Solved Google Search Results Redirect to wrong sites

sambaker · 2010/06/07

[Resolved] Google Search Results Redirect to wrong sites

I would like to get assistance resolving a problem. My laptop has contracted a virus or malware with the primary symptom being that I a mredirected to the wrong sites when clicking on the links presented from a search engine (Google, Yahoo, etc.). I have tried to run Combofix.exe, Malwarebyte's Anti-Malware, Ad-Aware, Spybot Search & Destroy, and eTrust Pest-Patrol Anti-Spyware but the problem persists. I am including the DDS.txt and Attach.txt logs.

DDS.txt

DDS (Ver_10-03-17.01) - NTFSx86
Run by Brandon McGahee at 2:01:23.39 on Mon 06/07/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1042 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Belkin\F5D8051v2\chkdev.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Brandon McGahee\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.msn.com/
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: SrchHook Class: {d3f669eb-57ce-4f45-8fbd-e245cbb46366} - c:\program files\stopzilla!\toolbar\SZIESearchHook.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\toolbar\SZSG.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\toolbar\SZSG.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe "
mRun: [CaISSDT] "c:\program files\ca\etrust internet security suite\caissdt.exe "
mRun: [eTrustPPAP] "c:\program files\ca\etrust internet security suite\etrust pestpatrol anti-spyware\PPActiveDetection.exe "
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe "
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe "
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe "
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d8051v2\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
Trusted Zone: musicmatch.com\online
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158294370062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brando~1\applic~1\mozilla\firefox\profiles\6akbzgc3.default\
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-2 64160]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-8 214664]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-12-13 165488]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-2-8 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-2-8 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-2-8 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-8 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-8 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-8 40552]
S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-12-13 198256]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-12-13 79472]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-8 34248]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-2-27 30560]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-10 822424]
S4 WinDefend;Windows Defender Service;c:\program files\windows defender\MsMpEng.exe [2006-4-3 14032]

=============== Created Last 30 ================

2010-06-07 02:50:18 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-07 02:30:13 0 d-----w- c:\program files\Trojan Remover
2010-06-07 02:30:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2010-06-07 01:19:13 0 d-----w- C:\RECYCLER(2)
2010-05-28 20:37:24 0 d-----w- c:\program files\WebEx

==================== Find3M ====================

2010-04-26 19:58:12 256512 ----a-w- c:\windows\PEV.exe
2010-04-08 20:42:33 4784 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-03-11 05:38:37 2121728 ---ha-w- C:\SZKGFS.dat
2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-10 13:18:20 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:09:18 430080 ------w- c:\windows\system32\dllcache\vbscript.dll
2009-09-02 07:42:01 18764452 --sha-w- c:\windows\system32\algc.sys
2008-07-12 18:46:26 8 --sh--r- c:\windows\system32\D9B31E5078.sys
2010-02-14 08:17:39 3140 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-08-26 11:56:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082620080827\index.dat

============= FINISH: 2:03:24.10 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/15/2006 6:00:14 PM
System Uptime: 6/7/2010 12:53:56 AM (2 hours ago)

Motherboard: Dell Inc. | | 0XD720
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | Microprocessor | 1830/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 67 GiB total, 35.594 GiB free.
D: is FIXED (NTFS) - 22 GiB total, 21.462 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1147: 3/8/2010 6:10:52 PM - System Checkpoint
RP1148: 3/10/2010 1:42:04 AM - System Checkpoint
RP1149: 3/10/2010 10:59:19 AM - Software Distribution Service 3.0
RP1150: 3/10/2010 11:30:55 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1151: 3/10/2010 11:31:22 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1152: 3/11/2010 12:10:42 PM - System Checkpoint
RP1153: 3/11/2010 9:02:02 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1154: 3/13/2010 12:05:52 AM - System Checkpoint
RP1155: 3/14/2010 6:40:34 AM - System Checkpoint
RP1156: 3/15/2010 7:57:20 AM - System Checkpoint
RP1157: 3/16/2010 8:01:56 AM - System Checkpoint
RP1158: 3/16/2010 7:01:09 PM - Installed WinZip 14.0
RP1159: 3/18/2010 6:23:21 AM - System Checkpoint
RP1160: 3/19/2010 11:33:17 AM - System Checkpoint
RP1161: 3/20/2010 1:29:28 PM - System Checkpoint
RP1162: 3/21/2010 1:52:38 PM - System Checkpoint
RP1163: 3/22/2010 3:34:56 PM - System Checkpoint
RP1164: 3/23/2010 4:10:12 PM - System Checkpoint
RP1165: 3/24/2010 5:42:15 PM - System Checkpoint
RP1166: 3/25/2010 5:43:55 PM - System Checkpoint
RP1167: 3/26/2010 12:06:50 PM - Installed Microsoft Office Live Meeting 2007
RP1168: 3/27/2010 2:12:54 PM - System Checkpoint
RP1169: 3/28/2010 2:54:48 PM - System Checkpoint
RP1170: 3/29/2010 4:05:14 PM - System Checkpoint
RP1171: 3/30/2010 8:29:13 PM - System Checkpoint
RP1172: 3/31/2010 11:46:12 AM - Software Distribution Service 3.0
RP1173: 4/1/2010 3:17:56 PM - System Checkpoint
RP1174: 4/2/2010 5:26:23 PM - System Checkpoint
RP1175: 4/3/2010 5:37:05 PM - System Checkpoint
RP1176: 4/4/2010 6:18:24 PM - System Checkpoint
RP1177: 4/5/2010 7:57:13 PM - System Checkpoint
RP1178: 4/8/2010 12:19:58 AM - System Checkpoint
RP1179: 4/9/2010 2:56:47 AM - System Checkpoint
RP1180: 4/10/2010 3:42:38 AM - System Checkpoint
RP1181: 4/11/2010 5:51:56 AM - System Checkpoint
RP1182: 4/12/2010 7:59:12 AM - System Checkpoint
RP1183: 4/13/2010 12:16:19 PM - System Checkpoint
RP1184: 4/13/2010 9:51:00 PM - Software Distribution Service 3.0
RP1185: 4/14/2010 3:00:32 AM - Software Distribution Service 3.0
RP1186: 4/15/2010 1:25:59 PM - System Checkpoint
RP1187: 4/17/2010 12:39:00 AM - System Checkpoint
RP1188: 4/18/2010 4:03:22 AM - System Checkpoint
RP1189: 4/19/2010 6:27:47 AM - System Checkpoint
RP1190: 4/20/2010 6:42:57 AM - System Checkpoint
RP1191: 4/21/2010 11:02:59 AM - System Checkpoint
RP1192: 4/22/2010 12:11:32 PM - System Checkpoint
RP1193: 4/23/2010 1:43:28 PM - System Checkpoint
RP1194: 4/24/2010 4:17:07 PM - System Checkpoint
RP1195: 4/25/2010 6:08:04 PM - System Checkpoint
RP1196: 4/27/2010 12:06:57 PM - System Checkpoint
RP1197: 4/28/2010 1:14:21 PM - System Checkpoint
RP1198: 4/29/2010 1:49:46 PM - System Checkpoint
RP1199: 4/30/2010 8:03:52 PM - System Checkpoint
RP1200: 5/2/2010 6:04:15 AM - System Checkpoint
RP1201: 5/3/2010 11:20:20 AM - System Checkpoint
RP1202: 5/4/2010 11:26:31 AM - System Checkpoint
RP1203: 5/6/2010 6:42:44 AM - System Checkpoint
RP1204: 5/7/2010 12:09:05 PM - System Checkpoint
RP1205: 5/8/2010 6:22:18 PM - System Checkpoint
RP1206: 5/9/2010 8:44:06 PM - System Checkpoint
RP1207: 5/11/2010 6:05:57 AM - System Checkpoint
RP1208: 5/11/2010 10:24:13 PM - Software Distribution Service 3.0
RP1209: 5/13/2010 3:23:05 AM - System Checkpoint
RP1210: 5/14/2010 3:57:32 AM - System Checkpoint
RP1211: 5/15/2010 2:34:25 PM - System Checkpoint
RP1212: 5/17/2010 12:57:23 AM - System Checkpoint
RP1213: 5/18/2010 9:49:56 AM - System Checkpoint
RP1214: 5/19/2010 10:42:36 AM - System Checkpoint
RP1215: 5/21/2010 1:47:50 AM - System Checkpoint
RP1216: 5/22/2010 9:57:46 AM - System Checkpoint
RP1217: 5/23/2010 5:23:04 PM - System Checkpoint
RP1218: 5/24/2010 6:09:00 PM - System Checkpoint
RP1219: 5/25/2010 6:34:46 PM - System Checkpoint
RP1220: 5/26/2010 10:48:37 AM - Software Distribution Service 3.0
RP1221: 5/27/2010 11:22:12 AM - System Checkpoint
RP1222: 5/28/2010 11:38:51 AM - System Checkpoint
RP1223: 5/31/2010 6:34:33 AM - System Checkpoint
RP1224: 6/1/2010 6:35:38 AM - System Checkpoint
RP1225: 6/2/2010 7:58:41 AM - System Checkpoint
RP1226: 6/3/2010 9:55:38 AM - System Checkpoint
RP1227: 6/3/2010 10:51:28 PM - Software Distribution Service 3.0
RP1228: 6/5/2010 8:55:08 PM - System Checkpoint
RP1229: 6/6/2010 10:48:18 PM - Restore Operation

==== Installed Programs ======================

32 Bit HP CIO Components Installer
7-Zip 4.57
725plc32
Ad-Aware
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
ATI Catalyst Control Center
ATI Display Driver
Belkin N1 Wireless USB Network Adapter Setup
Broadcom Management Programs
CA eTrust PestPatrol Anti-Spyware
CCleaner (remove only)
CleanUp!
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
Dell Color Printer 725
Dell Digital Jukebox Driver
Dell Game Console
Dell Media Experience
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EarthLink setup files
EducateU
ELIcon
Games, Music, & Photos Launcher
Get High Speed Internet!
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PROSet/Wireless Software
Internet Service Offers Launcher
iS3 STOPzilla Toolbar
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 15
Junk Mail filter update
K-Lite Codec Pack 3.9.5 (Full)
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Logitech Legacy USB Camera Driver Package
Logitech Updater
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware
McAfee SecurityCenter
McAfee Uninstaller
mCore
MCU
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Live Add-in 1.3
Microsoft Office Live Meeting 2007
Microsoft Office Project MUI (English) 2010 (Beta)
Microsoft Office Project Professional 2010 (Beta)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010 (Beta)
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010 (Beta)
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010 (Beta)
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010 (Beta)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Send-a-Smile
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010 (Beta)
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007 Trial
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Project Professional 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Software Update for Web Folders (English) 14 (Beta)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIWA
mLogView
mMHouse
Mobile Broadband Generic Drivers
Modem Helper
Mozilla Firefox (3.6.3)
mPfMgr
mPfWiz
mProSafe
mSCfg
MSN
mSSO
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6.0 Parser
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mWMI
mZConfig
NetWaiting
NetZeroInstallers
Norton Ghost 10.0
NTI Shadow
PowerDVD 5.7
QuickSet
RealPlayer
Search Assist
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB979365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
Skype Toolbars
Skypeâ„¢ 4.2
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TestDrive Client
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VZAccess Manager
WebEx
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinZip 14.0
WordPerfect Office 12
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

6/7/2010 12:50:54 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/6/2010 8:39:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments " " in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
6/6/2010 8:37:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/6/2010 8:37:31 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm mfehidk V2IMount
6/6/2010 6:23:31 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
6/6/2010 10:53:37 PM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 001302CE2871 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
6/5/2010 11:25:10 PM, error: Service Control Manager [7022] - The MSCamSvc service hung on starting.
6/5/2010 11:23:10 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
6/5/2010 11:23:10 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
6/4/2010 9:31:27 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service dlcf_device with arguments " " in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}
6/4/2010 9:30:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dlcf_device service to connect.
6/4/2010 9:30:55 PM, error: Service Control Manager [7000] - The dlcf_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/3/2010 8:10:24 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

==== End Of File ===========================

broni · 2010/06/07

You shouldn't be running Combofix on your own.
Which browser is getting redirected?

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

sambaker · 2010/06/07

Both Mozilla Firefox and MS Internet Explorer browsers get redirected.

Here is the Combofix.txt log:

ComboFix 10-06-06.01 - Brandon McGahee 06/06/2010 23:55:38.4.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1504 [GMT -4:00]
Running from: c:\documents and settings\Brandon McGahee\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\rasacd.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 )))))))))))))))))))))))))))))))
.

