Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer Redirect


  • This topic is locked This topic is locked
23 replies to this topic

#1 RamHemi

RamHemi

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 02 April 2011 - 05:29 PM

Howdy, first time poster here,

Looks like I have an internet explorer re-direct virus that many others have gotten and would like some help please.
I can only get to sites by typing the URL, and I am currently running in Safe Mode.

I have ran MalwarBytes which removed a few items, as well as Spybot which found 1.

There is Trend Micro Office scan client running which I cna't figure out how to turn off, and can't uninstall without admin password which my company doesn't seem to know (not the greatest IT dept)

Also, all my files,programs, bascially everything has become hidden.

Thanks in advance for any advice,

RamHemi

I also ran Hijackthis and here is the log file.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:35:58 PM, on 4/2/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\tjbrown\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071024
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://applprd.xeta.com
O15 - Trusted Zone: http://appltst.xeta.com
O15 - Trusted Zone: http://my.xeta.com
O15 - Trusted Zone: http://oraapp1.xeta.com
O15 - Trusted Zone: http://sharepoint.xeta.com
O15 - Trusted Zone: http://applprd.xeta.com (HKLM)
O15 - ESC Trusted Zone: http://view.atdmt.com
O15 - ESC Trusted Zone: http://media-2.cacetech.com
O15 - ESC Trusted Zone: http://*.java-virtual-machine.net
O15 - ESC Trusted Zone: http://*.java.com
O15 - ESC Trusted Zone: http://ie.search.msn.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://sea.search.msn.com
O15 - ESC Trusted Zone: http://www.wireshark.org
O15 - ESC Trusted Zone: http://*.xmail
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted IP range: http://127.0.0.1
O16 - DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} (ILINCInstall86 Class) - https://content.ilinc.com/clientdownload/download/ilinci86.dll
O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} (ILINCInstall102 Class) - https://content10.ilinc.com/download/AXCltInstall.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238765833718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272052466156
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://xetasupport.webex.com/client/T25L/support/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.xeta.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.xeta.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.xeta.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = corp.xeta.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.xeta.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = corp.xeta.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = corp.xeta.com
O20 - AppInit_DLLs: C:\WINDOWS\system32\wxvault.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nortel Networks i2050 QoS Service (i2050QoSSvc) - Nortel Networks Corp. - C:\WINDOWS\system32\i2050QosSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pantech Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - Unknown owner - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (file missing)
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\OfficeScan NT\..\BM\TMBMSRV.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\OfficeScan NT\TmProxy.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 12677 bytes

EDIT: Posts merged ~BP

Edited by Budapest, 03 April 2011 - 04:16 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:57 PM

Posted 06 April 2011 - 09:24 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 RamHemi

RamHemi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 06 April 2011 - 02:45 PM

Myrti,

Thanks for getting back to me! I appreciate it!

As far as syptoms my PC first started to get Internet explorer redirect issues, then all of my progams & desktop items became hidden.
Also, when my PC is connected to the internet, I will get Internet Explorer Script error pop-up windows, even if I am not using IE at that time.

I have ran Malwarebytes, Stopzilla and Spybot all which found a hand full of items, but yet the symptoms are still there.

So you know I also ran ComboFix, hope this doesn't add the to headache.

Here are the 2 OTL logs

And thanks again
RamHemi


OTL logfile created on: 4/6/2011 1:31:54 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\tjbrown\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 22.77 Gb Free Space | 30.58% Space Free | Partition Type: NTFS
Drive D: | 527.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TJBROWN-D630 | User Name: TJBrown | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/06 13:30:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tjbrown\Desktop\OTL.exe
PRC - [2011/03/31 16:13:40 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2011/03/31 16:13:36 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | -H-- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2009/09/08 03:30:50 | 000,849,192 | -H-- | M] (Trend Micro Inc.) -- C:\OfficeScan NT\PccNTMon.exe
PRC - [2009/09/04 20:14:34 | 001,304,528 | -H-- | M] (Trend Micro Inc.) -- C:\OfficeScan NT\TmListen.exe
PRC - [2009/09/04 20:12:28 | 001,389,864 | -H-- | M] (Trend Micro Inc.) -- C:\OfficeScan NT\NTRtScan.exe
PRC - [2009/07/06 15:19:04 | 000,345,352 | -H-- | M] (Trend Micro Inc.) -- C:\BM\TMBMSRV.exe
PRC - [2009/04/27 12:06:28 | 000,435,576 | -H-- | M] (Trend Micro Inc.) -- C:\OfficeScan NT\CNTAoSMgr.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | -H-- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/06/19 18:08:44 | 001,528,608 | -H-- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/26 15:47:40 | 000,598,856 | -H-- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/07/25 15:32:50 | 000,823,296 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 15:32:34 | 000,294,912 | -H-- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 15:26:14 | 000,491,520 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/05/14 13:21:40 | 000,475,136 | -H-- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/02/24 11:29:34 | 000,155,648 | -H-- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe
PRC - [2007/02/18 22:27:16 | 000,090,112 | -H-- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2007/02/18 22:26:32 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/02/01 08:21:22 | 001,466,368 | -H-- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2006/12/19 13:21:48 | 000,079,432 | -H-- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/11/02 13:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2004/03/19 14:15:10 | 000,081,920 | ---- | M] (Nortel Networks Corp.) -- C:\WINDOWS\system32\i2050QosSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/04/06 13:30:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tjbrown\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/01/30 14:31:50 | 000,286,720 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2007/01/30 14:30:30 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\detoured.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (SupportSoft RemoteAssist)
SRV - [2011/03/31 16:13:36 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/09/01 15:51:28 | 000,066,112 | -H-- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/03/18 11:19:26 | 000,113,152 | -H-- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/20 12:19:48 | 000,117,264 | -H-- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/09/04 20:14:34 | 001,304,528 | -H-- | M] (Trend Micro Inc.) [Auto | Running] -- C:\OfficeScan NT\tmlisten.exe -- (tmlisten)
SRV - [2009/09/04 20:12:28 | 001,389,864 | -H-- | M] (Trend Micro Inc.) [Auto | Running] -- C:\OfficeScan NT\ntrtscan.exe -- (ntrtscan)
SRV - [2009/07/15 17:37:18 | 000,689,416 | -H-- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\OfficeScan NT\TmProxy.exe -- (TmProxy)
SRV - [2009/07/06 15:19:04 | 000,345,352 | -H-- | M] () [On_Demand | Running] -- C:\OfficeScan NT\..\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2008/06/19 18:08:44 | 001,528,608 | -H-- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/11/26 15:47:40 | 000,598,856 | -H-- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2007/10/24 22:10:53 | 000,654,848 | -H-- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/07/25 15:32:34 | 000,294,912 | -H-- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/05/14 13:21:40 | 000,475,136 | -H-- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/02/24 11:29:34 | 000,155,648 | -H-- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe -- (Pantech Utility Service)
SRV - [2007/02/18 22:27:16 | 000,090,112 | -H-- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2007/02/01 08:21:22 | 001,466,368 | -H-- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/01/29 20:59:58 | 000,487,424 | -H-- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2006/12/19 13:21:48 | 000,079,432 | -H-- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2004/03/19 14:15:10 | 000,081,920 | ---- | M] (Nortel Networks Corp.) [Auto | Running] -- C:\WINDOWS\system32\i2050QosSvc.exe -- (i2050QoSSvc)
SRV - [2004/03/16 08:42:36 | 000,851,968 | RH-- | M] (Internet Security Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Network ICE\BlackICE\blackd.exe -- (BlackICE)
SRV - [2003/06/19 17:40:20 | 000,688,128 | RH-- | M] (Internet Security Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Network ICE\BlackICE\RapApp.exe -- (RapApp)


========== Driver Services (SafeList) ==========

DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/10/20 12:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/09/30 15:38:08 | 000,225,808 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\OfficeScan NT\tmxpflt.sys -- (TmFilter)
DRV - [2009/09/30 15:37:22 | 000,036,368 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\OfficeScan NT\tmpreflt.sys -- (TmPreFilter)
DRV - [2009/09/30 15:26:52 | 001,223,896 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\OfficeScan NT\vsapint.sys -- (VSApiNt)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/15 17:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/07/06 15:11:50 | 000,059,920 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/07/06 15:11:46 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/07/06 15:11:12 | 000,158,224 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/06/19 18:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/04/08 18:27:04 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/11/06 13:22:00 | 000,036,224 | ---- | M] (ArcSoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD)
DRV - [2007/08/12 17:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/05/29 14:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/04/26 13:29:30 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/04/26 13:29:28 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/04/26 13:29:28 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/04/26 13:29:28 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2007/04/26 13:29:26 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/04/26 13:29:26 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/04/26 13:29:24 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2007/04/25 08:55:02 | 000,134,912 | ---- | M] (ArcSoft Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs)
DRV - [2007/03/12 22:26:06 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/18 22:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/02/17 05:00:42 | 000,132,608 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/01/31 17:19:04 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/01/31 17:19:02 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/01/31 17:19:02 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/01/30 16:37:18 | 000,056,320 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007/01/11 02:30:06 | 000,037,760 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCVsp.sys -- (PTDCVsp) PANTECH PC Card Diagnostic Serial Port (UDP)
DRV - [2007/01/11 02:30:04 | 000,039,424 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCMdm.sys -- (PTDCMdm) PANTECH PC Card Drivers (UDP)
DRV - [2007/01/11 02:30:04 | 000,024,832 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCBus.sys -- (PTDCBus) PANTECH PC Card Composite Device Driver (UDP)
DRV - [2006/12/19 13:21:52 | 000,010,480 | -H-- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 11:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2006/08/28 14:00:44 | 000,019,968 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2006/08/18 12:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 12:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 12:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 12:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 12:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 12:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 12:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 12:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 09:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 09:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/01/26 11:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/03/23 20:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2004/02/29 15:38:20 | 000,227,957 | R--- | M] (Internet Security Systems, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\BlackDrv.sys -- (black)
DRV - [2003/06/19 17:40:54 | 000,024,344 | R--- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapNet.sys -- (RapNet)
DRV - [2003/06/19 17:40:42 | 000,036,676 | R--- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapFile.sys -- (RapFile)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071024
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071024


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071024
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071024
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-154013260-982405162-577866162-1866\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-154013260-982405162-577866162-1866\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-154013260-982405162-577866162-1866\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-154013260-982405162-577866162-1866\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


[2010/07/29 07:24:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\tjbrown\Application Data\Mozilla\Extensions
[2010/08/08 14:22:55 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\tjbrown\Application Data\Mozilla\Firefox\Profiles\kkeh58ry.default\extensions
[2010/08/08 13:20:47 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\tjbrown\Application Data\Mozilla\Firefox\Profiles\kkeh58ry.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/14 11:10:53 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}

