011-03-23 19:31:26 256512 ----a-w- c:\windows\PEV.exe
2011-03-23 19:31:26 161792 ----a-w- c:\windows\SWREG.exe
2011-03-21 14:31:14 -------- d-sha-r- C:\cmdcons
2011-03-21 14:31:12 -------- d-----w- c:\windows\setup.pss
2011-03-21 14:30:39 -------- d-----w- c:\windows\setupupd
2011-03-21 13:36:05 -------- d-----w- c:\program files\ACW
2011-03-21 13:07:50 -------- d-----w- c:\docume~1\user\applic~1\Systweak
2011-03-21 13:07:27 -------- d-----w- c:\program files\RegClean Pro
2011-03-21 03:32:14 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-03-21 03:32:11 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-03-21 03:32:10 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-03-21 03:32:06 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-03-21 03:32:02 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-03-21 03:30:58 12127 ----a-w- c:\windows\system32\dllcache\wadv02nt.sys
2011-03-21 03:29:59 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-03-21 03:28:58 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-03-21 03:27:58 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-03-21 03:26:58 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2011-03-21 03:25:58 35913 ----a-w- c:\windows\system32\dllcache\smcirda.sys
2011-03-21 03:24:58 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-03-21 03:23:59 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys
2011-03-21 03:22:59 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
2011-03-21 03:21:59 8832 ----a-w- c:\windows\system32\dllcache\powerfil.sys
2011-03-21 03:20:56 39424 ----a-w- c:\windows\system32\dllcache\ovcoms.exe
2011-03-21 03:19:58 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-03-21 03:18:59 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll
2011-03-21 03:17:58 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2011-03-21 03:16:59 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-03-21 03:15:58 38784 ----a-w- c:\windows\system32\dllcache\io8.sys
2011-03-21 03:14:58 10129408 ----a-w- c:\windows\system32\dllcache\hwxkor.dll
2011-03-21 03:13:58 126976 ----a-w- c:\windows\system32\dllcache\hpgt34tk.dll
2011-03-21 03:12:58 34173 ----a-w- c:\windows\system32\dllcache\forehe.sys
2011-03-21 03:11:59 114944 ----a-w- c:\windows\system32\dllcache\epstw2k.sys
2011-03-21 03:10:59 38985 ----a-w- c:\windows\system32\dllcache\disrvsu.dll
2011-03-21 03:09:59 6912 ----a-w- c:\windows\system32\dllcache\ctlfacem.sys
2011-03-21 03:08:59 3168 ----a-w- c:\windows\system32\dllcache\brparimg.sys
2011-03-21 03:07:43 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-03-21 02:42:09 -------- d-----w- c:\docume~1\user\applic~1\ElevatedDiagnostics
2011-03-18 21:01:12 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-18 20:41:39 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{870E601A-FE70-4098-94B2-6E9963FCAA51}
2011-03-18 20:41:18 -------- d-----w- c:\program files\Lavasoft
2011-03-18 18:27:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-18 18:27:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-03-17 19:41:38 -------- d--h--w- c:\windows\PIF
2011-03-14 14:35:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2011-03-13 23:27:32 320528 ----a-w- c:\windows\system32\seinst.dll
2011-03-13 23:27:32 299024 ----a-w- c:\windows\system32\ICF.dll
2011-03-13 23:27:31 -------- d-----w- c:\program files\Internet Content Filter
2011-03-13 23:23:26 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-03-13 23:23:17 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-03-13 23:23:17 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-03-13 23:23:17 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-03-13 23:23:17 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-03-13 23:23:16 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-03-13 23:23:16 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-03-13 23:23:16 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-03-13 23:23:16 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-03-13 23:23:16 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-03-13 23:23:07 -------- d-----w- c:\program files\common files\Mcafee
2011-03-13 23:23:06 -------- d-----w- c:\program files\McAfee.com
2011-03-13 23:16:49 -------- d-----w- c:\program files\Verizon
2011-03-13 03:40:06 -------- dc-h--w- c:\windows\ie8
2011-03-06 18:41:23 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Threat Expert
2011-03-06 03:13:33 -------- d-----w- c:\program files\PC Tools Security
2011-03-06 00:52:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-03-05 15:42:27 -------- d--h--w- c:\windows\msdownld.tmp
2011-03-05 15:40:44 -------- d-----w- c:\windows\Logs
2011-03-04 22:05:55 -------- d-----w- c:\windows\SxsCaPendDel
2011-03-04 21:50:58 9216 ----a-w- c:\windows\system32\Native.exe
2011-03-04 21:50:57 -------- d-----w- C:\ReimageUndo
2011-03-04 20:37:29 -------- d-----w- C:\rei
2011-03-04 20:37:25 -------- d-----w- c:\program files\Reimage
2011-03-04 20:32:43 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-04 20:24:37 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Reimage_PC_Repair