2010-06-07 02:50 . 2010-06-07 02:50 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-07 02:30 . 2010-06-07 02:49 -------- d-----w- c:\program files\Trojan Remover
2010-06-07 02:30 . 2010-06-07 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-06-07 01:19 . 2010-06-07 02:49 -------- d-----w- C:\RECYCLER(2)
2010-05-28 20:37 . 2010-05-28 20:48 -------- d-----w- c:\program files\WebEx
2010-05-12 21:57 . 2010-05-12 21:57 -------- d-----w- c:\documents and settings\Brandon McGahee\Local Settings\Application Data\WinZip
2010-05-10 07:58 . 2010-05-10 08:02 20854256 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-05-10 07:58 . 2010-05-10 07:58 8405312 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-05-10 07:56 . 2010-05-10 07:56 149000 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-05-10 07:56 . 2010-05-10 07:56 13407072 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-05-10 07:54 . 2010-05-10 07:54 79368 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-05-10 07:54 . 2010-05-10 07:54 64000 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-05-10 07:54 . 2010-05-10 07:54 52288 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-05-10 07:54 . 2010-05-10 07:54 50688 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-05-10 07:54 . 2010-05-10 07:54 49152 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-05-10 07:54 . 2010-05-10 07:54 118784 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-05-09 23:53 . 2010-06-05 14:15 439816 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-07 02:49 . 2008-07-06 07:58 -------- d-----w- c:\program files\CCleaner
2010-06-07 02:49 . 2010-04-08 00:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-07 02:37 . 2010-01-26 21:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-06 10:38 . 2010-02-27 20:44 248504 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-04 04:02 . 2009-09-29 03:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-28 20:38 . 2008-03-20 02:27 -------- d-----w- c:\documents and settings\Brandon McGahee\Application Data\webex
2010-05-12 02:25 . 2008-08-31 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-14 20:28 . 2006-09-28 23:57 -------- d-----w- c:\program files\Dl_cats
2010-04-08 20:42 . 2008-06-27 14:42 4784 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-03-30 04:46 . 2010-04-08 00:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2010-04-08 00:25 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-11 12:38 . 2004-08-10 17:51 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-10 17:50 17408 ------w- c:\windows\system32\corpol.dll
2010-03-11 05:38 . 2010-03-11 05:38 2121728 ---ha-w- C:\SZKGFS.dat
2010-03-09 11:09 . 2004-08-10 17:51 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-09-02 07:42 . 2009-09-01 14:03 18764452 --sha-w- c:\windows\system32\algc.sys
2008-07-12 18:46 . 2008-07-12 18:46 8 --sh--r- c:\windows\system32\D9B31E5078.sys
2010-02-14 08:17 . 2008-07-12 18:46 3140 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-04-07_23.30.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-01-29 08:58 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
- 2007-01-29 08:58 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2010-03-10 16:03 . 2009-05-26 09:01 17272 c:\windows\system32\spmsg.dll
- 2010-03-10 16:03 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2010-01-13 14:01 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
- 2006-08-15 21:54 . 2010-04-07 22:02 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-08-15 21:54 . 2010-06-07 03:14 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-08-15 21:54 . 2010-06-07 03:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-08-15 21:54 . 2010-04-07 22:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-06-07 01:07 . 2010-06-07 03:14 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-03-22 09:34 . 2010-04-07 22:02 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-10 17:50 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
- 2009-10-16 07:03 . 2010-03-10 16:03 35088 c:\windows\Installer\{91120000-0051-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-10-16 07:03 . 2010-05-12 02:25 35088 c:\windows\Installer\{91120000-0051-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-10-16 07:03 . 2010-03-10 16:03 18704 c:\windows\Installer\{91120000-0051-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-10-16 07:03 . 2010-05-12 02:25 18704 c:\windows\Installer\{91120000-0051-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-10-16 07:03 . 2010-05-12 02:25 20240 c:\windows\Installer\{91120000-0051-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-10-16 07:03 . 2010-03-10 16:03 20240 c:\windows\Installer\{91120000-0051-0000-0000-0000000FF1CE}\cagicon.exe
- 2006-08-16 02:03 . 2010-03-10 15:59 90112 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2006-08-16 02:03 . 2010-05-12 02:25 90112 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2006-08-16 02:03 . 2010-05-12 02:25 45056 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2006-08-16 02:03 . 2010-03-10 15:59 45056 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2006-08-16 02:03 . 2010-05-12 02:25 22528 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2006-08-16 02:03 . 2010-03-10 15:59 22528 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2006-08-16 02:03 . 2010-03-10 15:59 30720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2006-08-16 02:03 . 2010-05-12 02:25 30720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2006-08-16 02:03 . 2010-05-12 02:25 16384 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2006-08-16 02:03 . 2010-03-10 15:59 16384 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2006-08-16 02:03 . 2010-05-12 02:25 34304 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2006-08-16 02:03 . 2010-03-10 15:59 34304 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2010-03-10 16:03 . 2010-03-10 16:03 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-04-14 07:06 . 2010-04-14 07:06 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-06-04 02:52 . 2010-06-04 02:52 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-04-14 01:52 . 2008-04-14 00:11 84480 c:\windows\$NtUninstallKB979309$\cabview.dll
+ 2010-04-14 07:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981349\update\spcustom.dll
+ 2010-04-14 07:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981349\spmsg.dll
+ 2010-04-14 07:05 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB980232\update\spcustom.dll
+ 2010-04-14 07:05 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB980232\spmsg.dll
+ 2010-04-14 07:05 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB979683\update\spcustom.dll
+ 2010-04-14 03:27 . 2010-03-05 14:54 16896 c:\windows\$hf_mig$\KB979683\update\mpsyschk.dll
+ 2010-04-14 07:05 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB979683\spmsg.dll
+ 2010-04-14 01:52 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB979309\update\spcustom.dll
+ 2010-04-14 01:52 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB979309\spmsg.dll
+ 2010-01-13 13:48 . 2010-01-13 13:48 86016 c:\windows\$hf_mig$\KB979309\SP3QFE\cabview.dll
+ 2010-04-14 01:52 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB978601\update\spcustom.dll
+ 2010-04-14 01:52 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB978601\spmsg.dll
+ 2010-04-14 07:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978338\update\spcustom.dll
+ 2010-04-14 07:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978338\spmsg.dll
+ 2010-04-14 07:01 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977816\update\spcustom.dll
+ 2010-04-14 07:01 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB977816\spmsg.dll
- 2006-08-16 02:03 . 2010-03-10 15:59 3584 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2006-08-16 02:03 . 2010-05-12 02:25 3584 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2006-08-16 02:03 . 2010-05-12 02:25 8192 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2006-08-16 02:03 . 2010-03-10 15:59 8192 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2006-08-16 02:03 . 2010-05-12 02:25 2560 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2006-08-16 02:03 . 2010-03-10 15:59 2560 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2004-08-10 17:51 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
+ 2009-09-03 08:18 . 2010-06-07 02:50 926452 c:\windows\system32\Restore\rstrlog.dat
+ 2004-08-10 18:02 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
- 2004-08-10 18:02 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
+ 2004-08-10 17:51 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-10 17:51 . 2010-02-24 13:11 455680 c:\windows\system32\drivers\mrxsmb.sys
+ 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-05-09 10:53 . 2010-03-09 11:09 430080 c:\windows\system32\dllcache\vbscript.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-11-12 07:34 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
- 2008-08-13 15:15 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2008-08-13 15:15 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2004-08-10 17:50 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
+ 2009-10-16 07:03 . 2010-05-12 02:25 327952 c:\windows\Installer\{91120000-0051-0000-0000-0000000FF1CE}\visicon.exe
- 2009-10-16 07:03 . 2010-03-10 16:03 327952 c:\windows\Installer\{91120000-0051-0000-0000-0000000FF1CE}\visicon.exe
+ 2009-10-16 07:03 . 2010-05-12 02:25 217864 c:\windows\Installer\{91120000-0051-0000-0000-0000000FF1CE}\misc.exe
- 2009-10-16 07:03 . 2010-03-10 16:03 217864 c:\windows\Installer\{91120000-0051-0000-0000-0000000FF1CE}\misc.exe
+ 2006-08-16 02:03 . 2010-05-12 02:25 114688 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2006-08-16 02:03 . 2010-03-10 15:59 114688 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2006-08-16 02:03 . 2010-03-10 15:59 167936 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2006-08-16 02:03 . 2010-05-12 02:25 167936 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-10-25 14:35 . 2008-10-25 14:35 421744 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\XFUNC.DLL
+ 2008-10-25 14:35 . 2008-10-25 14:35 727936 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\VISWEB.DLL
+ 2008-10-25 14:35 . 2008-10-25 14:35 459616 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\VISUTILS.DLL
+ 2008-10-25 14:35 . 2008-10-25 14:35 564056 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\VISSUPP.DLL
+ 2009-03-06 08:11 . 2009-03-06 08:11 182624 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\VISIO.EXE
+ 2008-11-04 04:56 . 2008-11-04 04:56 386904 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\VISGRF.DLL
+ 2009-03-06 08:11 . 2009-03-06 08:11 140120 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\VISDLGU.DLL
+ 2008-10-25 14:34 . 2008-10-25 14:34 221032 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\VISCOLOR.DLL
+ 2008-10-25 14:34 . 2008-10-25 14:34 966520 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\TIMESOLN.DLL
+ 2008-10-25 14:33 . 2008-10-25 14:33 570728 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\PE.DLL
+ 2008-10-25 14:33 . 2008-10-25 14:33 464768 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\ORGCHWIZ.DLL
+ 2008-10-25 14:33 . 2008-10-25 14:33 325984 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\HVAC.DLL
+ 2008-10-25 14:33 . 2008-10-25 14:33 969568 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\GANTT.DLL
+ 2008-10-25 14:32 . 2008-10-25 14:32 144728 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\DWGCNV.DLL
+ 2008-11-04 04:56 . 2008-11-04 04:56 986992 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\DRILLDWN.DLL
+ 2008-10-25 14:32 . 2008-10-25 14:32 703344 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\DBENGR.DLL
+ 2008-10-25 14:32 . 2008-10-25 14:32 591224 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\BSTORM.DLL
+ 2008-10-25 14:32 . 2008-10-25 14:32 913776 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\AEC.DLL
+ 2006-10-27 02:59 . 2006-10-27 02:59 282928 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.4518\VISSHE.DLL
+ 2008-11-12 07:34 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-04-14 07:02 . 2008-05-09 10:53 430080 c:\windows\$NtUninstallKB981349$\vbscript.dll
+ 2010-04-14 07:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB981349$\spuninst\updspapi.dll
+ 2010-04-14 07:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB981349$\spuninst\spuninst.exe
+ 2010-04-14 07:05 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB980232$\spuninst\updspapi.dll
+ 2010-04-14 07:05 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB980232$\spuninst\spuninst.exe
+ 2010-04-14 07:05 . 2009-12-04 18:22 455424 c:\windows\$NtUninstallKB980232$\mrxsmb.sys
+ 2010-04-14 07:05 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979683$\spuninst\updspapi.dll
+ 2010-04-14 07:05 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979683$\spuninst\spuninst.exe
+ 2010-04-14 01:52 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979309$\spuninst\updspapi.dll
+ 2010-04-14 01:52 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB979309$\spuninst\spuninst.exe
+ 2010-04-14 01:52 . 2008-04-14 00:12 176640 c:\windows\$NtUninstallKB978601$\wintrust.dll
+ 2010-04-14 01:52 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978601$\spuninst\updspapi.dll
+ 2010-04-14 01:52 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB978601$\spuninst\spuninst.exe
+ 2010-04-14 07:02 . 2008-06-20 11:08 225856 c:\windows\$NtUninstallKB978338$\tcpip6.sys
+ 2010-04-14 07:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978338$\spuninst\updspapi.dll
+ 2010-04-14 07:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978338$\spuninst\spuninst.exe
+ 2010-04-14 07:02 . 2008-04-14 00:11 100352 c:\windows\$NtUninstallKB978338$\6to4svc.dll
+ 2010-04-14 07:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977816$\spuninst\updspapi.dll
+ 2010-04-14 07:01 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977816$\spuninst\spuninst.exe
+ 2010-04-14 07:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981349\update\updspapi.dll
+ 2010-04-14 07:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981349\update\update.exe
+ 2010-04-14 07:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981349\spuninst.exe
+ 2010-03-09 11:06 . 2010-03-09 11:06 430080 c:\windows\$hf_mig$\KB981349\SP3QFE\vbscript.dll
+ 2010-04-14 07:05 . 2009-05-26 09:01 382840 c:\windows\$hf_mig$\KB980232\update\updspapi.dll
+ 2010-04-14 07:05 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB980232\update\update.exe
+ 2010-04-14 07:05 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB980232\spuninst.exe
+ 2010-04-14 03:23 . 2010-02-24 11:57 457216 c:\windows\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
+ 2010-04-14 07:05 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979683\update\updspapi.dll
+ 2010-04-14 07:05 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979683\update\update.exe
+ 2010-04-14 07:05 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB979683\spuninst.exe
+ 2010-04-14 01:52 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB979309\update\updspapi.dll
+ 2010-04-14 01:52 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB979309\update\update.exe
+ 2010-04-14 01:52 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB979309\spuninst.exe
+ 2010-04-14 01:52 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978601\update\updspapi.dll
+ 2010-04-14 01:52 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978601\update\update.exe
+ 2010-04-14 01:52 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB978601\spuninst.exe
+ 2009-12-24 06:42 . 2009-12-24 06:42 178176 c:\windows\$hf_mig$\KB978601\SP3QFE\wintrust.dll
+ 2010-04-14 07:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978338\update\updspapi.dll
+ 2010-04-14 07:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978338\update\update.exe
+ 2010-04-14 07:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978338\spuninst.exe
+ 2010-02-11 11:36 . 2010-02-11 11:36 226880 c:\windows\$hf_mig$\KB978338\SP3QFE\tcpip6.sys
+ 2010-02-12 04:27 . 2010-02-12 04:27 100864 c:\windows\$hf_mig$\KB978338\SP3QFE\6to4svc.dll
+ 2010-04-14 07:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB977816\update\updspapi.dll
+ 2010-04-14 07:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB977816\update\update.exe
+ 2010-04-14 07:01 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB977816\spuninst.exe
+ 2004-08-10 17:51 . 2010-02-16 14:08 2146304 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 03:59 . 2010-02-16 13:25 2024448 c:\windows\system32\ntkrnlpa.exe
+ 2008-10-16 02:09 . 2010-02-17 13:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 02:09 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 02:09 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 02:09 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-08-12 19:13 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-08-12 19:13 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2010-02-26 10:09 . 2010-02-26 10:09 8300544 c:\windows\Installer\d20e3c.msp
+ 2010-01-11 20:35 . 2010-01-11 20:35 4480000 c:\windows\Installer\1de0913.msp
+ 2009-10-16 11:08 . 2009-10-16 11:08 2237952 c:\windows\Installer\1de0900.msp
+ 2008-11-21 08:12 . 2008-11-21 08:12 1697648 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\VISFILT.DLL
+ 2008-11-21 08:12 . 2008-11-21 08:12 6224760 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\VISBRGR.DLL
+ 2008-08-26 03:50 . 2008-08-26 03:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\VBE6.DLL
+ 2008-10-25 14:34 . 2008-10-25 14:34 1594216 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\UML.DLL
+ 2009-03-05 00:16 . 2009-03-05 00:16 1848664 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\SG.DLL
+ 2008-10-25 14:33 . 2008-10-25 14:33 1241984 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\ORGCHART.DLL
+ 2008-10-25 14:33 . 2008-10-25 14:33 1179488 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\FACILITY.DLL
+ 2008-10-25 14:32 . 2008-10-25 14:32 1940320 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\DWGDP.DLL
+ 2008-10-16 02:09 . 2010-02-17 13:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 02:09 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 02:09 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 02:09 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-04-14 07:05 . 2009-12-08 19:26 2145280 c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
+ 2010-04-14 07:05 . 2009-12-08 18:43 2023936 c:\windows\$NtUninstallKB979683$\ntkrpamp.exe
+ 2010-04-14 07:05 . 2009-12-08 18:43 2023936 c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
+ 2010-04-14 07:05 . 2009-12-08 19:26 2145280 c:\windows\$NtUninstallKB979683$\ntkrnlmp.exe
+ 2010-04-14 03:27 . 2010-02-16 12:52 2190080 c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
+ 2010-04-14 03:27 . 2010-02-16 12:12 2024448 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrpamp.exe
+ 2010-04-14 03:27 . 2010-02-16 12:12 2066944 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
+ 2010-04-14 03:27 . 2010-02-16 12:50 2146304 c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlmp.exe
+ 2006-08-15 22:56 . 2010-04-30 15:51 32058312 c:\windows\system32\MRT.exe
+ 2010-03-22 20:03 . 2010-03-22 20:03 11732992 c:\windows\Installer\d20e6d.msp
+ 2010-02-04 21:26 . 2010-02-04 21:26 15151616 c:\windows\Installer\d20e64.msp
+ 2010-06-04 02:51 . 2010-06-04 02:51 20242432 c:\windows\Installer\986630.msp
+ 2009-03-06 08:11 . 2009-03-06 08:11 11651440 c:\windows\Installer\$PatchCache$\Managed\00002119150000000000000000F01FEC\12.0.6425\VISLIB.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-04 02:12 556432 ----a-w- c:\progra~1\MICROS~4\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold "= "c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Logitech Vid "= "c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService "= "c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"CaISSDT "= "c:\program files\CA\eTrust Internet Security Suite\caissdt.exe" [2005-12-29 165416]
"eTrustPPAP "= "c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2006-11-24 258048]
"IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"BCSSync "= "c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
"LifeCam "= "c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-20 198160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8051v2\Belkinwcui.exe [2008-5-16 1581056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-10 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
chkdsmui REG_SZ c:\windows\system32\icarhone.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
"DisableNotifications "= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\utorrent\\utorrent.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\America Online 9.0\\waol.exe "=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe "=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/2/2009 3:16 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2/27/2010 4:22 PM 30560]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 1:23 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 12:08 PM 174336]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 5:28 AM 4639136]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 8:03 PM 32408]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [4/3/2006 6:12 PM 14032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-06-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 20:16]