O1 HOSTS File: ([2011/04/02 16:05:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-154013260-982405162-577866162-1866\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-154013260-982405162-577866162-1866\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\OfficeScan NT\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\tjbrown\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-154013260-982405162-577866162-1866\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-154013260-982405162-577866162-1866\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-154013260-982405162-577866162-1866\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-154013260-982405162-577866162-1866\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-154013260-982405162-577866162-1866\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O15 - HKLM\..Trusted Domains: myxeta.com ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: xeta.com ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: xeta.com ([]https in Local intranet)
O15 - HKLM\..Trusted Domains: xeta.com ([applprd] http in Trusted sites)
O15 - HKLM\..Trusted Domains: xeta.com ([onexp.corp] https in Trusted sites)
O16 - DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} https://content.ilinc.com/clientdownload/download/ilinci86.dll (ILINCInstall86 Class)
O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} https://content10.ilinc.com/download/AXCltInstall.dll (ILINCInstall102 Class)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab (YInstStarter Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238765833718 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272052466156 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0011-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.1.0/jinstall-1_1_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://xetasupport.webex.com/client/T25L/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.xeta.com
O20 - AppInit_DLLs: (C:\WINDOWS\system32\wxvault.dll) - C:\WINDOWS\system32\wxvault.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (CSGina.dll) - C:\WINDOWS\System32\CSGina.dll ()
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/11/23 07:54:32 | 000,000,027 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-154013260-982405162-577866162-1866\...exe [@ = exefile] -- Reg Error: Key error. File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/06 13:30:17 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tjbrown\Desktop\OTL.exe
[2011/04/05 16:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/05 14:36:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/04/04 20:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/04/04 20:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/04/04 20:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/04/04 20:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/04/04 20:05:33 | 000,532,480 | ---- | C] (Trend Micro Incorporated) -- C:\Documents and Settings\tjbrown\Desktop\cwshredder.exe
[2011/04/04 20:04:38 | 006,449,984 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\tjbrown\Desktop\HitmanPro35.exe
[2011/04/03 16:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2011/04/03 10:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/04/03 10:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/04/03 10:33:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/02 16:10:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/02 15:53:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/02 15:51:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/02 15:37:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/02 10:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tjbrown\Desktop\favorites
[2011/04/02 10:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2011/04/01 20:09:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tjbrown\Application Data\ElevatedDiagnostics
[2011/04/01 20:09:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/04/01 20:08:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/04/01 19:29:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\tjbrown\Recent
[2011/04/01 19:27:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/01 19:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/01 19:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/01 19:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tjbrown\Desktop\backups
[2011/04/01 19:08:56 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\tjbrown\Desktop\HiJackThis.exe
[2011/03/31 22:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/03/31 22:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/03/31 22:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/03/31 22:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/03/31 16:13:32 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/03/31 16:13:32 | 000,452,048 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/03/31 16:13:32 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/03/31 16:13:32 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/03/31 16:13:32 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/03/31 16:13:30 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/03/31 16:13:30 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/03/31 16:13:30 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/03/31 16:13:30 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/03/31 16:13:30 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/03/31 16:13:30 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/03/31 16:13:28 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/03/31 13:54:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\tjbrown\.bcm
[2011/03/25 13:14:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\tjbrown\Desktop\vectra
[2011/03/25 11:42:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\tjbrown\Desktop\fdaslkgmfndaslk
[2011/03/24 13:30:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\tjbrown\Local Settings\Application Data\WMTools Downloaded Files
[2011/03/23 21:44:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\tjbrown\Application Data\Apple Computer
[2011/03/22 16:17:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\tjbrown\Desktop\Alcatel Docs
[2011/03/22 16:05:12 | 000,000,000 | -H-D | C] -- C:\Program Files\MagicISO
[2011/03/22 16:05:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tjbrown\Start Menu\Programs\MagicISO
[2011/03/22 14:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tjbrown\Start Menu\Programs\MagicDisc
[2011/03/22 14:07:25 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
[2011/03/22 14:07:25 | 000,000,000 | -H-D | C] -- C:\Program Files\MagicDisc
[2011/03/22 14:00:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\tjbrown\Cisco Packet Tracer 5.3
[2011/03/22 13:59:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cisco Packet Tracer
[2011/03/22 13:59:10 | 000,000,000 | -H-D | C] -- C:\Program Files\Cisco Packet Tracer 5.3
[2011/03/17 18:27:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/03/17 18:27:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/03/17 18:26:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\tjbrown\Local Settings\Application Data\Apple
[2011/03/17 18:26:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/03/17 18:18:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft MediaImpression for Kodak
[2011/03/17 18:17:55 | 000,134,912 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\drivers\ArcUdfs.sys
[2011/03/17 18:17:55 | 000,036,224 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\drivers\ArcCD.sys
[2011/03/17 18:17:55 | 000,007,680 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\drivers\ArcRec.sys
[2011/03/16 20:18:39 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2011/03/15 09:00:34 | 000,356,352 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvudisp.exe
[2011/03/13 15:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tjbrown\My Documents\DriverPerformer
[2011/03/13 14:18:38 | 008,429,568 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl(9).dll
[2011/03/13 14:18:38 | 008,429,568 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl(8).dll
[2011/03/13 14:18:38 | 008,429,568 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl(7).dll
[2011/03/13 14:18:38 | 008,429,568 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl(10).dll
[2011/03/13 14:18:37 | 000,339,968 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi(9).dll
[2011/03/13 14:18:37 | 000,339,968 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi(8).dll
[2011/03/13 14:18:37 | 000,339,968 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi(7).dll
[2011/03/13 14:18:37 | 000,339,968 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi(10).dll
[2011/03/13 13:51:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/03/10 20:30:59 | 000,000,000 | -H-D | C] -- C:\Program Files\QuickTime
[2011/03/10 20:30:29 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Apple
[2011/03/10 20:30:17 | 000,000,000 | -H-D | C] -- C:\Program Files\Apple Software Update
[2011/03/10 20:26:35 | 000,000,000 | -H-D | C] -- C:\Program Files\Kodak
[2011/03/10 12:27:50 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\tjbrown\Desktop\TDSSKiller.exe
[2011/03/09 10:37:50 | 000,000,000 | -H-D | C] -- C:\Program Files\HAT
[2008/01/21 13:23:08 | 000,095,968 | -H-- | C] (Global Knowledge) -- C:\Program Files\Common Files\ACTTest.ocx
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/06 13:30:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tjbrown\Desktop\OTL.exe
[2011/04/06 13:26:28 | 000,000,462 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2011/04/06 13:25:55 | 000,000,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/04/06 13:24:35 | 000,013,119 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/04/06 13:23:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/06 13:21:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/06 13:21:48 | 2145,349,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/05 16:53:03 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\tjbrown\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/05 14:51:22 | 000,000,815 | -H-- | M] () -- C:\Documents and Settings\tjbrown\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/05 14:48:30 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/05 14:42:30 | 000,001,789 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/04 20:07:33 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/04 20:05:33 | 000,532,480 | ---- | M] (Trend Micro Incorporated) -- C:\Documents and Settings\tjbrown\Desktop\cwshredder.exe
[2011/04/04 20:04:38 | 006,449,984 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\tjbrown\Desktop\HitmanPro35.exe
[2011/04/03 16:52:22 | 000,459,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/03 16:52:22 | 000,078,172 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/03 11:08:55 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\tjbrown\Desktop\tdsskiller.zip
[2011/04/03 10:57:37 | 000,124,980 | ---- | M] () -- C:\Documents and Settings\tjbrown\Desktop\RKUnhookerLE.zip
[2011/04/03 10:50:40 | 001,110,476 | ---- | M] () -- C:\Documents and Settings\tjbrown\Desktop\7z920.exe
[2011/04/02 17:06:57 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\tjbrown\Desktop\gmer.zip
[2011/04/02 17:03:10 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\tjbrown\Desktop\dds.scr
[2011/04/02 17:02:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\tjbrown\defogger_reenable
[2011/04/02 16:49:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/02 16:05:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110405-165625.backup
[2011/04/02 16:05:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110405-165507.backup
[2011/04/02 16:05:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/02 15:53:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/02 15:44:53 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/02 15:40:32 | 004,312,600 | R--- | M] () -- C:\Documents and Settings\tjbrown\Desktop\ComboFix.exe
[2011/04/02 10:48:57 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/04/01 19:27:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/01 19:08:56 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\tjbrown\Desktop\HiJackThis.exe
[2011/03/31 22:53:58 | 000,426,211 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110402-101607.backup
[2011/03/31 17:31:31 | 000,004,172 | -H-- | M] () -- C:\Documents and Settings\tjbrown\Desktop\BCMpcap
[2011/03/31 16:26:36 | 000,008,080 | ---- | M] () -- C:\Documents and Settings\tjbrown\Desktop\summary.xml
[2011/03/31 16:13:32 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/03/31 16:13:32 | 000,452,048 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/03/31 16:13:32 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/03/31 16:13:32 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/03/31 16:13:32 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/03/31 16:13:30 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/03/31 16:13:30 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/03/31 16:13:30 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/03/31 16:13:30 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/03/31 16:13:30 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/03/31 16:13:30 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/03/31 16:13:28 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/03/25 18:43:25 | 001,368,594 | ---- | M] () -- C:\Documents and Settings\tjbrown\Desktop\SF86.pdf
[2011/03/23 15:49:14 | 000,002,124 | ---- | M] () -- C:\WINDOWS\pw5.ini
[2011/03/22 16:05:12 | 000,001,486 | -H-- | M] () -- C:\Documents and Settings\tjbrown\Desktop\MagicISO.lnk
[2011/03/22 14:07:30 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\tjbrown\Start Menu\Programs\Startup\MagicDisc.lnk
[2011/03/22 14:07:30 | 000,000,640 | -H-- | M] () -- C:\Documents and Settings\tjbrown\Desktop\MagicDisc.lnk
[2011/03/22 14:00:06 | 000,000,206 | -H-- | M] () -- C:\Documents and Settings\tjbrown\.packettracer
[2011/03/20 17:07:56 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\tjbrown\Desktop\gmer.exe
[2011/03/20 10:51:29 | 002,442,738 | -H-- | M] () -- C:\Documents and Settings\tjbrown\Desktop\mediaimpression_kodak.pdf
[2011/03/19 18:53:52 | 000,010,690 | ---- | M] () -- C:\Documents and Settings\tjbrown\My Documents\Untitled.MMP
[2011/03/18 20:50:17 | 000,000,600 | -H-- | M] () -- C:\Documents and Settings\tjbrown\Application Data\winscp.rnd
[2011/03/18 20:39:01 | 000,001,138 | RHS- | M] () -- C:\Documents and Settings\tjbrown\ntuser.pol
[2011/03/17 18:29:27 | 000,001,756 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Impression for Kodak.lnk
[2011/03/17 14:47:21 | 000,010,797 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/03/16 15:00:02 | 000,013,119 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/03/15 08:22:47 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\DELL_LAT_D630.MRK
[2011/03/15 08:22:47 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\1028_Dell_LAT_D630.mrk
[2011/03/13 15:09:38 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\tjbrown\Desktop\TDSSKiller.exe
[2011/03/09 22:54:32 | 001,527,144 | -H-- | M] () -- C:\Documents and Settings\tjbrown\Desktop\NetSimK.zip
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/06 13:25:33 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/04/05 16:53:03 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\tjbrown\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/05 14:09:39 | 2145,349,632 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/04 20:07:33 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/03 11:08:53 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\tjbrown\Desktop\tdsskiller.zip
[2011/04/03 10:57:37 | 000,124,980 | ---- | C] () -- C:\Documents and Settings\tjbrown\Desktop\RKUnhookerLE.zip
[2011/04/03 10:50:39 | 001,110,476 | ---- | C] () -- C:\Documents and Settings\tjbrown\Desktop\7z920.exe
[2011/04/02 17:06:55 | 000,293,019 | ---- | C] () -- C:\Documents and Settings\tjbrown\Desktop\gmer.zip
[2011/04/02 17:03:05 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\tjbrown\Desktop\dds.scr
[2011/04/02 17:02:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\tjbrown\defogger_reenable
[2011/04/02 15:53:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/02 15:53:53 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/02 15:51:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/02 15:51:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/02 15:51:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/02 15:40:32 | 004,312,600 | R--- | C] () -- C:\Documents and Settings\tjbrown\Desktop\ComboFix.exe
[2011/04/01 20:09:10 | 000,001,789 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/04/01 19:27:38 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/31 17:31:31 | 000,004,172 | -H-- | C] () -- C:\Documents and Settings\tjbrown\Desktop\BCMpcap
[2011/03/31 16:32:00 | 000,008,080 | ---- | C] () -- C:\Documents and Settings\tjbrown\Desktop\summary.xml
[2011/03/24 17:14:15 | 001,368,594 | ---- | C] () -- C:\Documents and Settings\tjbrown\Desktop\SF86.pdf
[2011/03/22 16:05:12 | 000,001,486 | -H-- | C] () -- C:\Documents and Settings\tjbrown\Desktop\MagicISO.lnk
[2011/03/22 14:07:30 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\tjbrown\Start Menu\Programs\Startup\MagicDisc.lnk
[2011/03/22 14:07:30 | 000,000,640 | -H-- | C] () -- C:\Documents and Settings\tjbrown\Desktop\MagicDisc.lnk
[2011/03/22 14:00:06 | 000,000,206 | -H-- | C] () -- C:\Documents and Settings\tjbrown\.packettracer
[2011/03/20 17:07:56 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\tjbrown\Desktop\gmer.exe
[2011/03/20 10:51:29 | 002,442,738 | -H-- | C] () -- C:\Documents and Settings\tjbrown\Desktop\mediaimpression_kodak.pdf
[2011/03/19 18:53:52 | 000,010,690 | ---- | C] () -- C:\Documents and Settings\tjbrown\My Documents\Untitled.MMP
[2011/03/17 18:26:19 | 000,001,830 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/03/17 18:18:54 | 000,001,756 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Impression for Kodak.lnk
[2011/03/16 15:00:00 | 000,013,119 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/03/16 15:00:00 | 000,013,119 | ---- | C] () -- C:\WINDOWS\System32\nvModes.001
[2011/03/15 09:00:58 | 000,111,544 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2011/03/15 09:00:35 | 000,017,177 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2011/03/15 08:22:47 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\DELL_LAT_D630.MRK
[2011/03/15 08:22:19 | 000,000,666 | ---- | C] () -- C:\WINDOWS\speed.reg
[2011/03/13 15:09:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/13 15:09:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/03/09 22:54:27 | 001,527,144 | -H-- | C] () -- C:\Documents and Settings\tjbrown\Desktop\NetSimK.zip
[2010/10/03 18:44:49 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/10/03 18:44:49 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/10/03 18:44:49 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/10/03 18:44:49 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/10/03 18:44:49 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/10/03 18:44:49 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/10/03 18:44:49 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/10/03 18:44:49 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/10/03 18:44:49 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/10/03 18:44:49 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/10/03 18:44:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/10/03 18:44:49 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/10/03 18:44:49 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/10/03 18:44:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/10/03 18:44:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/10/03 18:44:49 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/10/03 18:44:49 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/10/03 18:44:49 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/10/03 18:44:49 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/06/27 17:24:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\MasterExam.ini
[2009/11/24 10:46:36 | 000,000,085 | ---- | C] () -- C:\WINDOWS\NVMMGR.INI
[2009/11/24 10:45:56 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\Olp.dll
[2009/11/24 10:45:56 | 000,040,784 | R--- | C] () -- C:\WINDOWS\System32\olp16.dll
[2009/10/20 12:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/08/20 16:20:39 | 000,000,130 | -H-- | C] () -- C:\Documents and Settings\tjbrown\Local Settings\Application Data\fusioncache.dat
[2009/04/07 13:06:48 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\jrew.exe
[2009/04/07 11:45:37 | 000,012,800 | ---- | C] () -- C:\WINDOWS\jrew.exe
[2009/04/07 11:45:37 | 000,012,288 | ---- | C] () -- C:\WINDOWS\jre.exe
[2009/01/29 01:55:37 | 000,000,600 | -H-- | C] () -- C:\Documents and Settings\tjbrown\Application Data\winscp.rnd
[2008/11/18 15:43:30 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2008/08/28 18:13:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/19 18:08:52 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/06/19 18:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/01/28 12:29:11 | 000,004,264 | ---- | C] () -- C:\WINDOWS\ISGDI32.INI
[2008/01/28 12:29:11 | 000,001,655 | ---- | C] () -- C:\WINDOWS\views.ini
[2008/01/28 12:17:38 | 000,003,584 | -H-- | C] () -- C:\Documents and Settings\tjbrown\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/28 12:13:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\medocs.dll
[2008/01/22 11:03:01 | 000,000,072 | ---- | C] () -- C:\WINDOWS\RST.INI
[2008/01/22 11:01:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BW.INI
[2008/01/22 10:56:19 | 000,001,883 | ---- | C] () -- C:\WINDOWS\NRU.INI
[2008/01/08 17:58:16 | 000,000,967 | ---- | C] () -- C:\WINDOWS\SHOWNTEL.INI
[2008/01/06 17:47:52 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/01/02 10:12:30 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/12/23 10:55:44 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\HAESvr.dll
[2007/12/09 18:10:59 | 000,001,107 | ---- | C] () -- C:\WINDOWS\pwimage.INI
[2007/12/05 11:33:54 | 000,000,490 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/05 11:12:44 | 000,002,124 | ---- | C] () -- C:\WINDOWS\pw5.ini
[2007/10/30 13:39:53 | 000,036,962 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2007/10/30 13:26:58 | 000,000,224 | ---- | C] () -- C:\WINDOWS\System32\tbhi.dat
[2007/10/30 13:13:37 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/10/30 13:13:37 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\uninscpw.exe
[2007/10/30 12:55:13 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\w32mkde.exe
[2007/10/30 12:55:13 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\w32mkrc.dll
[2007/10/30 10:15:30 | 000,000,631 | ---- | C] () -- C:\WINDOWS\lvp32.ini
[2007/10/30 10:02:55 | 000,017,532 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2007/10/24 22:18:55 | 000,000,462 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/10/24 22:17:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007/10/24 22:04:11 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/10/24 22:04:11 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/24 21:57:18 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2007/10/24 21:54:07 | 001,736,704 | ---- | C] () -- C:\WINDOWS\System32\Tsp1.dll
[2007/10/24 21:52:25 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2007/10/24 21:52:25 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2007/10/24 21:27:02 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/10/24 21:27:01 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/24 21:27:01 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/24 21:27:01 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/10/24 21:27:01 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/24 21:27:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/24 21:27:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/10/24 21:26:58 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/10/24 21:26:57 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/10/24 21:26:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/10/24 21:25:34 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/01/31 19:16:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/01/31 19:11:14 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\OEM_Resources.dll
[2007/01/31 19:08:44 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/01/31 19:08:36 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/01/31 19:08:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/01/31 19:08:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/01/31 19:08:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/01/31 19:08:00 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/01/31 19:07:50 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/01/31 19:07:42 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/01/31 19:07:34 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/01/31 19:07:24 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/01/31 12:09:46 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/01/31 12:09:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/01/31 12:09:06 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/01/31 12:08:46 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/01/31 12:08:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/01/31 12:08:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/01/31 12:07:46 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/01/31 12:07:26 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/01/31 12:07:04 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/01/31 12:06:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/01/30 14:31:50 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/01/30 14:30:30 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2007/01/02 08:14:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2006/11/07 03:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/08/14 10:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 07:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2005/09/02 13:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 20:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/09/10 11:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 11:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 16:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 16:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 16:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 16:06:43 | 000,271,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 16:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 16:00:28 | 000,459,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 16:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 16:00:28 | 000,078,172 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 16:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 16:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 16:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 16:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 16:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 16:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 16:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 16:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/07/20 16:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/03/19 14:13:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\etherui.dll
[2004/01/15 13:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== Custom Scans ==========