2011-03-04 20:24:36 -------- d-----w- c:\program files\Reimage_PC_Repair
2011-03-04 20:24:36 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Temp
2011-03-04 20:24:36 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Conduit
2011-03-04 17:12:10 -------- d-----w- c:\docume~1\user\applic~1\McAfee
2011-03-03 20:51:58 -------- d-----w- c:\program files\McAfee
2011-03-03 20:26:18 -------- d-----w- c:\docume~1\user\applic~1\MSNInstaller
2011-03-03 19:21:35 16194 ----a-w- c:\windows\system32\AWINDIS5.SYS
2011-03-03 19:21:35 135265 ----a-w- c:\windows\system32\AW32n50.dll
2011-03-03 19:21:35 102400 ----a-w- c:\windows\system32\ASupplicant.dll
2011-03-03 19:21:34 1286144 ----a-w- c:\windows\system32\drivers\WN311B.sys
2011-03-03 19:21:32 -------- d-----w- c:\program files\NETGEAR
2011-03-03 14:13:42 109728 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2011-03-02 23:55:00 79872 ----a-w- c:\windows\system32\dllcache\msxml6r.dll
2011-03-02 23:55:00 79872 ------w- c:\windows\system32\msxml6r.dll
2011-03-02 23:55:00 577536 ----a-w- c:\windows\system32\dllcache\sprc041b.dll
2011-03-02 23:55:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2011-03-02 23:55:00 1372672 ----a-w- c:\windows\system32\dllcache\msxml6.dll
2011-03-02 23:53:57 39936 ----a-w- c:\windows\system32\dllcache\snmpthrd.dll
2011-03-02 23:53:57 331264 ----a-w- c:\windows\system32\dllcache\aqueue.dll
2011-03-02 23:53:57 101888 ----a-w- c:\windows\system32\dllcache\evntagnt.dll
2011-03-02 23:51:18 19569 ----a-w- c:\windows\002466_.tmp
2011-03-02 22:14:55 -------- d-----w- C:\ERDNT
2011-03-01 21:40:25 -------- d-----w- c:\program files\msn gaming zone
2011-03-01 16:52:36 18944 ----a-w- c:\windows\system32\simptcp.dll
2011-03-01 16:52:36 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2011-03-01 16:52:30 35328 ----a-w- c:\windows\system32\iprip.dll
2011-03-01 16:52:30 35328 ----a-w- c:\windows\system32\dllcache\iprip.dll
2011-02-28 22:47:40 1409 ----a-w- c:\windows\QTFont.for
2011-02-28 00:51:28 281616 ----a-w- c:\windows\sediag.exe
2011-02-28 00:24:48 -------- d-----w- c:\docume~1\user\applic~1\Verizon
2011-02-28 00:24:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Radialpoint
2011-02-28 00:24:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Verizon
2011-02-27 13:58:42 -------- d-----w- c:\docume~1\user\applic~1\Malwarebytes
2011-02-27 03:31:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-27 03:31:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-27 03:31:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-27 03:31:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-26 22:49:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\hIkFlKc15400
.
==================== Find3M ====================
.
2011-03-21 21:27:19 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 01:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 23:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-12 03:04:20 183296 ----a-w- c:\windows\system32\Ncs2Setp.dll
2011-01-12 02:56:10 659576 ----a-w- c:\windows\system32\ncs2dmix.dll
2011-01-12 02:56:02 514168 ----a-w- c:\windows\system32\accesor.dll
2011-01-12 02:25:06 135288 ----a-w- c:\windows\system32\ncs2instutility.dll
2011-01-12 02:01:24 1930360 ----a-w- c:\windows\system32\ncscolib.dll
2011-01-11 18:51:54 266440 ----a-w- c:\windows\system32\Prounstl.exe
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 16:28:35.21 ===============

Thanks again for all your help,
Chuck3778

Attached Files



#11 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:29 AM

Posted 25 March 2011 - 11:03 AM

I do have a question - assuming I'm bug free now do I need to have both Spybot Search and Destroy and Ad-Aware programs on my computer and run them periodically?

That would be recommended.

Delete c:\documents and settings\All Users\Application Data\hIkFlKc15400 folder.


Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



Now lets uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



Download and run Secunia Personal Software Inspector (PSI) and fix its findings.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade B)

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#12 chuck3778

chuck3778
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 25 March 2011 - 02:27 PM

Good afternoon Blade!! I have completed all the steps in your last post and my computer is running very smoothly again. I have uninstalled ComboFix and reset my System Restore, downloaded and ran PSI and everything is fine. I've checked my Internet Explorer settings and all are as you advised. I will certainly take your advice and update, update, update and continue to run a virus scans software (I have McAfee Security Suite installed and running.)

Again I REALLY APPRECIATE all your hard work and support and thank you for the many hours of your time and sharing of your knowledge. I will certainly tell my friends of the wonders of Bleeping Computers.com.

Very respectfully,
Chuck3778

#13 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:29 AM

Posted 25 March 2011 - 03:34 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users