2010-04-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-08 16:22]

2010-06-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-08 16:22]

2010-06-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12]
.
.
------- Supplementary Scan -------
.
uStart Page = www.msn.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: musicmatch.com\online
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\
FF - plugin: c:\progra~1\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-07 00:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8920FEC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74c6852
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7433bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7422a0d
SendHandler -> NDIS.sys @ 0xf7436b40
user & kernel MBR OK
copy of MBR has been found in sector 62 !
PE file found in sector at 0x0B77F389 !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ãƒ*J*¬ \$»»]
"Q "=hex:51

[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ãƒ*J*¬ \Ãƒ#$]
"Q "=hex:51

[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ãƒ*J*¬ \ÃE¼]
"Q "=hex:51
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(848)
c:\windows\system32\WININET.dll
.
Completion time: 2010-06-07 00:09:34
ComboFix-quarantined-files.txt 2010-06-07 04:09

Pre-Run: 40,355,553,280 bytes free
Post-Run: 40,361,656,320 bytes free

- - End Of File - - EDA999251FF2D8569485168F361D00CB

broni · 2010/06/07

Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

sambaker · 2010/06/09

I had some problems with GMER. It would not run the scan in Normal Mode without crashing my system (blue screen). So I ran the scan in Safe Mode. After scanning for 10+ hours, it finally completed. However, when I clicked on the "Save" button to save the log, the system froze. I waited about 30-45 minutes before deciding that it was not just "thinking" and that it was not going to let me save the log. I had scrolled down to the bottom of the log before I clicked "Save ", so the bottom of the log from the complete scan was visible. I wrote down what I could see on the screen. Some columns were cut off and I could not see the complete width of all of the columns. I manually transcribed the data from the bottom of this log into Notepad.

After I wrote down what I could see, I rebooted and then started GMER again. I captured a log of data before initiating the scan. Then I started a new scan. I stopped it a few minutes into this scan (before it gave me the blue screen again) and captured this partial scan log.

I am attaching these three logs. Hopefully this piece-meal approach of trying to capture the GMER log will help. Either way, let me know what to do next. I don't think I am going to be able to run a full GMER scan and be able to capture the log successfully at the end.

Here is the bottom of the manually-produced log from the completed GMER scan:

Type Name Value

AttachedDevice \FileSystem\Ntfs \Ntfs SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Ftdisk\Device\HarddiskVolume1 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk\Device\HarddiskVolume2 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk\Device\HarddiskVolume3 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk\Device\HarddiskVolume4 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat\Fat B8EA1D20

AttachedDevice -> \Driver\atapi \Device\Harddisk0\DR0 8920EEC5

Reg HKLM\SYSTEM\CurrentControlSet\Services\NetBT... 10.45.192.81?10.45.192.80?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\... 10.45.192.80 10.45.192.81
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\... columbia.csc
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\... 345597
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\... 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\... 10.45.192.80 10.45.192.81
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\... 10.45.80.1?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\... columbia.csc
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\... 255.255.254.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\{CC41... 10.45.80.1?
Reg HKLM\SYSTEM\CurrentControlSet\Services\{CC41... 255.255.254.0?

Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

File C:\WINDOWS\system32\DRIVERS\rasacd.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

Here is the GMER log I captured before starting a subsequent scan:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-09 00:51:23
Windows 5.1.2600 Service Pack 3
Running: k1uo4f6j.exe; Driver: C:\DOCUME~1\BRANDO~1\LOCALS~1\Temp\pxldqpob.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAFF6778A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAFF67738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAFF6774C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAFF67837]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAFF67863]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xAFF678D1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xAFF678BB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAFF677CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAFF678FD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xAFF6780D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAFF67710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAFF67724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAFF6779E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xAFF67939]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAFF678A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xAFF6788F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAFF6784D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAFF67925]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAFF67911]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAFF67776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAFF67762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAFF677F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAFF678E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAFF677E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAFF677B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 88C91EC5

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

And here is the log resulting from the partial GMER scan:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-09 01:15:38
Windows 5.1.2600 Service Pack 3
Running: k1uo4f6j.exe; Driver: C:\DOCUME~1\BRANDO~1\LOCALS~1\Temp\pxldqpob.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB005878A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB0058738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB005874C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB0058837]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB0058863]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB00588D1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB00588BB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB00587CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB00588FD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB005880D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB0058710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB0058724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB005879E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB0058939]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB00588A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB005888F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB005884D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB0058925]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB0058911]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB0058776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB0058762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB00587F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB00588E7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB00587E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB00587B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AF4 7 Bytes JMP B00587B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP B005878E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B1FE6 7 Bytes JMP B00587CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2DF4 5 Bytes JMP B00587E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83CA 7 Bytes JMP B00587A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB3FA 5 Bytes JMP B0058714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB686 5 Bytes JMP B0058728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE44 5 Bytes JMP B0058766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP B0058750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805D11EA 5 Bytes JMP B005873C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D16F4 5 Bytes JMP B005877A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D2982 5 Bytes JMP B00587FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219EC 7 Bytes JMP B0058893 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622064 2 Bytes JMP B00588EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey + 3 80622067 4 Bytes [A3, 2F, 90, 90]
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80622916 7 Bytes JMP B00588A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 806231EA 7 Bytes JMP B0058851 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 80623C64 7 Bytes JMP B005883B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623E34 7 Bytes JMP B0058867 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80624014 7 Bytes JMP B00588D5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062427E 7 Bytes JMP B00588BF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 80624BA6 5 Bytes JMP B0058811 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624EE8 7 Bytes JMP B005893D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 806251A8 5 Bytes JMP B0058915 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062589C 5 Bytes JMP B0058929 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 806259B6 5 Bytes JMP B0058901 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.rsrc C:\WINDOWS\system32\DRIVERS\rasacd.sys entry point in ".rsrc" section [0xBA551C14]

---- Devices - GMER 1.0.15 ----

Device -> \Driver\atapi \Device\Harddisk0\DR0 88CC0EC5

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\DRIVERS\rasacd.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

broni · 2010/06/09

Good enough. Thanks

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
When it is done, a log file should be created on your C: drive called TDSSKiller.txt please copy and paste the contents of that file here.

sambaker · 2010/06/09

OK. I downloaded TDSSKiller and ran the recommended process. It completed with a message that an issue was identified and would be cured on reboot. Rebooting now.

Here is the log:

00:39:41:093 4892 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
00:39:41:093 4892 ================================================================================
00:39:41:093 4892 SystemInfo:

00:39:41:093 4892 OS Version: 5.1.2600 ServicePack: 3.0
00:39:41:093 4892 Product type: Workstation
00:39:41:093 4892 ComputerName: BRANDON
00:39:41:093 4892 UserName: Brandon McGahee
00:39:41:093 4892 Windows directory: C:\WINDOWS
00:39:41:093 4892 Processor architecture: Intel x86
00:39:41:093 4892 Number of processors: 2
00:39:41:093 4892 Page size: 0x1000
00:39:41:093 4892 Boot type: Normal boot
00:39:41:093 4892 ================================================================================
00:39:41:468 4892 Initialize success
00:39:41:468 4892
00:39:41:468 4892 Scanning Services ...
00:39:41:937 4892 Raw services enum returned 439 services
00:39:41:968 4892
00:39:41:968 4892 Scanning Drivers ...
00:39:42:515 4892 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
00:39:42:687 4892 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:39:42:718 4892 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:39:42:796 4892 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
00:39:42:921 4892 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:39:42:968 4892 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
00:39:43:250 4892 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
00:39:43:328 4892 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
00:39:43:437 4892 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
00:39:43:531 4892 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
00:39:43:640 4892 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
00:39:43:828 4892 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
00:39:43:937 4892 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
00:39:44:093 4892 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
00:39:44:125 4892 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
00:39:44:140 4892 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
00:39:44:218 4892 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
00:39:44:437 4892 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:39:44:484 4892 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
00:39:44:656 4892 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
00:39:44:781 4892 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
00:39:44:937 4892 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:39:44:984 4892 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:39:45:125 4892 ati2mtag (bebeb471617782d138b6f92e7c3fab1c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
00:39:45:218 4892 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:39:45:265 4892 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:39:45:281 4892 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
00:39:45:406 4892 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:39:45:468 4892 btaudio (8893ae0b6b9b60e0521a60e8b2160216) C:\WINDOWS\system32\drivers\btaudio.sys
00:39:45:671 4892 BTDriver (fde318e3569f57264af74b7e431f60ae) C:\WINDOWS\system32\DRIVERS\btport.sys
00:39:45:734 4892 BTKRNL (9c3c8b9e2eda516eb44b51dab81dbd68) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
00:39:45:906 4892 BTSERIAL (089f7526ff41c17b0a43896d0553d5a2) C:\WINDOWS\system32\drivers\btserial.sys
00:39:46:046 4892 BTWDNDIS (28531ab3183f498e58d93d585e6a6b70) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
00:39:46:171 4892 btwhid (c5c0e21c67089f053b964e0a8b8adbac) C:\WINDOWS\system32\DRIVERS\btwhid.sys
00:39:46:250 4892 btwmodem (7d295223c172ab4d61dc256721b2f09e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
00:39:46:421 4892 BTWUSB (56c701580f2891952761362ba7594b3d) C:\WINDOWS\system32\Drivers\btwusb.sys
00:39:46:671 4892 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
00:39:46:687 4892 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:39:46:734 4892 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:39:46:812 4892 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
00:39:46:921 4892 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:39:46:953 4892 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:39:47:015 4892 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:39:47:046 4892 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:39:47:078 4892 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
00:39:47:140 4892 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:39:47:187 4892 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
00:39:47:218 4892 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
00:39:47:250 4892 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
00:39:47:359 4892 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:39:47:453 4892 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:39:47:593 4892 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:39:47:640 4892 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:39:47:671 4892 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:39:47:718 4892 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
00:39:47:765 4892 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:39:47:812 4892 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
00:39:47:937 4892 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
00:39:48:109 4892 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
00:39:48:187 4892 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
00:39:48:281 4892 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
00:39:48:421 4892 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:39:48:437 4892 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:39:48:500 4892 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
00:39:48:796 4892 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:39:48:828 4892 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:39:48:875 4892 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:39:48:921 4892 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:39:48:953 4892 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:39:49:000 4892 GearAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\drivers\GearAspiWDM.sys
00:39:49:250 4892 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:39:49:296 4892 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:39:49:343 4892 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
00:39:49:531 4892 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
00:39:49:687 4892 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
00:39:49:890 4892 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:39:49:921 4892 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
00:39:49:953 4892 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
00:39:50:000 4892 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:39:50:015 4892 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:39:50:046 4892 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
00:39:50:218 4892 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:39:50:265 4892 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:39:50:296 4892 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:39:50:328 4892 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:39:50:359 4892 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:39:50:406 4892 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:39:50:437 4892 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:39:50:531 4892 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:39:50:562 4892 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:39:50:578 4892 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:39:50:609 4892 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:39:50:656 4892 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
00:39:50:734 4892 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:39:50:781 4892 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:39:50:812 4892 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
00:39:50:859 4892 lvpopflt (6d994fa3d541b63eaccf4f2b3f42b2e1) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
00:39:51:062 4892 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
00:39:51:218 4892 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
00:39:51:453 4892 lvselsus (6e59bc28a41f8a2b702d345a5604652f) C:\WINDOWS\system32\DRIVERS\lvselsus.sys
00:39:51:625 4892 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
00:39:51:921 4892 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
00:39:54:000 4892 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:39:54:171 4892 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
00:39:54:390 4892 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
00:39:54:468 4892 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
00:39:54:562 4892 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
00:39:54:656 4892 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
00:39:54:812 4892 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:39:54:843 4892 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:39:54:890 4892 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:39:54:921 4892 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:39:54:953 4892 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:39:54:984 4892 MPFP (136157e79849b9e5316ba4008d6075a8) C:\WINDOWS\system32\Drivers\Mpfp.sys
00:39:55:265 4892 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
00:39:55:359 4892 MRVW245 (be92f1eefdb3d9d231f3496b3cf007cc) C:\WINDOWS\system32\DRIVERS\MRVW245.sys
00:39:55:562 4892 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:39:55:640 4892 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:39:55:796 4892 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:39:55:843 4892 MSHUSBVideo (29e0ec2a9dc4c7913657a51dfff97856) C:\WINDOWS\system32\Drivers\nx6000.sys
00:39:55:921 4892 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:39:55:953 4892 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:39:56:062 4892 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:39:56:109 4892 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:39:56:140 4892 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:39:56:187 4892 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
00:39:56:281 4892 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:39:56:562 4892 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:39:56:609 4892 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
00:39:56:796 4892 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:39:56:828 4892 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:39:56:953 4892 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:39:56:968 4892 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:39:57:000 4892 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
00:39:57:046 4892 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:39:57:078 4892 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:39:57:187 4892 NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
00:39:57:453 4892 NETw4x32 (88100ebdd10309fbd445ef8e42452eae) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
00:39:57:609 4892 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:39:57:640 4892 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:39:57:671 4892 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:39:57:718 4892 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:39:57:812 4892 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:39:58:015 4892 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
00:39:58:046 4892 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:39:58:078 4892 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:39:58:093 4892 NWUSBCDFIL (1fde5b2d61d97d803594df4b3bc28c4b) C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
00:39:58:265 4892 NWUSBModem (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
00:39:58:453 4892 NWUSBPort (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
00:39:58:531 4892 NWUSBPort2 (65b471bb7e57c416a1e685ec07d4abfa) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
00:39:58:609 4892 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:39:58:640 4892 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
00:39:58:828 4892 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:39:58:843 4892 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:39:58:859 4892 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:39:58:875 4892 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:39:58:937 4892 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:39:58:984 4892 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:39:59:062 4892 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
00:39:59:234 4892 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
00:39:59:312 4892 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:39:59:328 4892 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:39:59:343 4892 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:39:59:375 4892 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:39:59:406 4892 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
00:39:59:437 4892 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
00:39:59:546 4892 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
00:39:59:578 4892 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
00:39:59:640 4892 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
00:39:59:687 4892 RasAcd (5c31ed2ba88fe330bcac104c101a3aa1) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:39:59:687 4892 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rasacd.sys. Real md5: 5c31ed2ba88fe330bcac104c101a3aa1, Fake md5: fe0d99d6f31e4fad8159f690d68ded9c
00:39:59:687 4892 File "C:\WINDOWS\system32\DRIVERS\rasacd.sys" infected by TDSS rootkit ... 00:40:00:062 4892 Backup copy found, using it..
00:40:00:093 4892 will be cured on next reboot
00:40:00:250 4892 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:40:00:265 4892 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:40:00:312 4892 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:40:00:359 4892 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:40:00:390 4892 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:40:00:421 4892 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:40:00:546 4892 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
00:40:00:640 4892 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:40:00:718 4892 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
00:40:00:921 4892 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
00:40:01:234 4892 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
00:40:01:593 4892 s24trans (c26a053e4db47f6cdd8653c83aaf22ee) C:\WINDOWS\system32\DRIVERS\s24trans.sys
00:40:01:734 4892 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
00:40:01:953 4892 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:40:02:046 4892 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:40:02:125 4892 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
00:40:02:234 4892 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
00:40:02:296 4892 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
00:40:02:359 4892 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:40:02:578 4892 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
00:40:02:687 4892 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:40:02:875 4892 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
00:40:03:203 4892 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
00:40:03:250 4892 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:40:03:375 4892 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:40:03:437 4892 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
00:40:03:453 4892 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
00:40:03:531 4892 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
00:40:03:781 4892 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
00:40:04:609 4892 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:40:04:671 4892 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:40:05:015 4892 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:40:05:062 4892 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
00:40:05:312 4892 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
00:40:05:546 4892 symlcbrd (5220576ee29bea7c18dff9ecabf18bbc) C:\WINDOWS\system32\drivers\symlcbrd.sys
00:40:05:734 4892 SymSnap (3ce7bf283c3e43d6be0191423482069d) C:\WINDOWS\system32\drivers\SymSnap.sys
00:40:06:171 4892 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
00:40:06:593 4892 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
00:40:07:140 4892 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
00:40:07:593 4892 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:40:07:984 4892 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:40:08:640 4892 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:40:09:109 4892 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:40:09:750 4892 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:40:10:500 4892 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
00:40:11:093 4892 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
00:40:11:265 4892 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
00:40:11:578 4892 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
00:40:11:640 4892 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
00:40:11:843 4892 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
00:40:12:015 4892 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
00:40:12:125 4892 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
00:40:12:203 4892 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
00:40:12:343 4892 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
00:40:12:718 4892 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:40:12:796 4892 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
00:40:12:968 4892 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:40:13:031 4892 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:40:13:093 4892 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:40:13:156 4892 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:40:13:265 4892 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:40:13:312 4892 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:40:13:609 4892 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:40:13:703 4892 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:40:13:968 4892 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
00:40:14:328 4892 V2IMount (618796b1d9a98da9cf71b2894ae18ef2) C:\WINDOWS\system32\drivers\V2IMount.sys
00:40:14:843 4892 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:40:15:031 4892 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
00:40:15:203 4892 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
00:40:15:375 4892 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:40:15:953 4892 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
00:40:17:968 4892 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:40:18:500 4892 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
00:40:18:687 4892 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:40:18:765 4892 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
00:40:19:437 4892 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
00:40:19:640 4892 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:40:19:718 4892 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:40:19:875 4892 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:40:20:375 4892 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:40:20:390 4892 Reboot required for cure complete..
00:40:20:828 4892 Cure on reboot scheduled successfully
00:40:20:828 4892
00:40:20:828 4892 Completed
00:40:20:828 4892
00:40:20:828 4892 Results:
00:40:20:828 4892 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
00:40:20:828 4892 File objects infected / cured / cured on reboot: 1 / 0 / 1
00:40:20:828 4892
00:40:20:828 4892 KLMD(ARK) unloaded successfully

broni · 2010/06/09

Delete your Combofix file, download fresh one and post new log.

sambaker · 2010/06/10

OK. Old Combofix deleted. New Combofix downloaded and executed. New log posted here:

ComboFix 10-06-09.02 - Brandon McGahee 06/10/2010 1:24.5.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1701 [GMT -4:00]
Running from: c:\documents and settings\Brandon McGahee\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Brandon McGahee\Start Menu\Programs\Protection Center
c:\documents and settings\Brandon McGahee\Start Menu\Programs\Protection Center\About.lnk
c:\documents and settings\Brandon McGahee\Start Menu\Programs\Protection Center\Activate.lnk
c:\documents and settings\Brandon McGahee\Start Menu\Programs\Protection Center\Buy.lnk
c:\documents and settings\Brandon McGahee\Start Menu\Programs\Protection Center\Protection Center Support.lnk
c:\documents and settings\Brandon McGahee\Start Menu\Programs\Protection Center\Protection Center.lnk
c:\documents and settings\Brandon McGahee\Start Menu\Programs\Protection Center\Scan.lnk
c:\documents and settings\Brandon McGahee\Start Menu\Programs\Protection Center\Settings.lnk
c:\documents and settings\Brandon McGahee\Start Menu\Programs\Protection Center\Update.lnk
c:\program files\Protection Center
c:\program files\Protection Center\about.ico
c:\program files\Protection Center\activate.ico
c:\program files\Protection Center\buy.ico
c:\program files\Protection Center\cnt.db
c:\program files\Protection Center\cntext.dll
c:\program files\Protection Center\cnthook.dll
c:\program files\Protection Center\help.ico
c:\program files\Protection Center\scan.ico
c:\program files\Protection Center\settings.ico
c:\program files\Protection Center\Uninstall.exe
c:\program files\Protection Center\update.ico

.
((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 )))))))))))))))))))))))))))))))
.

2010-06-10 01:43 . 2010-06-10 01:43 -------- d--h--w- c:\windows\PIF
2010-06-07 02:50 . 2010-06-07 02:50 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-07 02:30 . 2010-06-07 02:49 -------- d-----w- c:\program files\Trojan Remover
2010-06-07 02:30 . 2010-06-07 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-06-07 01:19 . 2010-06-07 02:49 -------- d-----w- C:\RECYCLER(2)
2010-05-28 20:37 . 2010-05-28 20:48 -------- d-----w- c:\program files\WebEx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 04:54 . 2004-08-10 17:51 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys
2010-06-10 04:36 . 2010-03-16 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-06-07 17:02 . 2010-02-27 20:44 248504 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-07 02:49 . 2008-07-06 07:58 -------- d-----w- c:\program files\CCleaner
2010-06-07 02:49 . 2010-04-08 00:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-07 02:37 . 2010-01-26 21:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-05 14:15 . 2010-05-09 23:53 439816 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\setup.exe
2010-06-04 04:02 . 2009-09-29 03:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-28 20:38 . 2008-03-20 02:27 -------- d-----w- c:\documents and settings\Brandon McGahee\Application Data\webex
2010-05-12 02:25 . 2008-08-31 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-10 08:02 . 2010-05-10 07:58 20854256 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-05-10 07:58 . 2010-05-10 07:58 8405312 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-05-10 07:56 . 2010-05-10 07:56 149000 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-05-10 07:56 . 2010-05-10 07:56 13407072 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-05-10 07:54 . 2010-05-10 07:54 79368 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-05-10 07:54 . 2010-05-10 07:54 64000 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-05-10 07:54 . 2010-05-10 07:54 52288 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-05-10 07:54 . 2010-05-10 07:54 50688 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-05-10 07:54 . 2010-05-10 07:54 49152 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-05-10 07:54 . 2010-05-10 07:54 118784 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-04-14 20:28 . 2006-09-28 23:57 -------- d-----w- c:\program files\Dl_cats
2010-04-08 20:42 . 2008-06-27 14:42 4784 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-03-30 04:46 . 2010-04-08 00:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2010-04-08 00:25 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-02 07:42 . 2009-09-01 14:03 18764452 --sha-w- c:\windows\system32\algc.sys
2008-07-12 18:46 . 2008-07-12 18:46 8 --sh--r- c:\windows\system32\D9B31E5078.sys
2010-02-14 08:17 . 2008-07-12 18:46 3140 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-06-07_04.05.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-15 21:54 . 2010-06-10 05:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-08-15 21:54 . 2010-06-07 03:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-06-07 07:14 . 2010-06-10 05:09 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-06-07 01:07 . 2010-06-07 03:14 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-06-10 04:32 . 2010-06-10 04:32 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}\IconCD95F6617.exe
+ 2010-06-10 04:32 . 2010-06-10 04:32 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}\IconCD95F66110.exe
+ 2010-06-10 04:32 . 2010-06-10 04:32 1544192 c:\windows\Installer\14ba19.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-04 02:12 556432 ----a-w- c:\progra~1\MICROS~4\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold "= "c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Logitech Vid "= "c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService "= "c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"CaISSDT "= "c:\program files\CA\eTrust Internet Security Suite\caissdt.exe" [2005-12-29 165416]
"eTrustPPAP "= "c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2006-11-24 258048]
"IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"BCSSync "= "c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
"LifeCam "= "c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-20 198160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8051v2\Belkinwcui.exe [2008-5-16 1581056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-10 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
chkdsmui REG_SZ c:\windows\system32\icarhone.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
"DisableNotifications "= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\utorrent\\utorrent.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\America Online 9.0\\waol.exe "=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe "=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/2/2009 3:16 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2/27/2010 4:22 PM 30560]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 1:23 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 12:08 PM 174336]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 5:28 AM 4639136]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 8:03 PM 32408]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [4/3/2006 6:12 PM 14032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-06-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 20:16]

2010-04-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-08 16:22]

2010-06-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-08 16:22]

2010-06-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12]
.
.
------- Supplementary Scan -------
.
uStart Page = www.msn.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: musicmatch.com\online
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\
FF - plugin: c:\progra~1\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-10 01:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ãƒ*J*¬ \$»»]
"Q "=hex:51

[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ãƒ*J*¬ \Ãƒ#$]
"Q "=hex:51

[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ãƒ*J*¬ \ÃE¼]
"Q "=hex:51
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-06-10 01:31:17
ComboFix-quarantined-files.txt 2010-06-10 05:31
ComboFix2.txt 2010-06-07 04:09

Pre-Run: 40,225,243,136 bytes free
Post-Run: 40,476,020,736 bytes free

- - End Of File - - 85F6BC03696AACABA7F8161F67E589BD

broni · 2010/06/10

How is redirection issue?