< sconfig >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 05:26:03 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 04:00:00 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 04:00:00 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< End of report >

OTL Extras logfile created on: 4/6/2011 1:31:54 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\tjbrown\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 22.77 Gb Free Space | 30.58% Space Free | Partition Type: NTFS
Drive D: | 527.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TJBROWN-D630 | User Name: TJBrown | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-154013260-982405162-577866162-1866\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Nortel Networks\i2050SoftwarePhone\i2050srv.mod" = C:\Program Files\Nortel Networks\i2050SoftwarePhone\i2050srv.mod:*:Enabled:serversoftphone -- (Nortel Networks)
"C:\Program Files\Qwest\QuickConnect\QuickConnect.exe" = C:\Program Files\Qwest\QuickConnect\QuickConnect.exe:*:Enabled:QuickConnect -- (Qwest Communications International Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Qwest\QuickConnect\QuickConnect.exe" = C:\Program Files\Qwest\QuickConnect\QuickConnect.exe:*:Enabled:QuickConnect -- (Qwest Communications International Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{06DD140B-AA3D-4BD4-84B9-217897127DC6}" = Nortel Networks i2050 Software Phone
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1946EE23-EE24-48FB-8D62-04CB9D4F4C93}" = STOPzilla
"{1AB80D06-778A-480C-A563-A2CF059FD4EB}" = ArcSoft MediaImpression for Kodak
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 17
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D93B61E-3CE5-4651-AB9F-C76A711BCF0A}" = A+ 2009 Passport Book CD Demo
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6315D12F-EEB9-4F45-95A1-D543E810A925}" = MM Client
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142180}" = Java 2 Runtime Environment, SE v1.4.2_18
"{71B90506-005A-4F6C-AAAC-AC8F9CEC1F86}" = Business Series Terminals Desktop Assistant v 1.4
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EDECE25-A8F3-4134-B330-9248EF54EBE1}" = OrderPro 9.0.0
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91530409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Standard 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9556CFD4-3F7E-4D1C-958B-759703E9CC21}" = O2Micro USB Smart Card Reader
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A618BB0D-8B88-45FF-83CD-783B4AE59AA0}" = NTRU TCG Software Stack
"{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9E8CAF9-B495-4E8B-89F6-588C2CEF9766}" = Sprint Mobile Broadband (Pantech)
"{BCC7E198-1D10-4B55-956E-550A196F8056}" = Microsoft Office Live Meeting 2007
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CAFECAFE-0013-0001-0124-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.24
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D31F958E-7353-4DEB-83E8-35B02F2EE20A}" = Wave Infrastructure Installer
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{DB6F07FF-A436-453a-B685-F6C1F4F09D22}" = PANTECH PC Card Software
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6095BEA-8C97-4342-B771-13BB72AC1D88}" = biolsp patch
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"5FD5E95A18EBF60A056BA7A51A2E794E4216D3DD" = Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7)
"7-Zip" = 7-Zip 9.20
"840EF3FB8C7BFBB007E46E18F107E8CC6DD522EA" = Windows Driver Package - Dell Inc. PBADRV System (09/25/2006 6.0.0.0)
"ActiveTouchMeetingClient" = WebEx
"ACTTest" = ACTTest
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.2.0 Standard
"Adobe Acrobat 8 Standard_820" = Adobe Acrobat 8.2.0 - CPSID_52074
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"BCM Monitor" = BCM Monitor
"CallPilot Application Builder" = CallPilot Application Builder
"Canon iP4300 User Registration" = Canon iP4300 User Registration
"CCleaner" = CCleaner
"Cisco Packet Tracer 5.3_is1" = Cisco Packet Tracer 5.3
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"CutePDF Writer Installation" = CutePDF Writer 2.2
"Easy-WebPrint" = Easy-WebPrint
"GuildFTPd" = GuildFTPd FTP Deamon
"Helmsman 4.4.1" = Helmsman 4.4.1
"HitmanPro35" = Hitman Pro 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{71B90506-005A-4F6C-AAAC-AC8F9CEC1F86}" = Nortel Networks Desktop Assistant v 1.4
"InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Java Device Manager" = Java Device Manager
"Java Plug-in" = Java Plug-in 1.1.1
"JRE 1.1" = Java Runtime Environment 1.1
"KILLCMAX" = CMAX32
"LiveUpdate" = LiveUpdate
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mitel Networks IP Phone Analyzer" = Mitel Networks IP Phone Analyzer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norstar ICS Remote Tools" = Norstar ICS Remote Tools 11.0
"Norstar Voice Mail Manager 3.0.10" = Norstar Voice Mail Manager 3.0.10
"Norstar Voice Mail Manager 4.0.04" = Norstar Voice Mail Manager 4.0.04
"Nortel Business Element Manager" = Nortel Business Element Manager
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeScanNT" = Trend Micro OfficeScan Client
"Procomm Plus" = Symantec Procomm Plus
"ProInst" = Intel® PROSet/Wireless Software
"RDC" = RDC
"SBClient" = SBClient 4.5.4.122
"SearchAssist" = SearchAssist
"Site Administration" = Avaya Site Administration
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SolarWinds TFTP Server" = SolarWinds TFTP Server
"ST6UNST #1" = CCNA 802 Practice Exam
"SX-200 ICP Technical Documentation" = SX-200 ICP Technical Documentation
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"uninstall.exe" = iLinc Client
"VoIP Technologies" = VoIP Technologies
"WIC" = Windows Imaging Component
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1.1
"winscp3_is1" = WinSCP 4.1.8
"WinZip" = WinZip
"Wireshark" = Wireshark 1.2.7
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-154013260-982405162-577866162-1866\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for TJBrown

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2011 7:16:48 PM | Computer Name = TJBROWN-D630 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 4/5/2011 7:16:59 PM | Computer Name = TJBROWN-D630 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/5/2011 7:18:09 PM | Computer Name = TJBROWN-D630 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for XETA\TJBrown failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 4/5/2011 7:18:23 PM | Computer Name = TJBROWN-D630 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 4/6/2011 3:21:54 PM | Computer Name = TJBROWN-D630 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/6/2011 3:21:54 PM | Computer Name = TJBROWN-D630 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 4/6/2011 3:22:07 PM | Computer Name = TJBROWN-D630 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/6/2011 3:23:17 PM | Computer Name = TJBROWN-D630 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for XETA\TJBrown failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 4/6/2011 3:23:32 PM | Computer Name = TJBROWN-D630 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 4/6/2011 3:23:40 PM | Computer Name = TJBROWN-D630 | Source = Application Error | ID = 1000
Description = Faulting application blackd.exe, version 7.0.69.9, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

[ OSession Events ]
Error - 1/2/2009 11:08:38 PM | Computer Name = TJBROWN-D630 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 215197
seconds with 2220 seconds of active time. This session ended with a crash.