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\D9B31E5078.sys

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
 "AntiVirusOverride "=-
 "FirewallOverride "=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
 "DisableMonitoring "=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
 "DisableMonitoring "=-
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

sambaker · 2010/06/11

The redirection issue appears to be resolved now. I have not been redirected to another site since I ran TDSSKiller. I really appreciate your help thus far.

Below is the latest ComboFix.txt log file that you requested. I have to submit it in two posts since it is too long.

ComboFix 10-06-10.03 - Brandon McGahee 06/11/2010 1:28.6.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1700 [GMT -4:00]
Running from: c:\documents and settings\Brandon McGahee\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Brandon McGahee\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\system32\D9B31E5078.sys "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\D9B31E5078.sys

.
((((((((((((((((((((((((( Files Created from 2010-05-11 to 2010-06-11 )))))))))))))))))))))))))))))))
.

2010-06-11 00:51 . 2010-06-11 00:51 -------- d-----w- C:\213c80716cca07710038
2010-06-10 01:43 . 2010-06-10 01:43 -------- d--h--w- c:\windows\PIF
2010-06-07 02:50 . 2010-06-07 02:50 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-07 02:30 . 2010-06-07 02:49 -------- d-----w- c:\program files\Trojan Remover
2010-06-07 02:30 . 2010-06-07 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-06-07 01:19 . 2010-06-07 02:49 -------- d-----w- C:\RECYCLER(2)
2010-05-28 20:37 . 2010-05-28 20:48 -------- d-----w- c:\program files\WebEx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 04:50 . 2008-08-31 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-11 00:54 . 2008-06-27 14:42 4766 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-06-10 04:54 . 2004-08-10 17:51 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys
2010-06-10 04:36 . 2010-03-16 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-06-07 02:49 . 2008-07-06 07:58 -------- d-----w- c:\program files\CCleaner
2010-06-07 02:49 . 2010-04-08 00:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-07 02:37 . 2010-01-26 21:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-05 14:15 . 2010-05-09 23:53 439816 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\setup.exe
2010-06-04 04:02 . 2009-09-29 03:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-28 20:38 . 2008-03-20 02:27 -------- d-----w- c:\documents and settings\Brandon McGahee\Application Data\webex
2010-05-10 08:02 . 2010-05-10 07:58 20854256 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-05-10 07:58 . 2010-05-10 07:58 8405312 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-05-10 07:56 . 2010-05-10 07:56 149000 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-05-10 07:56 . 2010-05-10 07:56 13407072 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-05-10 07:54 . 2010-05-10 07:54 79368 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-05-10 07:54 . 2010-05-10 07:54 64000 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-05-10 07:54 . 2010-05-10 07:54 52288 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-05-10 07:54 . 2010-05-10 07:54 50688 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-05-10 07:54 . 2010-05-10 07:54 49152 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-05-10 07:54 . 2010-05-10 07:54 118784 ----a-w- c:\documents and settings\Brandon McGahee\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-05-04 17:20 . 2004-08-10 17:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-10 17:50 17408 ------w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2004-08-10 17:51 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-10 17:50 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 20:28 . 2006-09-28 23:57 -------- d-----w- c:\program files\Dl_cats
2010-03-30 04:46 . 2010-04-08 00:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2010-04-08 00:25 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-02 07:42 . 2009-09-01 14:03 18764452 --sha-w- c:\windows\system32\algc.sys
2010-02-14 08:17 . 2008-07-12 18:46 3140 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-06-07_04.05.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-10 16:03 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2010-03-10 16:03 . 2009-05-26 09:01 17272 c:\windows\system32\spmsg.dll
- 2004-08-10 17:51 . 2010-03-11 12:38 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-10 17:51 . 2010-05-04 17:20 44544 c:\windows\system32\pngfilt.dll
+ 2009-11-06 02:17 . 2009-11-06 02:17 11600 c:\windows\system32\mui\0409\mscorees.dll
- 2006-11-08 02:03 . 2010-03-11 12:38 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 02:03 . 2010-05-04 17:20 52224 c:\windows\system32\msfeedsbs.dll
+ 2004-08-10 17:51 . 2010-05-04 17:20 27648 c:\windows\system32\jsproxy.dll
- 2004-08-10 17:51 . 2010-03-11 12:38 27648 c:\windows\system32\jsproxy.dll
+ 2006-11-07 08:26 . 2010-05-04 12:39 13824 c:\windows\system32\ieudinit.exe
- 2006-11-07 08:26 . 2010-03-10 13:18 13824 c:\windows\system32\ieudinit.exe
- 2004-08-10 17:51 . 2010-03-11 12:38 44544 c:\windows\system32\iernonce.dll
+ 2004-08-10 17:51 . 2010-05-04 17:20 44544 c:\windows\system32\iernonce.dll
+ 2004-08-10 17:51 . 2010-05-04 12:39 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-10 17:51 . 2010-03-10 13:18 70656 c:\windows\system32\ie4uinit.exe
- 2006-10-17 16:58 . 2010-03-11 12:38 63488 c:\windows\system32\icardie.dll
+ 2006-10-17 16:58 . 2010-05-04 17:20 63488 c:\windows\system32\icardie.dll
+ 2006-08-10 15:41 . 2010-05-04 17:20 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2006-08-10 15:41 . 2010-03-11 12:38 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2007-05-09 05:01 . 2010-05-04 17:20 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-05-09 05:01 . 2010-03-11 12:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-08-10 15:41 . 2010-05-04 17:20 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2006-08-10 15:41 . 2010-03-11 12:38 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-05-09 05:01 . 2010-05-04 12:39 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-05-09 05:01 . 2010-03-10 13:18 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2006-11-07 08:26 . 2010-03-11 12:38 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2006-11-07 08:26 . 2010-05-04 17:20 44544 c:\windows\system32\dllcache\iernonce.dll
- 2009-02-20 18:09 . 2010-03-11 12:38 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2009-02-20 18:09 . 2010-05-04 17:20 78336 c:\windows\system32\dllcache\ieencode.dll
- 2006-11-07 08:26 . 2010-03-10 13:18 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-11-07 08:26 . 2010-05-04 12:39 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-20 10:04 . 2010-05-04 17:20 63488 c:\windows\system32\dllcache\icardie.dll
- 2007-08-20 10:04 . 2010-03-11 12:38 63488 c:\windows\system32\dllcache\icardie.dll
- 2009-06-29 16:12 . 2010-03-11 12:38 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-06-29 16:12 . 2010-05-04 17:20 17408 c:\windows\system32\dllcache\corpol.dll
+ 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2010-06-10 09:29 . 2010-06-11 05:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-08-15 21:54 . 2010-06-07 03:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-08-15 21:54 . 2010-06-11 05:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-06-10 09:29 . 2010-06-11 05:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-06-07 01:07 . 2010-06-07 03:14 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-10 17:50 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
- 2008-07-29 23:16 . 2008-07-29 23:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2010-03-23 09:31 . 2010-03-23 09:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-04-01 15:42 . 2010-04-01 15:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-03-31 19:32 . 2010-03-31 19:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-03-31 19:32 . 2010-03-31 19:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
- 2003-02-21 00:19 . 2003-02-21 00:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-06-10 04:32 . 2010-06-10 04:32 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}\IconCD95F6617.exe
- 2009-10-16 07:03 . 2010-05-12 02:25 35088 c:\windows\Installer\{91120000-0051-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-10-16 07:03 . 2010-06-11 04:50 35088 c:\windows\Installer\{91120000-0051-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-10-16 07:03 . 2010-06-11 04:50 18704 c:\windows\Installer\{91120000-0051-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-10-16 07:03 . 2010-05-12 02:25 18704 c:\windows\Installer\{91120000-0051-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-10-16 07:03 . 2010-06-11 04:50 20240 c:\windows\Installer\{91120000-0051-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-10-16 07:03 . 2010-05-12 02:25 20240 c:\windows\Installer\{91120000-0051-0000-0000-0000000FF1CE}\cagicon.exe
- 2006-08-16 02:03 . 2010-05-12 02:25 90112 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2006-08-16 02:03 . 2010-06-11 00:47 90112 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2006-08-16 02:03 . 2010-06-11 00:47 45056 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2006-08-16 02:03 . 2010-05-12 02:25 45056 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2006-08-16 02:03 . 2010-05-12 02:25 22528 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2006-08-16 02:03 . 2010-06-11 00:47 22528 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2006-08-16 02:03 . 2010-06-11 00:47 30720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2006-08-16 02:03 . 2010-05-12 02:25 30720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2006-08-16 02:03 . 2010-05-12 02:25 16384 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2006-08-16 02:03 . 2010-06-11 00:47 16384 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2006-08-16 02:03 . 2010-05-12 02:25 34304 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2006-08-16 02:03 . 2010-06-11 00:47 34304 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2010-06-11 04:50 . 2010-06-11 04:50 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-04-14 07:06 . 2010-04-14 07:06 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-06-11 00:48 . 2010-03-11 12:38 44544 c:\windows\ie7updates\KB982381-IE7\pngfilt.dll
+ 2010-06-11 00:48 . 2010-03-11 12:38 52224 c:\windows\ie7updates\KB982381-IE7\msfeedsbs.dll
+ 2010-06-11 00:48 . 2010-03-11 12:38 27648 c:\windows\ie7updates\KB982381-IE7\jsproxy.dll
+ 2010-06-11 00:48 . 2010-03-10 13:18 13824 c:\windows\ie7updates\KB982381-IE7\ieudinit.exe
+ 2010-06-11 00:48 . 2010-03-11 12:38 44544 c:\windows\ie7updates\KB982381-IE7\iernonce.dll
+ 2010-06-11 00:48 . 2010-03-11 12:38 78336 c:\windows\ie7updates\KB982381-IE7\ieencode.dll
+ 2010-06-11 00:48 . 2010-03-10 13:18 70656 c:\windows\ie7updates\KB982381-IE7\ie4uinit.exe
+ 2010-06-11 00:48 . 2010-03-11 12:38 63488 c:\windows\ie7updates\KB982381-IE7\icardie.dll
+ 2010-06-11 00:48 . 2010-03-11 12:38 17408 c:\windows\ie7updates\KB982381-IE7\corpol.dll
+ 2010-06-11 04:52 . 2010-06-11 04:52 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_70cb8c42\System.Drawing.Design.dll
+ 2010-06-11 04:52 . 2010-06-11 04:52 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_664beed3\CustomMarshalers.dll
+ 2010-06-11 04:39 . 2010-06-11 04:39 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\02b365a9feaaddc91d9c78ee98c701a5\PresentationFontCache.ni.exe