Error - 1/13/2009 8:18:10 PM | Computer Name = TJBROWN-D630 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 629921
seconds with 9360 seconds of active time. This session ended with a crash.

Error - 1/17/2009 2:53:35 PM | Computer Name = TJBROWN-D630 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 325879
seconds with 6900 seconds of active time. This session ended with a crash.

Error - 1/22/2009 12:33:18 PM | Computer Name = TJBROWN-D630 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 88376
seconds with 960 seconds of active time. This session ended with a crash.

Error - 1/22/2009 2:31:51 PM | Computer Name = TJBROWN-D630 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3107
seconds with 240 seconds of active time. This session ended with a crash.

Error - 7/25/2009 5:21:58 PM | Computer Name = TJBROWN-D630 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 627602
seconds with 17880 seconds of active time. This session ended with a crash.

Error - 2/22/2010 7:44:59 PM | Computer Name = TJBROWN-D630 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 186372
seconds with 1860 seconds of active time. This session ended with a crash.

Error - 7/14/2010 9:54:16 PM | Computer Name = TJBROWN-D630 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 205564
seconds with 6540 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/5/2011 7:21:26 PM | Computer Name = TJBROWN-D630 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 4/5/2011 9:14:56 PM | Computer Name = TJBROWN-D630 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/6/2011 3:21:53 PM | Computer Name = TJBROWN-D630 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain XETA due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 4/6/2011 3:22:07 PM | Computer Name = TJBROWN-D630 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 4/6/2011 3:23:24 PM | Computer Name = TJBROWN-D630 | Source = Service Control Manager | ID = 7022
Description = The SQL Server VSS Writer service hung on starting.

Error - 4/6/2011 3:23:24 PM | Computer Name = TJBROWN-D630 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
black

Error - 4/6/2011 3:23:27 PM | Computer Name = TJBROWN-D630 | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).

Error - 4/6/2011 3:24:01 PM | Computer Name = TJBROWN-D630 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2147500053

Error - 4/6/2011 3:26:47 PM | Computer Name = TJBROWN-D630 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 4/6/2011 3:28:05 PM | Computer Name = TJBROWN-D630 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:57 PM

Posted 06 April 2011 - 03:47 PM

Hi,

can you please post the log from when you ran ComboFix. Also run a scan with RkU:

Please download Rootkit Unhooker from one of the following links and save it to your desktop. Link 1 (.exe file) Link 2 (zipped file) Link 3 (.rar file) In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.
  • Double-click on RKUnhookerLE.exe to start the program. Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 RamHemi

RamHemi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 06 April 2011 - 04:07 PM

Myrti,

Here is the Combo fix log that I had ran, followed by the RKU log. Should I close RKU or leave it up? Thanks!


ComboFix 11-04-02.03 - TJBrown 04/02/2011 15:55:05.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1367 [GMT -6:00]
Running from: c:\documents and settings\tjbrown\Desktop\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *Enabled/Outdated* {8DF9AECC-1A62-455B-8939-0CDD61F1B136}
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {45938B82-13DF-4944-A30B-9547D2E5F04C}
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {66080D74-3C72-422D-B5AB-199CC44D0FBA}
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {E7AFD44B-4873-4F65-A3E7-D9F7A1EE0363}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\LOGD4.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2011-04-02 21:37 . 2011-04-02 21:39 -------- d-----w- C:\32788R22FWJFW.0.tmp
2011-04-02 16:43 . 2011-04-02 16:49 -------- d-----w- c:\windows\LastGood
2011-04-02 16:42 . 2011-04-02 17:03 -------- d-----w- c:\program files\Bing Bar Installer
2011-04-02 02:09 . 2011-04-02 02:09 -------- d-----w- c:\documents and settings\tjbrown\Application Data\ElevatedDiagnostics
2011-04-02 01:27 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-02 01:27 . 2011-04-02 01:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-01 04:49 . 2011-04-01 04:49 -------- d-----w- c:\program files\STOPzilla!
2011-04-01 04:49 . 2011-04-01 04:49 -------- d-----w- c:\program files\Common Files\iS3
2011-04-01 04:49 . 2011-04-02 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-04-01 03:57 . 2011-04-01 03:57 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-31 22:13 . 2011-03-31 22:13 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-03-31 22:13 . 2011-03-31 22:13 452048 ----a-r- c:\windows\system32\SZBase5.dll
2011-03-31 22:13 . 2011-03-31 22:13 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-03-31 22:13 . 2011-03-31 22:13 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-03-31 22:13 . 2011-03-31 22:13 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-03-31 22:13 . 2011-03-31 22:13 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-03-31 22:13 . 2011-03-31 22:13 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-03-31 22:13 . 2011-03-31 22:13 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-03-31 22:13 . 2011-03-31 22:13 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-03-31 22:13 . 2011-03-31 22:13 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-03-31 22:13 . 2011-03-31 22:13 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-03-31 22:13 . 2011-03-31 22:13 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-03-31 19:54 . 2011-04-01 03:57 -------- d--h--w- c:\documents and settings\tjbrown\.bcm
2011-03-24 19:30 . 2011-03-24 19:30 -------- d--h--w- c:\documents and settings\tjbrown\Local Settings\Application Data\WMTools Downloaded Files
2011-03-24 03:44 . 2011-03-24 03:45 -------- d--h--w- c:\documents and settings\tjbrown\Application Data\Apple Computer
2011-03-22 22:05 . 2011-03-22 22:05 -------- d--h--w- c:\program files\MagicISO
2011-03-22 20:07 . 2011-03-22 20:07 -------- d--h--w- c:\program files\MagicDisc
2011-03-22 20:07 . 2009-02-25 00:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2011-03-22 20:00 . 2011-03-28 17:44 -------- d--h--w- c:\documents and settings\tjbrown\Cisco Packet Tracer 5.3
2011-03-22 19:59 . 2011-03-22 19:59 -------- d--h--w- c:\program files\Cisco Packet Tracer 5.3
2011-03-18 00:27 . 2011-03-18 00:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-03-18 00:27 . 2011-03-18 00:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-03-18 00:27 . 2011-03-18 00:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-03-18 00:27 . 2011-03-18 00:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-03-18 00:27 . 2011-03-18 00:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-03-18 00:27 . 2011-03-18 00:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-03-18 00:27 . 2011-03-18 00:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-03-18 00:27 . 2011-03-18 00:27 -------- d--h--w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-03-18 00:26 . 2011-03-18 00:26 -------- d--h--w- c:\documents and settings\tjbrown\Local Settings\Application Data\Apple
2011-03-18 00:26 . 2011-03-18 00:26 -------- d--h--w- c:\documents and settings\All Users\Application Data\Apple
2011-03-18 00:17 . 2007-11-06 19:22 36224 ----a-w- c:\windows\system32\drivers\ArcCD.sys
2011-03-18 00:17 . 2007-04-25 14:55 134912 ----a-w- c:\windows\system32\drivers\ArcUdfs.sys
2011-03-18 00:17 . 2007-04-24 17:33 7680 ----a-w- c:\windows\system32\drivers\ArcRec.sys
2011-03-17 02:18 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-17 02:18 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-03-15 15:00 . 2007-05-31 20:50 356352 ----a-w- c:\windows\system32\nvudisp.exe
2011-03-15 14:22 . 2005-07-08 20:19 666 ----a-w- c:\windows\speed.reg
2011-03-13 20:18 . 2007-05-31 20:50 8429568 ----a-w- c:\windows\system32\nvcpl(9).dll
2011-03-13 20:18 . 2007-05-31 20:50 8429568 ----a-w- c:\windows\system32\nvcpl(8).dll
2011-03-13 20:18 . 2007-05-31 20:50 8429568 ----a-w- c:\windows\system32\nvcpl(7).dll
2011-03-13 20:18 . 2007-05-31 20:50 8429568 ----a-w- c:\windows\system32\nvcpl(10).dll
2011-03-13 20:18 . 2007-05-31 20:50 339968 ----a-w- c:\windows\system32\nvapi(9).dll
2011-03-13 20:18 . 2007-05-31 20:50 339968 ----a-w- c:\windows\system32\nvapi(8).dll
2011-03-13 20:18 . 2007-05-31 20:50 339968 ----a-w- c:\windows\system32\nvapi(7).dll
2011-03-13 20:18 . 2007-05-31 20:50 339968 ----a-w- c:\windows\system32\nvapi(10).dll
2011-03-11 02:30 . 2011-03-18 00:27 -------- d--h--w- c:\program files\QuickTime
2011-03-11 02:30 . 2011-03-11 02:30 -------- d--h--w- c:\program files\Common Files\Apple
2011-03-11 02:30 . 2011-03-18 00:26 -------- d--h--w- c:\program files\Apple Software Update
2011-03-11 02:26 . 2011-03-11 02:26 -------- d--h--w- c:\program files\Kodak
2011-03-09 16:37 . 2011-03-09 16:37 -------- d--h--w- c:\program files\HAT
2011-03-05 05:01 . 2011-03-15 01:22 -------- d--h--w- c:\program files\File Type Assistant
2011-03-05 05:01 . 2011-03-15 01:22 -------- d--h--w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-13 19:48 . 2007-10-25 03:29 98304 ----a-w- c:\windows\DUMP63da.tmp
2011-03-13 19:32 . 2007-10-25 03:29 98304 ----a-w- c:\windows\DUMP67e1.tmp
2011-03-13 19:27 . 2007-10-25 03:29 98304 ----a-w- c:\windows\DUMP6447.tmp
2011-03-01 16:18 . 2009-07-26 00:04 831488 ------w- c:\windows\Setup1.exe
2011-03-01 16:18 . 2009-07-26 00:04 73216 ----a-w- c:\windows\ST6UNST.EXE
2004-02-27 22:29 . 2008-01-21 19:23 95968 ---ha-w- c:\program files\Common Files\ACTTest.ocx
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"OfficeScanNT Monitor"="c:\officescan nt\pccntmon.exe" [2009-09-08 849192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
.
c:\documents and settings\tjbrown\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-3-22 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-154013260-982405162-577866162-1611\Scripts\Logon\0\0]
"Script"=\\xeta\netlogon\dfenv.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-154013260-982405162-577866162-1611\Scripts\Logon\1\0]
"Script"=c:\winnt\scripts\script.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-154013260-982405162-577866162-9308\Scripts\Logon\0\0]
"Script"=\\xeta\netlogon\dfenv.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-154013260-982405162-577866162-9308\Scripts\Logon\1\0]
"Script"=c:\winnt\scripts\script.bat
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norstar ICS Scheduler.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Norstar ICS Scheduler.lnk
backup=c:\windows\pss\Norstar ICS Scheduler.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Xeta Technologies VPN Client Software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Xeta Technologies VPN Client Software.lnk
backup=c:\windows\pss\Xeta Technologies VPN Client Software.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-12-18 09:38 624056 ---ha-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Speed Launch]
2009-12-18 15:57 46520 ---ha-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Synchronizer]
2009-12-18 11:55 738776 ---ha-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ---ha-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-01-25 07:34 159744 ---ha-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 01:17 207424 ---ha-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft MediaImpression Monitor]
2010-07-20 15:09 80384 ---ha-w- c:\program files\Kodak\MediaImpression\ArcMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-05-14 19:23 1191936 ---ha-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
2007-01-30 20:32 102400 ---ha-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-03-04 14:46 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Index Washer]
2007-11-26 21:47 55624 ---ha-w- c:\program files\Webroot\Washer\WashIdx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-03-20 23:34 86960 ---ha-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-05-31 20:50 8429568 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2007-05-31 20:50 67584 ----a-w- c:\windows\system32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-05-31 20:50 81920 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-05-31 20:50 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor]
2009-09-08 09:30 849192 ---ha-w- c:\officescan nt\PccNTMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 22:23 118784 ---h--w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ---ha-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2007-01-22 16:53 212992 ---ha-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 11:17 149280 ---ha-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OfficeScanNT Monitor"="c:\officescan nt\pccntmon.exe" -HideWindow
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 5:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [5/12/2010 6:01 PM 59280]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 5:59 PM 61328]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432]
S2 BlackICE;BlackICE;c:\program files\Network ICE\BlackICE\blackd.exe [10/30/2007 1:26 PM 851968]
S2 i2050QoSSvc;Nortel Networks i2050 QoS Service;c:\windows\system32\i2050QosSvc.exe [3/19/2004 2:15 PM 81920]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 12:19 PM 50704]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [12/8/2009 1:14 PM 50704]
S2 TmFilter;Trend Micro Filter;c:\officescan nt\tmxpflt.sys [8/13/2007 10:15 AM 225808]
S2 TmPreFilter;Trend Micro PreFilter;c:\officescan nt\tmpreflt.sys [8/13/2007 10:15 AM 36368]
S2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 4:00 PM 5120]
S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [1/2/2008 5:07 PM 598856]
S3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [3/17/2011 6:17 PM 36224]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 11:32 AM 97536]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/11/2004 4:00 PM 14336]
S3 RapFile;RapFile;c:\windows\system32\drivers\RapFile.sys [10/30/2007 1:26 PM 36676]
S3 RapNet;RapNet;c:\windows\system32\drivers\RapNet.sys [10/30/2007 1:26 PM 24344]
S3 TmProxy;OfficeScan NT Proxy Service;c:\officescan nt\TmProxy.exe [8/13/2007 10:15 AM 689416]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [3/17/2011 6:17 PM 134912]
S4 black;black;c:\windows\system32\drivers\blackdrv.sys [10/30/2007 1:26 PM 227957]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ArcRec
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2010-03-11 12:38 124928 ---ha-w- c:\windows\system32\advpack.dll
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071024
uInternet Settings,ProxyOverride = <local>
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
LSP: c:\windows\system32\biolsp.dll
Trusted Zone: xeta.com\applprd
Trusted Zone: xeta.com\appltst
Trusted Zone: xeta.com\mail
Trusted Zone: xeta.com\my
Trusted Zone: xeta.com\onexp.corp
Trusted Zone: xeta.com\oraapp1
Trusted Zone: xeta.com\sharepoint
Trusted Zone: xeta.com\applprd
Trusted Zone: xeta.com\onexp.corp
DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} - hxxps://content.ilinc.com/clientdownload/download/ilinci86.dll
DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
FF - ProfilePath - c:\documents and settings\tjbrown\Application Data\Mozilla\Firefox\Profiles\kkeh58ry.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-TPSvc - TPSvc.dll
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
MSConfigStartUp-PWRESET - c:\program files\Avaya\Avaya IP Softphone\IP Service Provider\pwreset.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-02 16:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Services\mirror\MK *i*]
"Attach.ToDesktop"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1204)
c:\windows\system32\CSGina.dll
.
- - - - - - - > 'lsass.exe'(1264)
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(552)
c:\windows\system32\WININET.dll
c:\windows\system32\biolsp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\ImgUtil.dll
.
Completion time: 2011-04-02 16:10:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-02 22:09
.
Pre-Run: 28,499,681,280 bytes free
Post-Run: 28,556,374,016 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - AB3F0371C9EB5FDBCCE4C1EBC96B9B5F



RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB6531000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6729728 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 101.19 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 5468160 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 101.19 )
0xB62C9000 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys 2211840 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA699E000 C:\OfficeScan NT\VSApiNt.sys 1220608 bytes (Trend Micro Inc., VsapiNT )
0xB4C50000 C:\WINDOWS\system32\drivers\sthda.sys 1175552 bytes (SigmaTel, Inc., NDRC)
0xB4AEE000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB4A3B000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA6722000 C:\WINDOWS\system32\Drivers\CVPNDRVA.sys 589824 bytes (Cisco Systems, Inc., Cisco Systems VPN Client IPSec Driver)
0xB7E01000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB10E2000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB614E000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB122A000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA667A000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xA6956000 C:\OfficeScan NT\TmXPFlt.sys 294912 bytes (Trend Micro Inc., Post Filter For XP)
0xBD549000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB4BE0000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xB61E1000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA6894000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7DD4000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA6840000 C:\WINDOWS\system32\drivers\tmcomm.sys 180224 bytes (Trend Micro Inc., TrendMicro Common Module)
0xB629E000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 176128 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xA4883000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB117A000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB64E5000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB1202000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB7F05000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB11DC000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB627A000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 147456 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xB4C2C000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB650D000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB6257000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA5C94000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xB11BA000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7ECD000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7F2B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB6239000 C:\WINDOWS\system32\DRIVERS\dne2000.sys 122880 bytes (Deterministic Networks, Inc., Deterministic Network Enhancer)
0xB7F4A000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xB61C4000 C:\WINDOWS\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0xB7DBA000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7EED000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA693E000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 98304 bytes (Roxio, Drive Letter Access Component)
0xA9184000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB4C14000 C:\WINDOWS\system32\drivers\dxec01.sys 98304 bytes (Knowles Acoustics, dxec01.sys)
0xB61AC000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xA6911000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
0xB7E8E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB6222000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA6928000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
0xB7EA5000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xA67DA000 C:\WINDOWS\system32\drivers\tmactmon.sys 90112 bytes (Trend Micro Inc., TrendMicro Activity Monitor Module)
0xB11A5000 C:\WINDOWS\system32\DRIVERS\tmtdi.sys 86016 bytes (Trend Micro Inc., Trend Micro TDI Driver (i386-fre))
0xA65C5000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB6B9C000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB1283000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7EBB000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB6211000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAAB57000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB82C8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB8178000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xB8148000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB82A8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB2F9B000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB6BE0000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB6BF0000 C:\WINDOWS\system32\drivers\npf.sys 61440 bytes (CACE Technologies, Inc., npf.sys (NT5/6 x86) Kernel Driver)
0xB82D8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAA20D000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB0C32000 C:\WINDOWS\system32\drivers\tmevtmgr.sys 61440 bytes (Trend Micro Inc., TrendMicro Event Management Module)
0xB6C10000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB8158000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xB2F7B000 C:\WINDOWS\System32\Drivers\oz776.sys 57344 bytes (O2Micro, O2Micro USB CCID SmartCard Reader)
0xB80A8000 szkg.sys 57344 bytes (iS3 Inc., szkg Device Driver)
0xB8118000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB8298000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB78EF000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB80B8000 szkgfs.sys 53248 bytes (iS3, Inc., STOPzilla Kernel Guard File System, x86-32 )
0xB0C22000 C:\OfficeScan NT\TmPreFlt.sys 53248 bytes (Trend Micro Inc., Pre-Filter For XP)
0xB80F8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB78CF000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB8208000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
0xB3076000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB82B8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80E8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB8138000 PBADRV.sys 45056 bytes (Dell Inc, PBA Support Driver)
0xB78DF000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB80D8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB787F000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB78AF000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB82E8000 C:\WINDOWS\System32\Drivers\ArcCD.SYS 36864 bytes (ArcSoft Inc., ArcCD.sys ReadOnly)
0xB8108000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB8288000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB78BF000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB3096000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA56F1000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB8128000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB2FAB000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB83E8000 C:\WINDOWS\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft® ASPI Shell)
0xB8438000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB8398000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB83D0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB3D26000 C:\WINDOWS\System32\DLA\DLABMFSM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0xB3D4E000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB8380000 C:\WINDOWS\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
0xB83E0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB83D8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xAAA77000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xB83C8000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB8390000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB3D1E000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Cisco Systems, Inc., IEEE 802.1X Protocol Driver)
0xB3D2E000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 20480 bytes (Roxio, Drive Letter Access Component)
0xB8340000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB83F8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB8408000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB83F0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xAAA67000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB4184000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver)
0xB84C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB8564000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA67FC000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xB8594000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAEB46000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xA5731000 C:\WINDOWS\system32\CCM\prepdrv.sys 16384 bytes (Microsoft Corporation, SMS Software Metering Process Event Driver)
0xAEB42000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 16384 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xB7D01000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB4180000 C:\WINDOWS\System32\Drivers\SMCLIB.SYS 16384 bytes (Microsoft Corporation, Smard Card Driver Library)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB84BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAEA8A000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB7D1D000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB8578000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB7D11000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB8568000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xB7D19000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xB865A000 C:\WINDOWS\System32\Drivers\ArcRec.SYS 8192 bytes (ArcSoft Inc., File System Recognizer for ArcUdfs)
0xB8666000 C:\Program Files\Broadcom\ASFIPMon\BASFND.sys 8192 bytes (Broadcom Corporation, Broadcom NetDetect Driver.)
0xB8652000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB85E2000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
0xB863A000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Roxio, Drive Letter Access Component)
0xAA51E000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xB8650000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB8656000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB8658000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB85EC000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB85F6000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB87D4000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xAADDC000 C:\WINDOWS\System32\DLA\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
0xB1E0E000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB86B2000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xB87B9000 C:\WINDOWS\system32\DRIVERS\smsmdm.sys 4096 bytes (Microsoft Corporation, RDP Miniport)
==============================================
>Stealth
==============================================
0x8A77BA9B Unknown page with executable code, 1381 bytes
0x8A77A288 Unknown page with executable code, 3448 bytes
0x8A77C19B Unknown page with executable code, 3685 bytes
0xB80F8000 WARNING: Virus alike driver modification [VolSnap.sys], 53248 bytes
0x8A77EE84 Unknown thread object [ ETHREAD 0x8A8B0BE8 ] TID: 124, 600 bytes
0x8A781084 Unknown thread object [ ETHREAD 0x8A8B0970 ] TID: 128, 600 bytes
0x8A78015A Unknown thread object [ ETHREAD 0x8A911020 ] , 600 bytes
0x8A77EB4F Unknown thread object [ ETHREAD 0x8A911678 ] , 600 bytes
0x8A780D58 Unknown page with executable code, 680 bytes

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:57 PM

Posted 06 April 2011 - 04:24 PM

Hi,

it looks like you have a new variant of the TDL rootkit. Could you please rerun TDSSKiller, so that I can see if it picks it up:

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 RamHemi

RamHemi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 06 April 2011 - 04:45 PM

Myrti,

Ok so I extracted the exe and eula.txt to my desktop (the only 2 items listed by winzip), but when I copy that string you provided into the RUN bar and hit OK, it doesn't do anything. I assume I should see some hard drive activity, or should I wait a few minutes?