+ 2010-06-11 04:38 . 2010-06-11 04:38 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\e481d8a22fbc00feb6f0f5bc7373007d\PresentationCFFRasterizer.ni.dll
+ 2010-06-11 00:54 . 2010-06-11 00:54 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\6be27d744e6e2bfc4b0e25bd2998ef7c\PresentationCFFRasterizer.ni.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-06-11 00:54 . 2010-06-11 00:54 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2009-09-30 07:07 . 2009-09-30 07:07 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-06-11 04:51 . 2010-06-11 04:51 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2006-08-16 02:03 . 2010-06-11 00:47 3584 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2006-08-16 02:03 . 2010-05-12 02:25 3584 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2006-08-16 02:03 . 2010-06-11 00:47 8192 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2006-08-16 02:03 . 2010-05-12 02:25 8192 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2006-08-16 02:03 . 2010-06-11 00:47 2560 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2006-08-16 02:03 . 2010-05-12 02:25 2560 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2010-06-11 00:53 . 2010-06-11 00:53 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-10-16 07:08 . 2009-10-16 07:08 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-10-16 07:08 . 2009-10-16 07:08 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2004-08-10 17:51 . 2010-03-11 12:38 233472 c:\windows\system32\webcheck.dll
+ 2004-08-10 17:51 . 2010-05-04 17:20 233472 c:\windows\system32\webcheck.dll
+ 2004-08-10 17:51 . 2010-05-04 17:20 105984 c:\windows\system32\url.dll
- 2004-08-10 17:51 . 2010-03-11 12:38 105984 c:\windows\system32\url.dll
+ 2004-08-10 17:51 . 2010-05-04 17:20 102912 c:\windows\system32\occache.dll
- 2004-08-10 17:51 . 2010-03-11 12:38 102912 c:\windows\system32\occache.dll
+ 2004-08-10 17:51 . 2010-05-04 17:20 671232 c:\windows\system32\mstime.dll
- 2004-08-10 17:51 . 2010-03-11 12:38 671232 c:\windows\system32\mstime.dll
+ 2004-08-10 17:51 . 2010-05-04 17:20 193024 c:\windows\system32\msrating.dll
- 2004-08-10 17:51 . 2010-03-11 12:38 193024 c:\windows\system32\msrating.dll
- 2004-08-10 17:51 . 2010-03-11 12:38 477696 c:\windows\system32\mshtmled.dll
+ 2004-08-10 17:51 . 2010-05-04 17:20 477696 c:\windows\system32\mshtmled.dll
+ 2006-11-08 02:03 . 2010-05-04 17:20 459264 c:\windows\system32\msfeeds.dll
- 2006-11-08 02:03 . 2010-03-11 12:38 459264 c:\windows\system32\msfeeds.dll
- 2006-10-17 16:57 . 2010-03-11 12:38 268288 c:\windows\system32\iertutil.dll
+ 2006-10-17 16:57 . 2010-05-04 17:20 268288 c:\windows\system32\iertutil.dll
- 2004-08-10 17:51 . 2010-03-11 12:38 192512 c:\windows\system32\iepeers.dll
+ 2004-08-10 17:51 . 2010-05-04 17:20 192512 c:\windows\system32\iepeers.dll
- 2004-08-10 17:51 . 2010-03-11 12:38 385024 c:\windows\system32\iedkcs32.dll
+ 2004-08-10 17:51 . 2010-05-04 17:20 385024 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 16:27 . 2010-05-04 17:20 380928 c:\windows\system32\ieapfltr.dll
- 2006-10-17 16:27 . 2010-03-11 12:38 380928 c:\windows\system32\ieapfltr.dll
- 2004-08-10 17:51 . 2010-02-23 05:18 161792 c:\windows\system32\ieakui.dll
+ 2004-08-10 17:51 . 2010-04-16 11:43 161792 c:\windows\system32\ieakui.dll
- 2004-08-10 17:51 . 2010-03-11 12:38 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-10 17:51 . 2010-05-04 17:20 230400 c:\windows\system32\ieaksie.dll
- 2004-08-10 17:51 . 2010-03-11 12:38 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-10 17:51 . 2010-05-04 17:20 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-10 17:57 . 2010-06-11 05:11 231184 c:\windows\system32\FNTCACHE.DAT
- 2004-08-10 17:57 . 2010-02-12 00:41 231184 c:\windows\system32\FNTCACHE.DAT
- 2004-08-10 17:51 . 2010-03-11 12:38 133120 c:\windows\system32\extmgr.dll
+ 2004-08-10 17:51 . 2010-05-04 17:20 133120 c:\windows\system32\extmgr.dll
+ 2004-08-10 17:51 . 2010-05-04 17:20 214528 c:\windows\system32\dxtrans.dll
- 2004-08-10 17:51 . 2010-03-11 12:38 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-10 17:51 . 2010-05-04 17:20 347136 c:\windows\system32\dxtmsft.dll
- 2004-08-10 17:51 . 2010-03-11 12:38 347136 c:\windows\system32\dxtmsft.dll
+ 2006-08-10 15:41 . 2010-05-04 17:20 832512 c:\windows\system32\dllcache\wininet.dll
- 2006-08-10 15:41 . 2010-03-11 12:38 832512 c:\windows\system32\dllcache\wininet.dll
+ 2006-11-08 02:03 . 2010-05-04 17:20 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-11-08 02:03 . 2010-03-11 12:38 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-10-17 17:05 . 2010-03-11 12:38 105984 c:\windows\system32\dllcache\url.dll
+ 2006-10-17 17:05 . 2010-05-04 17:20 105984 c:\windows\system32\dllcache\url.dll
+ 2006-10-17 17:04 . 2010-05-04 17:20 102912 c:\windows\system32\dllcache\occache.dll
- 2006-10-17 17:04 . 2010-03-11 12:38 102912 c:\windows\system32\dllcache\occache.dll
- 2006-08-10 15:41 . 2010-03-11 12:38 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-08-10 15:41 . 2010-05-04 17:20 671232 c:\windows\system32\dllcache\mstime.dll
- 2006-08-10 15:41 . 2010-03-11 12:38 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-08-10 15:41 . 2010-05-04 17:20 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-08-10 15:41 . 2010-05-04 17:20 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2006-08-10 15:41 . 2010-03-11 12:38 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-09 05:01 . 2010-03-11 12:38 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-05-09 05:01 . 2010-05-04 17:20 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2006-10-17 17:04 . 2010-04-16 11:43 634656 c:\windows\system32\dllcache\iexplore.exe
+ 2007-05-09 05:01 . 2010-05-04 17:20 268288 c:\windows\system32\dllcache\iertutil.dll
- 2007-05-09 05:01 . 2010-03-11 12:38 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2006-08-10 15:41 . 2010-05-04 17:20 192512 c:\windows\system32\dllcache\iepeers.dll
- 2006-08-10 15:41 . 2010-03-11 12:38 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2006-11-07 08:27 . 2010-05-04 17:20 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-11-07 08:27 . 2010-03-11 12:38 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-05-09 05:01 . 2010-03-11 12:38 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-05-09 05:01 . 2010-05-04 17:20 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2006-11-07 08:25 . 2010-02-23 05:18 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2006-11-07 08:25 . 2010-04-16 11:43 161792 c:\windows\system32\dllcache\ieakui.dll
- 2006-11-07 08:27 . 2010-03-11 12:38 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-11-07 08:27 . 2010-05-04 17:20 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2006-11-07 08:26 . 2010-03-11 12:38 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-11-07 08:26 . 2010-05-04 17:20 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-08-10 15:41 . 2010-05-04 17:20 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-08-10 15:41 . 2010-03-11 12:38 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-08-10 15:41 . 2010-03-11 12:38 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-08-10 15:41 . 2010-05-04 17:20 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-08-10 15:41 . 2010-05-04 17:20 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-08-10 15:41 . 2010-03-11 12:38 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2010-04-20 05:30 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll
- 2006-11-07 08:26 . 2010-03-11 12:38 124928 c:\windows\system32\dllcache\advpack.dll
+ 2006-11-07 08:26 . 2010-05-04 17:20 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-10 17:50 . 2010-03-11 12:38 124928 c:\windows\system32\advpack.dll
+ 2004-08-10 17:50 . 2010-05-04 17:20 124928 c:\windows\system32\advpack.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
- 2008-07-29 23:16 . 2008-07-29 23:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2010-03-23 09:31 . 2010-03-23 09:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 15:17 . 2008-07-25 15:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-02-09 16:22 . 2010-02-09 16:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2010-03-31 18:51 . 2010-03-31 18:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 18:49 . 2010-03-31 18:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-03-31 19:32 . 2010-03-31 19:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-02-25 04:14 . 2010-02-25 04:14 543232 c:\windows\Installer\238876e.msp
+ 2010-06-10 04:32 . 2010-06-10 04:32 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}\IconCD95F66110.exe
- 2009-10-16 07:03 . 2010-05-12 02:25 327952 c:\windows\Installer\{91120000-0051-0000-0000-0000000FF1CE}\visicon.exe
+ 2009-10-16 07:03 . 2010-06-11 04:50 327952 c:\windows\Installer\{91120000-0051-0000-0000-0000000FF1CE}\visicon.exe
- 2009-10-16 07:03 . 2010-05-12 02:25 217864 c:\windows\Installer\{91120000-0051-0000-0000-0000000FF1CE}\misc.exe
+ 2009-10-16 07:03 . 2010-06-11 04:50 217864 c:\windows\Installer\{91120000-0051-0000-0000-0000000FF1CE}\misc.exe
- 2006-08-16 02:03 . 2010-05-12 02:25 114688 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2006-08-16 02:03 . 2010-06-11 00:47 114688 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2006-08-16 02:03 . 2010-06-11 00:47 167936 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2006-08-16 02:03 . 2010-05-12 02:25 167936 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2010-06-11 00:48 . 2010-03-11 12:38 832512 c:\windows\ie7updates\KB982381-IE7\wininet.dll
+ 2010-06-11 00:48 . 2010-03-11 12:38 233472 c:\windows\ie7updates\KB982381-IE7\webcheck.dll
+ 2010-06-11 00:48 . 2010-03-11 12:38 105984 c:\windows\ie7updates\KB982381-IE7\url.dll
+ 2010-06-11 00:48 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB982381-IE7\spuninst\updspapi.dll
+ 2010-06-11 00:48 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB982381-IE7\spuninst\spuninst.exe
+ 2010-06-11 00:48 . 2010-03-11 12:38 102912 c:\windows\ie7updates\KB982381-IE7\occache.dll
+ 2010-06-11 00:48 . 2010-03-11 12:38 671232 c:\windows\ie7updates\KB982381-IE7\mstime.dll
+ 2010-06-11 00:48 . 2010-03-11 12:38 193024 c:\windows\ie7updates\KB982381-IE7\msrating.dll
+ 2010-06-11 00:48 . 2010-03-11 12:38 477696 c:\windows\ie7updates\KB982381-IE7\mshtmled.dll
+ 2010-06-11 00:48 . 2010-03-11 12:38 459264 c:\windows\ie7updates\KB982381-IE7\msfeeds.dll
+ 2010-06-11 00:48 . 2010-02-23 05:20 634648 c:\windows\ie7updates\KB982381-IE7\iexplore.exe
+ 2010-06-11 00:48 . 2010-03-11 12:38 268288 c:\windows\ie7updates\KB982381-IE7\iertutil.dll
+ 2010-06-11 00:48 . 2010-03-11 12:38 192512 c:\windows\ie7updates\KB982381-IE7\iepeers.dll
+ 2010-06-11 00:48 . 2010-03-11 12:38 385024 c:\windows\ie7updates\KB982381-IE7\iedkcs32.dll
+ 2010-06-11 00:48 . 2010-03-11 12:38 380928 c:\windows\ie7updates\KB982381-IE7\ieapfltr.dll
+ 2010-06-11 00:48 . 2010-02-23 05:18 161792 c:\windows\ie7updates\KB982381-IE7\ieakui.dll
+ 2010-06-11 00:48 . 2010-03-11 12:38 230400 c:\windows\ie7updates\KB982381-IE7\ieaksie.dll
+ 2010-06-11 00:48 . 2010-03-11 12:38 153088 c:\windows\ie7updates\KB982381-IE7\ieakeng.dll
+ 2010-06-11 00:48 . 2010-03-11 12:38 133120 c:\windows\ie7updates\KB982381-IE7\extmgr.dll
+ 2010-06-11 00:48 . 2010-03-11 12:38 214528 c:\windows\ie7updates\KB982381-IE7\dxtrans.dll
+ 2010-06-11 00:48 . 2010-03-11 12:38 347136 c:\windows\ie7updates\KB982381-IE7\dxtmsft.dll
+ 2010-06-11 00:48 . 2010-03-11 12:38 124928 c:\windows\ie7updates\KB982381-IE7\advpack.dll