Thanks,

Ram

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:57 PM

Posted 06 April 2011 - 05:15 PM

Hi,

now it should show you a gui. Could you start it by double-clicking, it will run. I'm just not entirely sure where the log will be located. Possibly in C:\tdsskiller.txxt

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 RamHemi

RamHemi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 06 April 2011 - 05:29 PM

Myrti,

Still no luck. I deleted and re-downloaded, and unzipped. Neither double clicking app or inserting the script seems to work. It is not like the app starts to load or anything, just double click, gets a super quick hourglass, then nothing happens.

Any other suggestions? if not I totally understand and appreciate the help so far. One of my bigger questions would be to know if of my documnets are compromised (word,excel,PDf's etc). I had an external hard-drive backup but it took a dump about 2 weeks ago and I hadn't bought a new one yet, as I was a little PO'd. Then this happened. Lucky me!

Sorry to rant, let me know what you think!

Thanks,

Ram

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:57 PM

Posted 06 April 2011 - 05:54 PM

Hi,
ok let's try a different tool for now:

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Anything that isn't executable should be safe to backup. (So anything that doesn't end in .com, .pif, .exe, .php, .zip, .dll, .html, .scr)

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 RamHemi

RamHemi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 06 April 2011 - 06:50 PM

Myrti,

OK, ran Combo fix and it found "volsnap.sys patched w/ rootkit" attempting disinfection, a minute later it required a reboot. Upon reboot and on stage 4 off combofix routine, I got a BSOD, error with catchme.sys.

Rebooted PC again and ran ComboFix again. The following is the log file.

As i stated earlier in the post, I can not disable or uninstall TrendMicro, even though i tried the password workaround in the INI file.