sambaker · 2010/06/11

Here is the 2nd part of the ComboFix.txt log.

+ 2010-06-11 04:52 . 2010-06-11 04:52 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_7005d2ec\System.Drawing.dll
+ 2010-06-11 04:52 . 2010-06-11 04:52 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_8929a539\System.Drawing.Design.dll
+ 2010-06-11 04:52 . 2010-06-11 04:52 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_a89b1d7c\CustomMarshalers.dll
+ 2010-06-11 04:43 . 2010-06-11 04:43 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\8ee0162a0dac8a460c563eb00f50779e\WindowsFormsIntegration.ni.dll
+ 2010-06-11 04:43 . 2010-06-11 04:43 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\1942075b606501ae25b873a62d70ad14\UIAutomationClient.ni.dll
+ 2010-06-11 04:42 . 2010-06-11 04:42 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\3c764bbf8930ef6f0ee2a932d527bd2a\System.Drawing.Design.ni.dll
+ 2010-06-11 04:40 . 2010-06-11 04:40 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae733e4062edba3a33bb0a632bef66bf\PresentationFramework.Royale.ni.dll
+ 2010-06-11 04:40 . 2010-06-11 04:40 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3ffad524016f0aba7b11a8aa33301a65\PresentationFramework.Aero.ni.dll
+ 2010-06-11 04:40 . 2010-06-11 04:40 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\201968d038a23a4688310fed1eeaddaa\PresentationFramework.Classic.ni.dll
+ 2010-06-11 04:40 . 2010-06-11 04:40 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ead87ca8eb84c595c77c70e3b2df88d\PresentationFramework.Luna.ni.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-11 00:54 . 2010-06-11 00:54 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-06-11 00:54 . 2010-06-11 00:54 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-06-11 00:54 . 2010-06-11 00:54 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-09-30 07:07 . 2009-09-30 07:07 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2004-08-10 17:51 . 2010-04-06 08:52 2462720 c:\windows\system32\WMVCore.dll
- 2004-08-10 17:51 . 2010-03-11 12:38 1168384 c:\windows\system32\urlmon.dll
+ 2004-08-10 17:51 . 2010-05-04 17:20 1168384 c:\windows\system32\urlmon.dll
- 2004-08-10 17:51 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
+ 2004-08-10 17:51 . 2010-02-05 18:27 1291776 c:\windows\system32\quartz.dll
+ 2004-08-10 17:51 . 2010-05-04 17:20 3600384 c:\windows\system32\mshtml.dll
+ 2006-11-08 02:03 . 2010-05-04 17:20 6067200 c:\windows\system32\ieframe.dll
- 2006-11-08 02:03 . 2010-03-11 12:38 6067200 c:\windows\system32\ieframe.dll
+ 2004-08-10 17:51 . 2010-04-06 08:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-10-16 02:09 . 2010-05-02 05:22 1851264 c:\windows\system32\dllcache\win32k.sys
- 2006-08-10 15:41 . 2010-03-11 12:38 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2006-08-10 15:41 . 2010-05-04 17:20 1168384 c:\windows\system32\dllcache\urlmon.dll
- 2008-05-07 05:12 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2008-05-07 05:12 . 2010-02-05 18:27 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2006-08-10 15:41 . 2010-05-04 17:20 3600384 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-09 05:01 . 2010-05-04 17:20 6067200 c:\windows\system32\dllcache\ieframe.dll
- 2007-05-09 05:01 . 2010-03-11 12:38 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-08 03:48 . 2010-04-08 03:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
- 2008-11-25 08:59 . 2008-11-25 08:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 09:32 . 2010-03-23 09:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-03-23 09:32 . 2010-03-23 09:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2008-05-28 05:35 . 2008-05-28 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-04-01 15:42 . 2010-04-01 15:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-04-01 15:42 . 2010-04-01 15:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 05:35 . 2008-05-28 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 04:48 . 2008-05-28 04:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 18:50 . 2010-03-31 18:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 18:50 . 2010-03-31 18:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2008-05-28 04:43 . 2008-05-28 04:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-04-01 15:42 . 2010-04-01 15:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-04-12 02:17 . 2010-04-12 02:17 2607104 c:\windows\Installer\238877b.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17 4210688 c:\windows\Installer\238877a.msp
+ 2010-04-24 21:10 . 2010-04-24 21:10 8486400 c:\windows\Installer\2388761.msp
+ 2010-06-10 04:32 . 2010-06-10 04:32 1544192 c:\windows\Installer\14ba19.msi
+ 2010-06-11 00:48 . 2010-03-11 12:38 1168384 c:\windows\ie7updates\KB982381-IE7\urlmon.dll
+ 2010-06-11 00:48 . 2010-03-11 12:38 3599872 c:\windows\ie7updates\KB982381-IE7\mshtml.dll
+ 2010-06-11 00:48 . 2010-03-11 12:38 6067200 c:\windows\ie7updates\KB982381-IE7\ieframe.dll
+ 2010-06-11 04:52 . 2010-06-11 04:52 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_d8b9dbe0\System.dll
+ 2010-06-11 04:52 . 2010-06-11 04:52 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_3243e092\System.dll
+ 2010-06-11 04:52 . 2010-06-11 04:52 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e74b107d\System.Xml.dll
+ 2010-06-11 04:52 . 2010-06-11 04:52 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_9bf81ee1\System.Xml.dll
+ 2010-06-11 04:52 . 2010-06-11 04:52 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_8b58fcb3\System.Windows.Forms.dll
+ 2010-06-11 04:52 . 2010-06-11 04:52 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_3384706e\System.Windows.Forms.dll
+ 2010-06-11 04:52 . 2010-06-11 04:52 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_ff355f54\System.Drawing.dll
+ 2010-06-11 04:52 . 2010-06-11 04:52 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_b61a55d5\System.Design.dll
+ 2010-06-11 04:52 . 2010-06-11 04:52 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_49c0befd\System.Design.dll
+ 2010-06-11 04:52 . 2010-06-11 04:52 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_edce8b9d\mscorlib.dll
+ 2010-06-11 04:52 . 2010-06-11 04:52 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1931ca8f\mscorlib.dll
+ 2010-06-11 04:39 . 2010-06-11 04:39 3319808 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f42ae1fd4a48368e98895bcd3ceab4de\WindowsBase.ni.dll
+ 2010-06-11 00:54 . 2010-06-11 00:54 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\f231461883859922a040002dddfb7b12\WindowsBase.ni.dll
+ 2010-06-11 04:43 . 2010-06-11 04:43 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\259c8fc74964a26b49f23ca2f47c14c9\UIAutomationClientsideProviders.ni.dll
+ 2010-06-11 00:52 . 2010-06-11 00:52 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F9.tmp\ReachFramework.dll
+ 2010-06-11 04:37 . 2010-06-11 04:37 8367616 c:\windows\assembly\NativeImages_v2.0.50727_32\System\cebdb3354d4d06e2295a1594bf8152f0\System.ni.dll
+ 2010-06-11 00:54 . 2010-06-11 00:54 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
+ 2010-06-11 04:43 . 2010-06-11 04:43 5451776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\597a4964dfb93fbd4abc45a27bdd5bdc\System.Xml.ni.dll
+ 2010-06-11 04:42 . 2010-06-11 04:42 1920000 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\3140a7414cc6947e21a761fde2458867\System.Speech.ni.dll
+ 2010-06-11 04:42 . 2010-06-11 04:42 1036288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\757c5acb1f7819f8ed4da2c5dcf630bd\System.Printing.ni.dll
+ 2010-06-11 04:42 . 2010-06-11 04:42 1589248 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3e6e485cd659e92342affa6501becf1\System.Drawing.ni.dll
+ 2010-06-11 04:41 . 2010-06-11 04:41 6632448 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f6eebb6fb2804414ccec95a7e982374b\System.Data.ni.dll
+ 2010-06-11 04:41 . 2010-06-11 04:41 2519552 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\b68d134954ce4e5628237addeb08475b\System.Data.Linq.ni.dll
+ 2010-06-11 04:40 . 2010-06-11 04:40 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\39dbbd552e34259f3f3b77447c270501\System.Core.ni.dll
+ 2010-06-11 04:40 . 2010-06-11 04:40 2130432 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\e7b3e5ff81a3aac47f13a671913c2c5b\ReachFramework.ni.dll
+ 2010-06-11 04:40 . 2010-06-11 04:40 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\584b2593f84dbbe67a3cbc5f609b4e43\PresentationUI.ni.dll
+ 2010-06-11 04:38 . 2010-06-11 04:38 1453056 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\8aae81ca18d77d8d0da81cf9af289d10\PresentationBuildTasks.ni.dll
+ 2010-06-11 00:54 . 2010-06-11 00:54 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-06-11 00:54 . 2010-06-11 00:54 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-10-16 07:08 . 2009-10-16 07:08 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-06-11 00:53 . 2010-06-11 00:53 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-10-16 07:03 . 2009-10-16 07:03 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-06-11 04:52 . 2010-06-11 04:52 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-06-11 04:51 . 2010-06-11 04:51 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-16 07:03 . 2009-10-16 07:03 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2006-08-15 22:56 . 2010-05-28 19:37 32472008 c:\windows\system32\MRT.exe
+ 2010-04-02 23:29 . 2010-04-02 23:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2010-04-02 16:30 . 2010-04-02 16:30 17456640 c:\windows\Installer\c4454.msp
+ 2010-04-24 21:09 . 2010-04-24 21:09 11750912 c:\windows\Installer\c442a.msp
+ 2010-04-24 21:05 . 2010-04-24 21:05 15154176 c:\windows\Installer\c4421.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17 14599680 c:\windows\Installer\238878a.msp
+ 2010-04-12 02:17 . 2010-04-12 02:17 14599680 c:\windows\Installer\238877d.msp
+ 2010-04-16 01:34 . 2010-04-16 01:34 17510912 c:\windows\Installer\2388758.msp
+ 2010-06-11 04:43 . 2010-06-11 04:43 12506112 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9609d0e4d7ebf1fbcd56ee5d882cac90\System.Windows.Forms.ni.dll
+ 2010-06-11 04:42 . 2010-06-11 04:42 10719744 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\56b0be6902226061047303005215c743\System.Design.ni.dll
+ 2010-06-11 04:40 . 2010-06-11 04:40 14454272 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c957a859575fda96b55a0f5cfb4cd436\PresentationFramework.ni.dll
+ 2010-06-11 04:39 . 2010-06-11 04:39 12235776 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9b5b71fbffcd29c721209284f33f8eca\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-04 02:12 556432 ----a-w- c:\progra~1\MICROS~4\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold "= "c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Logitech Vid "= "c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService "= "c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"CaISSDT "= "c:\program files\CA\eTrust Internet Security Suite\caissdt.exe" [2005-12-29 165416]
"eTrustPPAP "= "c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2006-11-24 258048]
"IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"BCSSync "= "c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
"LifeCam "= "c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-20 198160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8051v2\Belkinwcui.exe [2008-5-16 1581056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-10 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
chkdsmui REG_SZ c:\windows\system32\icarhone.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
"DisableNotifications "= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\utorrent\\utorrent.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\America Online 9.0\\waol.exe "=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe "=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/2/2009 3:16 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2/27/2010 4:22 PM 30560]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 1:23 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 12:08 PM 174336]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 5:28 AM 4639136]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 8:03 PM 32408]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [4/3/2006 6:12 PM 14032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-06-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 20:16]

2010-04-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-08 16:22]

2010-06-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-08 16:22]

2010-06-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12]
.
.
------- Supplementary Scan -------
.
uStart Page = www.msn.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: musicmatch.com\online
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\
FF - plugin: c:\progra~1\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ãƒ*J*¬ \$»»]
"Q "=hex:51

[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ãƒ*J*¬ \Ãƒ#$]
"Q "=hex:51

[HKEY_LOCAL_MACHINE\software\Microsoft\Works\EulaRegClients\Ãƒ*J*¬ \ÃE¼]
"Q "=hex:51
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-06-11 01:35:11
ComboFix-quarantined-files.txt 2010-06-11 05:35
ComboFix2.txt 2010-06-10 05:31
ComboFix3.txt 2010-06-07 04:09

Pre-Run: 39,593,107,456 bytes free
Post-Run: 39,590,834,176 bytes free

- - End Of File - - 88E125D704735E47AE4C8269A93AD6DB

broni · 2010/06/11

Very good

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

===========================================================

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

sambaker · 2010/06/12

I tried to uninstall Combofix per your instructions, but when I ran the Combofix /Uninstall command, I got a message saying "Windows cannot find 'Combofix'." When I search my C: drive for Combofix, there is a folder named Combofix on my C:\ drive. It has 3 files in it: "CF4759.cfxxe ", "mbr.cfxxe ", and "mbr.txt ". There are also some combofix log files and a few shortcut links to download Combofix on my C: drive. But there was no Combofix.exe file to be found. I did not remove it or uninstall it. I don't know what happened to it. Maybe McAfee removed it automatically?

Since this Combofix Uninstall command did not find anything, I then downloaded the latest update for Anti-Malware and ran the Quick Scan. Below is the log.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4190

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

6/12/2010 4:04:48 AM
mbam-log-2010-06-12 (04-04-48).txt

Scan type: Quick scan
Objects scanned: 127693
Time elapsed: 8 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Brandon McGahee\Application Data\Microsoft\Internet Explorer\Quick Launch\Protection Center.LNK (Rogue.ProtectionCenter) -> Quarantined and deleted successfully.

broni · 2010/06/12

Delete Combofix manually (whatever you find from the list below)....
Delete Combofix, Qoobox folders,and Combofix.txt file from C:
Delete Combofix from your desktop.

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

sambaker · 2010/06/12

Thanks.

Just to clarify regarding OTL: Do I run one scan or two? Not sure if you are suggesting I run a scan and then run a custom scan with the commands you provided OR if there is just one scan (the custom scan).

broni · 2010/06/12

Just one scan with a custom code provided.
It'll produce two logs.

sambaker · 2010/06/12

Ok. Here are the two logs from OTL. OTL.Txt is too big to post in one reply, so I will break it up.

OTL.Txt (Part I)

OTL logfile created on: 6/12/2010 2:25:52 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Brandon McGahee\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.68 Gb Total Space | 35.12 Gb Free Space | 52.67% Space Free | Partition Type: NTFS
Drive D: | 21.53 Gb Total Space | 21.46 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRANDON
Current User Name: Brandon McGahee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/12 13:46:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon McGahee\Desktop\OTL.exe
PRC - [2010/03/01 16:16:30 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/03/01 16:16:30 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/19 20:09:14 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/07/16 16:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/06 18:21:00 | 000,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/08 14:27:02 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/10/08 14:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/10/08 14:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/10/08 14:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/10/08 14:01:54 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/01/19 17:17:42 | 001,581,056 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe
PRC - [2006/11/23 22:06:17 | 000,258,048 | ---- | M] (Computer Associates) -- C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
PRC - [2006/09/21 19:04:52 | 000,233,472 | ---- | M] () -- C:\Program Files\Belkin\F5D8051v2\ChkDev.exe
PRC - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2005/12/29 16:42:18 | 000,165,416 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
PRC - [2005/12/07 17:05:12 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2004/12/13 16:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2003/10/29 03:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/09/10 03:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe

========== Modules (SafeList) ==========

MOD - [2010/06/12 13:46:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon McGahee\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/03/01 16:16:30 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/26 05:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/10/08 14:27:02 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007/10/08 14:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2007/10/08 14:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2007/10/08 14:01:54 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/08/10 11:57:25 | 000,822,424 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/04/03 18:12:14 | 000,014,032 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/12/07 17:05:34 | 002,066,072 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2005/12/07 17:05:12 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2005/09/28 22:02:26 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcfcoms.exe -- (dlcf_device)
SRV - [2004/12/13 16:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/12/13 16:30:08 | 000,079,472 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/12/13 16:30:04 | 000,198,256 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - [2009/10/07 04:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 600(UVC)
DRV - [2009/10/07 04:47:55 | 000,266,008 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/24 16:05:24 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/07/03 10:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/03/20 20:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/07/26 11:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 11:24:48 | 000,095,384 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2008/07/07 13:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 17:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 12:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/26 06:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/08/27 11:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/08 07:14:00 | 000,498,816 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MRVW245.sys -- (MRVW245)
DRV - [2006/10/17 11:55:28 | 001,711,104 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel(R)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/10 11:57:25 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/06/22 18:29:43 | 000,055,984 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2006/05/24 19:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/24 19:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/24 19:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/24 19:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/24 19:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/05/24 19:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/24 18:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/05/24 18:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/08 12:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/02/16 00:39:00 | 001,421,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/07 17:05:26 | 000,144,880 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005/12/07 17:05:24 | 000,056,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005/12/04 10:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/10/14 09:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 09:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 09:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 10:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/21 21:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 21:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 21:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/31 05:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/05/31 05:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/05/31 05:33:00 | 000,086,876 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/05/31 05:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/05/31 05:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/05/31 05:33:00 | 000,015,069 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/05/31 05:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/05/31 05:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/05/31 05:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/05/13 10:37:28 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2005/05/13 10:37:20 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2005/04/22 03:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/04/21 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/09/29 16:36:29 | 000,015,360 | RH-- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/02/13 10:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\..\URLSearchHook: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - c:\Program Files\STOPzilla!\Toolbar\SZIESearchHook.dll (iS3 Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{780044d1-e8c0-488f-8059-4522ddbfc2ea}: c:\Program Files\Stopzilla!\Toolbar\Extension [2009/12/04 23:56:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/08 21:34:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/08 21:34:28 | 000,000,000 | ---D | M]