Thanks,

Ram

ComboFix 11-04-02.03 - TJBrown 04/06/2011 17:34:40.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1323 [GMT -6:00]
Running from: c:\documents and settings\tjbrown\Desktop\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *Enabled/Outdated* {8DF9AECC-1A62-455B-8939-0CDD61F1B136}
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {45938B82-13DF-4944-A30B-9547D2E5F04C}
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {66080D74-3C72-422D-B5AB-199CC44D0FBA}
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {E7AFD44B-4873-4F65-A3E7-D9F7A1EE0363}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :P
.
((((((((((((((((((((((((( Files Created from 2011-03-06 to 2011-04-06 )))))))))))))))))))))))))))))))
.
.
2011-04-06 23:33 . 2011-04-06 23:33 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2011-04-05 20:36 . 2011-04-05 20:38 -------- dc-h--w- c:\windows\ie8
2011-04-05 02:39 . 2011-04-05 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-04-05 02:39 . 2011-04-05 02:39 -------- d-----w- c:\program files\IObit
2011-04-05 02:07 . 2011-04-05 02:07 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-05 02:07 . 2011-04-05 02:07 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-04-05 02:07 . 2011-04-05 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-04-03 16:50 . 2011-04-03 16:50 -------- d-----w- c:\program files\7-Zip
2011-04-02 16:42 . 2011-04-02 17:03 -------- d-----w- c:\program files\Bing Bar Installer
2011-04-02 02:09 . 2011-04-02 02:09 -------- d-----w- c:\documents and settings\tjbrown\Application Data\ElevatedDiagnostics
2011-04-02 01:27 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-02 01:27 . 2011-04-02 01:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-01 04:49 . 2011-04-01 04:49 -------- d-----w- c:\program files\STOPzilla!
2011-04-01 04:49 . 2011-04-01 04:49 -------- d-----w- c:\program files\Common Files\iS3
2011-04-01 04:49 . 2011-04-06 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-04-01 03:57 . 2011-04-01 03:57 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-31 22:13 . 2011-03-31 22:13 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-03-31 22:13 . 2011-03-31 22:13 452048 ----a-r- c:\windows\system32\SZBase5.dll
2011-03-31 22:13 . 2011-03-31 22:13 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-03-31 22:13 . 2011-03-31 22:13 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-03-31 22:13 . 2011-03-31 22:13 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-03-31 22:13 . 2011-03-31 22:13 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-03-31 22:13 . 2011-03-31 22:13 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-03-31 22:13 . 2011-03-31 22:13 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-03-31 22:13 . 2011-03-31 22:13 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-03-31 22:13 . 2011-03-31 22:13 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-03-31 22:13 . 2011-03-31 22:13 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-03-31 22:13 . 2011-03-31 22:13 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-03-31 19:54 . 2011-04-01 03:57 -------- d--h--w- c:\documents and settings\tjbrown\.bcm
2011-03-24 19:30 . 2011-03-24 19:30 -------- d--h--w- c:\documents and settings\tjbrown\Local Settings\Application Data\WMTools Downloaded Files
2011-03-24 03:44 . 2011-03-24 03:45 -------- d--h--w- c:\documents and settings\tjbrown\Application Data\Apple Computer
2011-03-22 22:05 . 2011-03-22 22:05 -------- d--h--w- c:\program files\MagicISO
2011-03-22 20:07 . 2011-03-22 20:07 -------- d--h--w- c:\program files\MagicDisc
2011-03-22 20:07 . 2009-02-25 00:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2011-03-22 20:00 . 2011-03-28 17:44 -------- d--h--w- c:\documents and settings\tjbrown\Cisco Packet Tracer 5.3
2011-03-22 19:59 . 2011-03-22 19:59 -------- d--h--w- c:\program files\Cisco Packet Tracer 5.3
2011-03-18 00:27 . 2011-03-18 00:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-03-18 00:27 . 2011-03-18 00:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-03-18 00:27 . 2011-03-18 00:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-03-18 00:27 . 2011-03-18 00:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-03-18 00:27 . 2011-03-18 00:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-03-18 00:27 . 2011-03-18 00:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-03-18 00:27 . 2011-03-18 00:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-03-18 00:27 . 2011-03-18 00:27 -------- d--h--w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-03-18 00:26 . 2011-03-18 00:26 -------- d--h--w- c:\documents and settings\tjbrown\Local Settings\Application Data\Apple
2011-03-18 00:26 . 2011-03-18 00:26 -------- d--h--w- c:\documents and settings\All Users\Application Data\Apple
2011-03-18 00:17 . 2007-11-06 19:22 36224 ----a-w- c:\windows\system32\drivers\ArcCD.sys
2011-03-18 00:17 . 2007-04-25 14:55 134912 ----a-w- c:\windows\system32\drivers\ArcUdfs.sys
2011-03-18 00:17 . 2007-04-24 17:33 7680 ----a-w- c:\windows\system32\drivers\ArcRec.sys
2011-03-17 02:18 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-17 02:18 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-03-15 15:00 . 2007-05-31 20:50 356352 ----a-w- c:\windows\system32\nvudisp.exe
2011-03-15 14:22 . 2005-07-08 20:19 666 ----a-w- c:\windows\speed.reg
2011-03-13 20:18 . 2007-05-31 20:50 8429568 ----a-w- c:\windows\system32\nvcpl(9).dll
2011-03-13 20:18 . 2007-05-31 20:50 8429568 ----a-w- c:\windows\system32\nvcpl(8).dll
2011-03-13 20:18 . 2007-05-31 20:50 8429568 ----a-w- c:\windows\system32\nvcpl(7).dll
2011-03-13 20:18 . 2007-05-31 20:50 8429568 ----a-w- c:\windows\system32\nvcpl(10).dll
2011-03-13 20:18 . 2007-05-31 20:50 339968 ----a-w- c:\windows\system32\nvapi(9).dll
2011-03-13 20:18 . 2007-05-31 20:50 339968 ----a-w- c:\windows\system32\nvapi(8).dll
2011-03-13 20:18 . 2007-05-31 20:50 339968 ----a-w- c:\windows\system32\nvapi(7).dll
2011-03-13 20:18 . 2007-05-31 20:50 339968 ----a-w- c:\windows\system32\nvapi(10).dll
2011-03-11 02:30 . 2011-03-18 00:27 -------- d--h--w- c:\program files\QuickTime
2011-03-11 02:30 . 2011-03-11 02:30 -------- d--h--w- c:\program files\Common Files\Apple
2011-03-11 02:30 . 2011-03-18 00:26 -------- d--h--w- c:\program files\Apple Software Update
2011-03-11 02:26 . 2011-03-11 02:26 -------- d--h--w- c:\program files\Kodak
2011-03-09 16:37 . 2011-03-09 16:37 -------- d--h--w- c:\program files\HAT
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-13 19:48 . 2007-10-25 03:29 98304 ----a-w- c:\windows\DUMP63da.tmp
2011-03-13 19:32 . 2007-10-25 03:29 98304 ----a-w- c:\windows\DUMP67e1.tmp
2011-03-13 19:27 . 2007-10-25 03:29 98304 ----a-w- c:\windows\DUMP6447.tmp
2011-03-01 16:18 . 2009-07-26 00:04 831488 ------w- c:\windows\Setup1.exe
2011-03-01 16:18 . 2009-07-26 00:04 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-02-09 13:53 . 2004-08-11 22:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-11 22:11 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-11 22:11 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-11 22:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-11 22:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2004-02-27 22:29 . 2008-01-21 19:23 95968 ---ha-w- c:\program files\Common Files\ACTTest.ocx
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-02_22.05.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-06 23:18 . 2011-04-06 23:18 16384 c:\windows\temp\Perflib_Perfdata_344.dat
+ 2004-08-11 22:00 . 2009-03-08 10:31 46592 c:\windows\system32\pngfilt.dll
+ 2004-08-11 22:00 . 2011-04-03 22:52 78172 c:\windows\system32\perfc009.dat
- 2004-08-11 22:00 . 2007-08-14 01:01 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-11 22:00 . 2009-03-08 10:31 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-11 22:00 . 2009-03-08 10:31 66560 c:\windows\system32\mshtmled.dll
- 2004-08-11 22:00 . 2007-08-14 01:32 45568 c:\windows\system32\mshta.exe
+ 2004-08-11 22:00 . 2009-03-08 10:31 45568 c:\windows\system32\mshta.exe
+ 2007-08-14 01:36 . 2009-03-08 10:31 13312 c:\windows\system32\msfeedssync.exe
+ 2007-08-14 01:54 . 2009-03-08 10:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-11 22:00 . 2009-03-08 10:34 43008 c:\windows\system32\licmgr10.dll
+ 2004-08-11 22:00 . 2009-03-08 10:33 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-11 22:00 . 2009-03-08 10:32 94720 c:\windows\system32\inseng.dll
+ 2004-08-11 22:00 . 2009-03-08 10:31 34816 c:\windows\system32\imgutil.dll
+ 2004-08-11 22:00 . 2009-03-08 10:32 71680 c:\windows\system32\iesetup.dll
+ 2004-08-11 22:00 . 2009-03-08 10:32 55808 c:\windows\system32\iernonce.dll
+ 2010-12-20 23:08 . 2010-12-20 23:08 78336 c:\windows\system32\ieencode.dll
- 2010-06-10 02:43 . 2010-03-11 12:38 78336 c:\windows\system32\ieencode.dll
+ 2007-08-14 01:36 . 2009-03-08 10:31 59904 c:\windows\system32\icardie.dll
+ 2004-08-11 22:00 . 2008-04-13 18:41 52352 c:\windows\system32\dllcache\volsnap.sys
+ 2007-08-14 01:36 . 2009-03-08 10:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2007-08-14 01:01 . 2009-03-08 10:31 48128 c:\windows\system32\dllcache\mshtmler.dll
- 2007-08-14 01:01 . 2007-08-14 01:01 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-14 01:54 . 2009-03-08 10:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-14 01:32 . 2009-03-08 10:31 45568 c:\windows\system32\dllcache\mshta.exe
- 2007-08-14 01:32 . 2007-08-14 01:32 45568 c:\windows\system32\dllcache\mshta.exe
+ 2009-11-07 00:52 . 2009-03-08 10:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-14 01:44 . 2009-03-08 10:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-14 01:54 . 2009-03-08 10:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-14 01:39 . 2009-03-08 10:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2007-08-14 01:36 . 2009-03-08 10:31 34816 c:\windows\system32\dllcache\imgutil.dll
- 2009-11-07 00:52 . 2010-03-10 13:18 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-11-07 00:52 . 2010-12-20 12:54 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-08-14 01:39 . 2009-03-08 10:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-14 01:39 . 2009-03-08 10:32 55808 c:\windows\system32\dllcache\iernonce.dll
- 2010-06-10 02:43 . 2010-03-11 12:38 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2010-12-20 23:08 . 2010-12-20 23:08 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2009-11-07 00:52 . 2009-03-08 10:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2007-08-14 01:18 . 2009-03-08 10:24 68608 c:\windows\system32\dllcache\hmmapi.dll
- 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2007-08-14 01:42 . 2009-03-08 10:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2007-08-14 01:39 . 2009-03-08 10:32 72704 c:\windows\system32\dllcache\admparse.dll
- 2004-08-11 22:00 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2004-08-11 22:00 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2004-08-11 22:00 . 2009-03-08 10:33 18944 c:\windows\system32\corpol.dll
+ 2007-10-29 19:29 . 2011-04-06 00:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-29 19:29 . 2011-04-01 03:29 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-29 19:29 . 2011-04-06 00:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-10-29 19:29 . 2011-04-01 03:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-04-06 00:25 . 2011-04-06 00:48 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-10-29 19:29 . 2011-04-01 03:29 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-11 22:00 . 2009-03-08 10:32 72704 c:\windows\system32\admparse.dll
- 2007-12-05 17:33 . 2011-02-04 20:24 12288 c:\windows\Installer\{91530409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-12-05 17:33 . 2011-04-05 20:41 12288 c:\windows\Installer\{91530409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-10-25 04:07 . 2011-02-04 20:28 35088 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-10-25 04:07 . 2011-04-05 20:42 35088 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-10-25 04:07 . 2011-02-04 20:28 18704 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-10-25 04:07 . 2011-04-05 20:42 18704 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-10-25 04:07 . 2011-02-04 20:28 20240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-10-25 04:07 . 2011-04-05 20:42 20240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-04-05 20:38 . 2009-03-08 20:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2011-04-05 20:36 . 2010-03-11 12:38 44544 c:\windows\ie8\pngfilt.dll
+ 2011-04-05 20:36 . 2007-08-14 01:01 48128 c:\windows\ie8\mshtmler.dll
+ 2011-04-05 20:36 . 2007-08-14 01:32 45568 c:\windows\ie8\mshta.exe
+ 2011-04-05 20:36 . 2007-08-14 01:36 12288 c:\windows\ie8\msfeedssync.exe
+ 2011-04-05 20:36 . 2010-03-11 12:38 52224 c:\windows\ie8\msfeedsbs.dll
+ 2011-04-05 20:36 . 2007-08-14 01:44 40960 c:\windows\ie8\licmgr10.dll
+ 2011-04-05 20:36 . 2010-03-11 12:38 27648 c:\windows\ie8\jsproxy.dll
+ 2011-04-05 20:36 . 2007-08-14 01:39 92672 c:\windows\ie8\inseng.dll
+ 2011-04-05 20:36 . 2007-08-14 01:36 36352 c:\windows\ie8\imgutil.dll
+ 2011-04-05 20:36 . 2007-08-14 01:39 55296 c:\windows\ie8\iesetup.dll
+ 2011-04-05 20:36 . 2010-03-11 12:38 44544 c:\windows\ie8\iernonce.dll
+ 2011-04-05 20:36 . 2010-03-11 12:38 78336 c:\windows\ie8\ieencode.dll
+ 2011-04-05 20:36 . 2010-03-10 13:18 70656 c:\windows\ie8\ie4uinit.exe
+ 2011-04-05 20:36 . 2010-03-11 12:38 63488 c:\windows\ie8\icardie.dll
+ 2011-04-05 20:36 . 2007-08-14 01:18 60416 c:\windows\ie8\hmmapi.dll
+ 2011-04-05 20:36 . 2010-03-11 12:38 17408 c:\windows\ie8\corpol.dll
+ 2011-04-05 20:36 . 2007-08-14 01:39 71680 c:\windows\ie8\admparse.dll
+ 2011-04-05 20:40 . 2010-03-10 13:18 13824 c:\windows\ie7updates\KB2482017-IE7\ieudinit.exe
+ 2011-04-05 20:39 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2419632\update\spcustom.dll
+ 2011-04-05 20:39 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2419632\spmsg.dll
- 2007-12-05 17:33 . 2011-02-04 20:24 4096 c:\windows\Installer\{91530409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-12-05 17:33 . 2011-04-05 20:41 4096 c:\windows\Installer\{91530409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2004-08-11 22:00 . 2009-03-08 10:34 914944 c:\windows\system32\wininet.dll
+ 2007-08-14 01:45 . 2009-03-08 10:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2004-08-11 22:00 . 2009-03-08 10:34 236544 c:\windows\system32\webcheck.dll
+ 2004-08-11 22:00 . 2009-03-08 10:33 420352 c:\windows\system32\vbscript.dll
- 2004-08-11 22:00 . 2010-03-11 12:38 105984 c:\windows\system32\url.dll
+ 2004-08-11 22:00 . 2009-03-08 10:34 105984 c:\windows\system32\url.dll
+ 2004-08-11 22:00 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 135168 c:\windows\system32\shsvcs.dll
+ 2004-08-11 22:00 . 2011-04-03 22:52 459552 c:\windows\system32\perfh009.dat
+ 2004-08-11 22:00 . 2010-11-09 14:52 249856 c:\windows\system32\odbc32.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 249856 c:\windows\system32\odbc32.dll
+ 2004-08-11 22:00 . 2009-03-08 10:34 109568 c:\windows\system32\occache.dll
+ 2004-08-11 22:00 . 2009-03-08 10:32 611840 c:\windows\system32\mstime.dll
+ 2004-08-11 22:00 . 2009-03-08 10:34 193536 c:\windows\system32\msrating.dll
+ 2004-08-11 22:00 . 2009-03-08 10:22 156160 c:\windows\system32\msls31.dll
- 2004-08-11 22:00 . 2007-08-14 01:54 156160 c:\windows\system32\msls31.dll
+ 2007-08-14 01:54 . 2009-03-08 10:32 594432 c:\windows\system32\msfeeds.dll
+ 2004-08-11 22:00 . 2010-12-20 17:26 730112 c:\windows\system32\lsasrv.dll
- 2004-08-11 22:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
- 2004-08-11 22:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2004-08-11 22:00 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll
+ 2004-08-11 22:00 . 2009-03-08 10:33 726528 c:\windows\system32\jscript.dll
+ 2007-08-14 01:54 . 2009-03-08 10:22 164352 c:\windows\system32\ieui.dll
+ 2004-08-11 22:00 . 2009-03-08 10:31 183808 c:\windows\system32\iepeers.dll
+ 2004-08-11 22:00 . 2009-03-08 20:09 391536 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 19:27 . 2009-03-08 10:11 445952 c:\windows\system32\ieapfltr.dll
+ 2004-08-11 22:00 . 2009-03-08 10:32 163840 c:\windows\system32\ieakui.dll
+ 2004-08-11 22:00 . 2009-03-08 10:33 229376 c:\windows\system32\ieaksie.dll
+ 2004-08-11 22:00 . 2009-03-08 10:33 125952 c:\windows\system32\ieakeng.dll
+ 2004-08-11 22:00 . 2009-03-08 10:32 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 22:06 . 2011-04-05 20:48 271784 c:\windows\system32\FNTCACHE.DAT
- 2004-08-11 22:06 . 2011-02-04 23:16 271784 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-11 22:00 . 2010-12-20 23:08 133120 c:\windows\system32\extmgr.dll
- 2004-08-11 22:00 . 2010-03-11 12:38 133120 c:\windows\system32\extmgr.dll
+ 2004-08-11 22:00 . 2009-03-08 10:31 216064 c:\windows\system32\dxtrans.dll
+ 2004-08-11 22:00 . 2009-03-08 10:31 348160 c:\windows\system32\dxtmsft.dll
+ 2008-08-25 16:55 . 2009-03-08 10:34 914944 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-14 01:54 . 2009-03-08 10:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-14 01:54 . 2009-03-08 10:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:53 . 2009-03-08 10:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2007-08-14 01:44 . 2009-03-08 10:34 105984 c:\windows\system32\dllcache\url.dll
- 2007-08-14 01:44 . 2010-03-11 12:38 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-08 00:20 . 2009-01-08 00:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-07-27 23:17 . 2009-07-27 23:17 135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2011-01-21 14:44 . 2011-01-21 14:44 439296 c:\windows\system32\dllcache\shimgvw.dll
+ 2011-02-09 13:53 . 2011-02-09 13:53 270848 c:\windows\system32\dllcache\sbe.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2007-08-14 01:44 . 2009-03-08 10:34 109568 c:\windows\system32\dllcache\occache.dll
+ 2007-08-14 01:54 . 2009-03-08 10:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-08-14 01:44 . 2009-03-08 10:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2007-08-14 01:54 . 2009-03-08 10:22 156160 c:\windows\system32\dllcache\msls31.dll
- 2007-08-14 01:54 . 2007-08-14 01:54 156160 c:\windows\system32\dllcache\msls31.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
+ 2009-11-07 00:52 . 2009-03-08 10:32 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
+ 2009-05-18 01:28 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
- 2009-05-18 01:28 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2011-01-27 11:57 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2009-10-08 02:58 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
- 2009-10-08 02:58 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2008-05-09 10:53 . 2009-03-08 10:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2007-08-14 01:43 . 2009-03-08 20:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2007-08-14 01:54 . 2009-03-08 10:31 183808 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-14 01:39 . 2009-03-08 20:09 391536 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-11-07 00:52 . 2009-03-08 10:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-08-14 00:56 . 2009-03-08 10:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-14 01:39 . 2009-03-08 10:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-14 01:39 . 2009-03-08 10:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-14 01:39 . 2009-03-08 10:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-14 01:54 . 2010-12-20 23:08 133120 c:\windows\system32\dllcache\extmgr.dll
- 2007-08-14 01:54 . 2010-03-11 12:38 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2011-02-09 13:53 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
+ 2007-08-14 01:35 . 2009-03-08 10:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-14 01:35 . 2009-03-08 10:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
- 2010-04-20 05:30 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2010-04-20 05:30 . 2011-01-07 14:09 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2007-08-14 01:39 . 2009-03-08 10:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-11 22:00 . 2009-03-08 10:32 128512 c:\windows\system32\advpack.dll
- 2007-12-05 17:33 . 2011-02-04 20:24 176128 c:\windows\Installer\{91530409-6000-11D3-8CFE-0150048383C9}\visicon.exe
+ 2007-12-05 17:33 . 2011-04-05 20:41 176128 c:\windows\Installer\{91530409-6000-11D3-8CFE-0150048383C9}\visicon.exe
+ 2007-12-05 17:33 . 2011-04-05 20:41 135168 c:\windows\Installer\{91530409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-12-05 17:33 . 2011-02-04 20:24 135168 c:\windows\Installer\{91530409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-10-25 04:07 . 2011-02-04 20:28 888080 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-10-25 04:07 . 2011-04-05 20:42 888080 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-10-25 04:07 . 2011-02-04 20:28 272648 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-10-25 04:07 . 2011-04-05 20:42 272648 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pubs.exe
- 2007-10-25 04:07 . 2011-02-04 20:28 922384 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-10-25 04:07 . 2011-04-05 20:42 922384 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pptico.exe
- 2007-10-25 04:07 . 2011-02-04 20:28 845584 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-10-25 04:07 . 2011-04-05 20:42 845584 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\outicon.exe
- 2007-10-25 04:07 . 2011-02-04 20:28 217864 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\misc.exe
+ 2007-10-25 04:07 . 2011-04-05 20:42 217864 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\misc.exe
+ 2011-04-05 20:36 . 2010-03-11 12:38 832512 c:\windows\ie8\wininet.dll
+ 2011-04-05 20:36 . 2007-08-14 01:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2011-04-05 20:36 . 2010-03-11 12:38 233472 c:\windows\ie8\webcheck.dll
+ 2011-04-05 20:36 . 2008-05-27 17:23 765952 c:\windows\ie8\vgx.dll
+ 2011-04-05 20:36 . 2010-03-09 11:09 430080 c:\windows\ie8\vbscript.dll
+ 2011-04-05 20:36 . 2010-03-11 12:38 105984 c:\windows\ie8\url.dll
+ 2011-04-05 20:38 . 2009-01-08 00:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2011-04-05 20:38 . 2009-01-08 00:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2011-04-05 20:36 . 2006-09-07 00:43 213216 c:\windows\ie8\spuninst.exe
+ 2011-04-05 20:36 . 2010-03-11 12:38 102912 c:\windows\ie8\occache.dll
+ 2011-04-05 20:36 . 2010-03-11 12:38 671232 c:\windows\ie8\mstime.dll
+ 2011-04-05 20:36 . 2010-03-11 12:38 193024 c:\windows\ie8\msrating.dll
+ 2011-04-05 20:36 . 2007-08-14 01:54 156160 c:\windows\ie8\msls31.dll
+ 2011-04-05 20:36 . 2010-03-11 12:38 477696 c:\windows\ie8\mshtmled.dll
+ 2011-04-05 20:36 . 2010-03-11 12:38 459264 c:\windows\ie8\msfeeds.dll
+ 2011-04-05 20:36 . 2009-08-13 15:16 512000 c:\windows\ie8\jscript.dll
+ 2011-04-05 20:36 . 2010-02-23 05:20 634648 c:\windows\ie8\iexplore.exe
+ 2011-04-05 20:36 . 2007-08-14 01:54 180736 c:\windows\ie8\ieui.dll
+ 2011-04-05 20:36 . 2010-03-11 12:38 268288 c:\windows\ie8\iertutil.dll
+ 2011-04-05 20:36 . 2007-08-14 01:54 287744 c:\windows\ie8\ieproxy.dll
+ 2011-04-05 20:36 . 2010-03-11 12:38 192512 c:\windows\ie8\iepeers.dll
+ 2011-04-05 20:36 . 2010-03-11 12:38 385024 c:\windows\ie8\iedkcs32.dll
+ 2011-04-05 20:36 . 2010-03-11 12:38 380928 c:\windows\ie8\ieapfltr.dll
+ 2011-04-05 20:36 . 2010-02-23 05:18 161792 c:\windows\ie8\ieakui.dll
+ 2011-04-05 20:36 . 2010-03-11 12:38 230400 c:\windows\ie8\ieaksie.dll
+ 2011-04-05 20:36 . 2010-03-11 12:38 153088 c:\windows\ie8\ieakeng.dll
+ 2011-04-05 20:36 . 2010-03-11 12:38 214528 c:\windows\ie8\dxtrans.dll
+ 2011-04-05 20:36 . 2010-03-11 12:38 347136 c:\windows\ie8\dxtmsft.dll
+ 2011-04-05 20:36 . 2010-03-11 12:38 124928 c:\windows\ie8\advpack.dll
+ 2011-04-05 20:40 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2482017-IE7\spuninst\updspapi.dll
+ 2011-04-05 20:40 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2482017-IE7\spuninst\spuninst.exe
+ 2011-04-05 20:40 . 2010-03-11 12:38 133120 c:\windows\ie7updates\KB2482017-IE7\extmgr.dll
+ 2011-04-05 20:39 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2419632\update\updspapi.dll
+ 2011-04-05 20:39 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2419632\update\update.exe
+ 2011-04-05 20:39 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2419632\spuninst.exe
+ 2010-11-09 14:50 . 2010-11-09 14:50 253952 c:\windows\$hf_mig$\KB2419632\SP3QFE\odbc32.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 102400 c:\windows\$hf_mig$\KB2419632\SP3QFE\msjro.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 200704 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadox.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 180224 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadomd.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 565248 c:\windows\$hf_mig$\KB2419632\SP3QFE\msado15.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50 143360 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadco.dll
+ 2004-08-11 22:00 . 2010-12-31 13:10 1854976 c:\windows\system32\win32k.sys
+ 2004-08-11 22:00 . 2009-03-08 10:34 1206784 c:\windows\system32\urlmon.dll
+ 2004-08-11 22:00 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
- 2004-08-11 22:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2004-08-11 22:00 . 2009-03-08 10:41 5937152 c:\windows\system32\mshtml.dll
+ 2007-08-14 01:34 . 2009-03-08 10:32 1985024 c:\windows\system32\iertutil.dll
+ 2007-02-12 23:10 . 2009-02-07 03:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2008-10-30 17:01 . 2010-12-31 13:10 1854976 c:\windows\system32\dllcache\win32k.sys
+ 2008-08-25 16:55 . 2009-03-08 10:34 1206784 c:\windows\system32\dllcache\urlmon.dll
- 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2008-06-17 19:02 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2008-08-25 16:55 . 2009-03-08 10:41 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2011-02-02 07:58 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
+ 2009-11-07 00:52 . 2009-03-08 10:32 1985024 c:\windows\system32\dllcache\iertutil.dll
+ 2009-11-07 00:52 . 2009-02-07 03:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2011-02-16 19:54 . 2011-02-16 19:54 4992000 c:\windows\Installer\1d4af1.msp
- 2007-10-25 04:07 . 2011-02-04 20:28 1172240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-10-25 04:07 . 2011-04-05 20:42 1172240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-04-05 20:36 . 2010-03-11 12:38 1168384 c:\windows\ie8\urlmon.dll
+ 2011-04-05 20:36 . 2010-03-11 12:38 3599872 c:\windows\ie8\mshtml.dll
+ 2011-04-05 20:36 . 2010-03-11 12:38 6067200 c:\windows\ie8\ieframe.dll
+ 2011-04-05 20:36 . 2009-06-29 08:33 2452872 c:\windows\ie8\ieapfltr.dat
+ 2009-04-03 20:38 . 2011-03-03 01:56 37943240 c:\windows\system32\MRT.exe
+ 2007-08-14 01:54 . 2009-03-08 10:39 11063808 c:\windows\system32\ieframe.dll
+ 2009-11-07 00:52 . 2009-03-08 10:39 11063808 c:\windows\system32\dllcache\ieframe.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 12105216 c:\windows\Installer\1d4adf.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"OfficeScanNT Monitor"="c:\officescan nt\pccntmon.exe" [2009-09-08 849192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
.
c:\documents and settings\tjbrown\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-3-22 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-154013260-982405162-577866162-1611\Scripts\Logon\0\0]
"Script"=\\xeta\netlogon\dfenv.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-154013260-982405162-577866162-1611\Scripts\Logon\1\0]
"Script"=c:\winnt\scripts\script.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-154013260-982405162-577866162-9308\Scripts\Logon\0\0]
"Script"=\\xeta\netlogon\dfenv.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-154013260-982405162-577866162-9308\Scripts\Logon\1\0]
"Script"=c:\winnt\scripts\script.bat
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norstar ICS Scheduler.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Norstar ICS Scheduler.lnk
backup=c:\windows\pss\Norstar ICS Scheduler.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Xeta Technologies VPN Client Software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Xeta Technologies VPN Client Software.lnk
backup=c:\windows\pss\Xeta Technologies VPN Client Software.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-12-18 09:38 624056 ---ha-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Speed Launch]
2009-12-18 15:57 46520 ---ha-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Synchronizer]
2009-12-18 11:55 738776 ---ha-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ---ha-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-01-25 07:34 159744 ---ha-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 01:17 207424 ---ha-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft MediaImpression Monitor]
2010-07-20 15:09 80384 ---ha-w- c:\program files\Kodak\MediaImpression\ArcMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-05-14 19:23 1191936 ---ha-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
2007-01-30 20:32 102400 ---ha-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-03-04 14:46 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Index Washer]
2007-11-26 21:47 55624 ---ha-w- c:\program files\Webroot\Washer\WashIdx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-03-20 23:34 86960 ---ha-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-05-31 20:50 8429568 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2007-05-31 20:50 67584 ----a-w- c:\windows\system32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-05-31 20:50 81920 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-05-31 20:50 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor]
2009-09-08 09:30 849192 ---ha-w- c:\officescan nt\PccNTMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 22:23 118784 ---h--w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ---ha-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2007-01-22 16:53 212992 ---ha-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 11:17 149280 ---ha-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OfficeScanNT Monitor"="c:\officescan nt\pccntmon.exe" -HideWindow
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 5:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [5/12/2010 6:01 PM 59280]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432]
R2 i2050QoSSvc;Nortel Networks i2050 QoS Service;c:\windows\system32\i2050QosSvc.exe [3/19/2004 2:15 PM 81920]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 12:19 PM 50704]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [12/8/2009 1:14 PM 50704]
R2 TmFilter;Trend Micro Filter;c:\officescan nt\tmxpflt.sys [8/13/2007 10:15 AM 225808]
R2 TmPreFilter;Trend Micro PreFilter;c:\officescan nt\tmpreflt.sys [8/13/2007 10:15 AM 36368]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 4:00 PM 5120]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [1/2/2008 5:07 PM 598856]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [3/17/2011 6:17 PM 36224]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 11:32 AM 97536]
S0 black;black;c:\windows\system32\drivers\blackdrv.sys [10/30/2007 1:26 PM 227957]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 5:59 PM 61328]
S2 BlackICE;BlackICE;c:\program files\Network ICE\BlackICE\blackd.exe [10/30/2007 1:26 PM 851968]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/11/2004 4:00 PM 14336]
S3 RapFile;RapFile;c:\windows\system32\drivers\RapFile.sys [10/30/2007 1:26 PM 36676]
S3 RapNet;RapNet;c:\windows\system32\drivers\RapNet.sys [10/30/2007 1:26 PM 24344]
S3 TmProxy;OfficeScan NT Proxy Service;c:\officescan nt\TmProxy.exe [8/13/2007 10:15 AM 689416]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [3/17/2011 6:17 PM 134912]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ArcRec
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32 128512 ---ha-w- c:\windows\system32\advpack.dll
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071024
uInternet Settings,ProxyOverride = <local>
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
LSP: c:\windows\system32\biolsp.dll
Trusted Zone: xeta.com\applprd
Trusted Zone: xeta.com\onexp.corp
DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} - hxxps://content.ilinc.com/clientdownload/download/ilinci86.dll
DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-06 17:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Services\mirror\MK *i*]
"Attach.ToDesktop"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1312)
c:\windows\system32\CSGina.dll
.
- - - - - - - > 'lsass.exe'(1392)
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(1292)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2011-04-06 17:42:36
ComboFix-quarantined-files.txt 2011-04-06 23:42
ComboFix2.txt 2011-04-02 22:10
.
Pre-Run: 24,309,633,024 bytes free
Post-Run: 24,483,360,768 bytes free
.
- - End Of File - - D8EFD03DF4E42D605BAD5C10411A7A0E

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:57 PM

Posted 06 April 2011 - 06:55 PM

Hi,

the log looks promising, how is the PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 RamHemi

RamHemi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 06 April 2011 - 07:12 PM

Myrti,

So far so good, I am not getting those Script error pop-ups (they happened very often) and so far no re-direct issues!!!

However, how can I easily unhide all my programs, desktop items, taskbar shortcuts??

You have been fabulous, and sure appreciate your time. Thanks for helping us poor souls out here wandering the WILD WILD WEB! I'll be sure and recommend these forums.

Sincerely,

Ram

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:57 PM

Posted 06 April 2011 - 07:17 PM

Hi,

thanks for the nice words :)

Please try this tool to unhide your files:
http://download.bleepingcomputer.com/grinler/unhide.exe


let me know how it works for you.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 RamHemi

RamHemi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 06 April 2011 - 07:30 PM

Worked like a champ!

And thanks a lot.....again!!! Lets hope I can keep things clean moving forward.

Take Care,

Ram




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users