[2010/05/08 21:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Extensions
[2010/06/12 09:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions
[2010/05/08 22:21:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/08 22:22:19 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla\Firefox\Profiles\6akbzgc3.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2010/05/08 21:34:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/11 01:33:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - c:\Program Files\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - c:\Program Files\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CaISSDT] C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe (Computer Associates International, Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [eTrustPPAP] C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe (Computer Associates)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158294370062 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 12.127.16.67 12.127.17.71
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: chkdsmui - (C:\WINDOWS\system32\icarhone.dll) - C:\WINDOWS\System32\icarhone.dll File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 13:52:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

sambaker · 2010/06/12

OTL.Txt (Part II)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/12 13:51:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/12 13:46:25 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brandon McGahee\Desktop\OTL.exe
[2010/06/10 20:54:32 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/06/10 20:51:39 | 000,000,000 | ---D | C] -- C:\213c80716cca07710038
[2010/06/10 00:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/06/09 21:43:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/06/06 22:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon McGahee\My Documents\Simply Super Software
[2010/06/06 22:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/06/06 22:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/06/06 21:19:13 | 000,000,000 | ---D | C] -- C:\RECYCLER(2)
[2010/06/05 23:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/05 23:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/31 10:41:12 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Brandon McGahee\Desktop\TDSSKiller.exe
[2010/05/28 16:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
[2010/05/08 21:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon McGahee\Application Data\Mozilla
[2010/05/08 21:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/08 21:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon McGahee\My Documents\Profiles
[2010/04/07 20:25:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/07 20:25:15 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/07 20:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/07 20:22:12 | 005,918,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brandon McGahee\Desktop\mbam-setup.exe
[2010/04/07 19:21:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/07 19:21:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/07 19:21:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/07 19:21:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/07 01:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon McGahee\Application Data\Windows Live Writer
[2010/04/07 01:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon McGahee\My Documents\My Weblog Posts
[2010/04/07 01:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\Windows Live Writer
[2010/03/26 12:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/03/22 04:55:25 | 034,595,048 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Brandon McGahee\Desktop\7.0.0.538f-sdsetup.exe
[2010/03/22 04:51:39 | 034,595,048 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Brandon McGahee\My Documents\7.0.0.538f-sdsetup.exe
[2010/03/22 04:16:01 | 003,369,216 | ---- | C] (BluePenguin Software Inc.) -- C:\Documents and Settings\Brandon McGahee\My Documents\spyzookasetup.exe
[2010/03/22 02:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/03/22 02:46:53 | 000,502,168 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\Brandon McGahee\My Documents\SpyHunter-Installer.exe
[2010/03/16 19:01:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006/08/10 11:22:31 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfserv.dll
[2006/08/10 11:22:31 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfusb1.dll
[2006/08/10 11:22:31 | 000,770,048 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfhbn3.dll
[2006/08/10 11:22:31 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomc.dll
[2006/08/10 11:22:31 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpmui.dll
[2006/08/10 11:22:31 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcflmpm.dll
[2006/08/10 11:22:31 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomm.dll
[2006/08/10 11:22:31 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfprox.dll
[2006/08/10 11:22:31 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpplc.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/12 13:46:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brandon McGahee\Desktop\OTL.exe
[2010/06/12 04:35:21 | 000,045,877 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/06/12 04:34:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/12 04:33:03 | 010,747,904 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\ntuser.dat
[2010/06/12 04:32:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/12 04:32:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/12 04:32:41 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/12 04:31:27 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Brandon McGahee\ntuser.ini
[2010/06/12 02:11:01 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/11 01:33:34 | 000,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/11 01:33:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/11 01:11:14 | 000,231,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 00:52:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/11 00:49:57 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/06/10 00:32:27 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/06/10 00:20:22 | 000,966,213 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Desktop\tdsskiller.zip
[2010/06/09 15:16:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/08 01:00:29 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\My Documents\k1uo4f6j.exe
[2010/06/08 00:56:33 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\My Documents\Download GMER.doc
[2010/06/08 00:56:33 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Brandon McGahee\My Documents\~$wnload GMER.doc
[2010/06/07 02:00:42 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Desktop\dds.scr
[2010/06/06 22:23:56 | 000,000,426 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/01 01:00:15 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/05/31 10:41:12 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Brandon McGahee\Desktop\TDSSKiller.exe
[2010/05/20 01:44:25 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Desktop\Windows Live Call.lnk
[2010/05/17 01:40:40 | 000,296,960 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\My Documents\problem screen shot.doc
[2010/05/10 22:41:25 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Desktop\Shortcut to Sounds and Audio Devices.lnk
[2010/05/08 21:34:31 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/08 02:03:13 | 000,030,616 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\My Documents\bookmarks-2010-05-08.json
[2010/05/05 00:30:48 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/15 01:17:15 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/04/07 20:25:20 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/07 20:22:16 | 005,918,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brandon McGahee\Desktop\mbam-setup.exe
[2010/03/31 22:23:04 | 005,081,374 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\IconCache.db
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/22 05:14:01 | 000,016,226 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\UyME
[2010/03/22 05:14:00 | 000,016,226 | -HS- | M] () -- C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\UyME
[2010/03/22 04:54:47 | 034,595,048 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Brandon McGahee\My Documents\7.0.0.538f-sdsetup.exe
[2010/03/22 04:54:47 | 034,595,048 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Brandon McGahee\Desktop\7.0.0.538f-sdsetup.exe
[2010/03/22 04:17:19 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brandon McGahee\My Documents\mbam-setup.exe
[2010/03/22 04:15:51 | 003,369,216 | ---- | M] (BluePenguin Software Inc.) -- C:\Documents and Settings\Brandon McGahee\My Documents\spyzookasetup.exe
[2010/03/22 03:53:29 | 000,246,272 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/22 02:46:44 | 000,502,168 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\Brandon McGahee\My Documents\SpyHunter-Installer.exe
[2010/03/16 18:53:22 | 013,837,640 | ---- | M] () -- C:\Documents and Settings\Brandon McGahee\My Documents\winzip140.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/11 01:39:58 | 2145,845,248 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/10 00:32:27 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/06/10 00:20:17 | 000,966,213 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\Desktop\tdsskiller.zip
[2010/06/08 01:00:16 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\My Documents\k1uo4f6j.exe
[2010/06/08 00:56:33 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Brandon McGahee\My Documents\~$wnload GMER.doc
[2010/06/08 00:56:32 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\My Documents\Download GMER.doc
[2010/06/07 02:00:21 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\Desktop\dds.scr
[2010/06/05 20:55:00 | 010,747,904 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\ntuser.dat
[2010/05/17 01:15:25 | 000,296,960 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\My Documents\problem screen shot.doc
[2010/05/10 22:41:25 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\Desktop\Shortcut to Sounds and Audio Devices.lnk
[2010/05/08 21:34:31 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/08 20:59:08 | 000,030,616 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\My Documents\bookmarks-2010-05-08.json
[2010/04/07 20:25:20 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/07 19:21:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/07 19:21:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/07 19:21:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/07 19:21:27 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/07 19:21:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/22 02:15:02 | 000,016,226 | -HS- | C] () -- C:\Documents and Settings\Brandon McGahee\Local Settings\Application Data\UyME
[2010/03/22 02:15:02 | 000,016,226 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\UyME
[2010/03/16 18:54:09 | 013,837,640 | ---- | C] () -- C:\Documents and Settings\Brandon McGahee\My Documents\winzip140.exe
[2010/01/27 16:43:15 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/09/01 10:03:27 | 018,764,452 | -HS- | C] () -- C:\WINDOWS\System32\algc.sys
[2009/09/01 10:03:27 | 000,000,915 | ---- | C] () -- C:\WINDOWS\System32\adsmsexte.sys
[2009/07/04 00:22:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTSHDW3.dll
[2008/08/14 03:04:47 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/07/12 14:46:26 | 000,003,140 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/07/06 04:17:56 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/07/06 04:17:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/06 04:17:48 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/06 04:17:48 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/06 04:17:47 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/07/06 04:17:47 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/03/19 22:26:28 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/04/16 22:09:29 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/08/17 00:04:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/08/15 23:34:09 | 000,000,544 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006/08/15 22:03:28 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/15 21:52:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AutoRun.INI
[2006/08/10 12:10:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/10 11:57:36 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/08/10 11:54:05 | 000,004,307 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/10 11:22:32 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcfjswr.dll
[2006/08/10 11:22:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsr.dll
[2006/08/10 11:22:32 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcfvs.dll
[2006/08/10 11:22:32 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcfcur.dll
[2006/08/10 11:22:31 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcfutil.dll
[2006/08/10 11:22:31 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsb.dll
[2006/08/10 11:22:31 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcfins.dll
[2006/08/10 11:22:31 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcfcub.dll
[2006/08/10 11:22:31 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcfcu.dll
[2006/08/10 11:22:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcfcfg.dll
[2006/08/10 11:21:50 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/08/10 11:20:39 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/24 19:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/31 13:11:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\dlcfplc.ini
[2005/04/09 11:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/17 13:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 13:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/08/10 14:12:05 | 000,000,885 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/03/26 12:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2006/11/23 21:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/01/27 16:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/06/06 22:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/09/04 02:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/03/11 22:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2007/11/20 01:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/06/06 22:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/08/10 11:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/10 00:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/03 04:34:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2008/08/31 17:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\ICAClient
[2008/09/21 23:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Leadertech
[2008/08/31 16:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Runaware
[2007/03/09 23:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Viewpoint
[2010/05/28 16:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\webex
[2010/04/07 01:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brandon McGahee\Application Data\Windows Live Writer
[2010/06/09 15:16:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/04/15 01:17:15 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/06/01 01:00:15 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/06/12 02:11:01 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

sambaker · 2010/06/12

And finally, Extras.Txt

Extras.Txt

OTL Extras logfile created on: 6/12/2010 2:25:52 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Brandon McGahee\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.68 Gb Total Space | 35.12 Gb Free Space | 52.67% Space Free | Partition Type: NTFS
Drive D: | 21.53 Gb Total Space | 21.46 Gb Free Space | 99.70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRANDON
Current User Name: Brandon McGahee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\utorrent\utorrent.exe" = C:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0D251F37-10CB-46DF-BFA0-4702218DB0B6}" = ATI Catalyst Control Center
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1463BA91-7FE5-4B8C-A890-FB4E5FACCB47}" = CA eTrust PestPatrol Anti-Spyware
"{162D2FB8-60A3-4871-B6A1-5C744CD34FF5}" = 725plc32
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23170F69-40C1-2701-0457-000001000000}" = 7-Zip 4.57
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 15
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}" = Norton Ghost 10.0
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client
"{37888B36-58B5-41C6-BE67-B846BB4809FF}" = iS3 STOPzilla Toolbar
"{39A409D2-F7DF-4D52-B7F9-5E397A92B130}" = Belkin N1 Wireless USB Network Adapter Setup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7641FD7D-E94E-424E-A95C-0593C84DC0C0}" = VZAccess Manager
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7B2ADCB5-3F3D-478A-90A9-A8C04EF82BF6}" = Mobile Broadband Generic Drivers
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81DCEC2B-E069-4985-978B-3230292AB744}" = NTI Shadow
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC388C78-2619-452C-BFBE-FABCC3194387}" = Microsoft Office Live Meeting 2007
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}" = Windows Defender
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.2
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner (remove only)
"CleanUp!" = CleanUp!
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell Color Printer 725" = Dell Color Printer 725
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{81DCEC2B-E069-4985-978B-3230292AB744}" = NTI Shadow
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.5 (Full)
"legacyqcam_10.00" = Logitech Legacy USB Camera Driver Package
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Uninstall Utility" = McAfee Uninstaller
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.PRJPRO" = Microsoft Project Professional 2010
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"VISPROR" = Microsoft Office Visio Professional 2007 Trial
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/9/2010 1:20:22 AM | Computer Name = BRANDON | Source = Application Hang | ID = 1002
Description = Hanging application k1uo4f6j.exe, version 1.0.15.15281, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/10/2010 8:51:16 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET_2.0.50727
(ASP.NET_2.0.50727) failed. The Error code is the first DWORD in Data section.

Error - 6/10/2010 8:51:19 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service aspnet_state
(ASP.NET State Service) failed. The Error code is the first DWORD in Data section.

Error - 6/10/2010 8:51:20 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 6/10/2010 8:51:20 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET (ASP.NET)
failed. The Error code is the first DWORD in Data section.

Error - 6/10/2010 8:54:04 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET_2.0.50727
(ASP.NET_2.0.50727) failed. The Error code is the first DWORD in Data section.

Error - 6/10/2010 8:54:06 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service aspnet_state
(ASP.NET State Service) failed. The Error code is the first DWORD in Data section.

Error - 6/10/2010 8:54:07 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 6/10/2010 8:54:07 PM | Computer Name = BRANDON | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET (ASP.NET)
failed. The Error code is the first DWORD in Data section.

Error - 6/11/2010 12:49:49 AM | Computer Name = BRANDON | Source = MsiInstaller | ID = 11704
Description = Product: Microsoft Office Visio Professional 2007 -- Error 1704.An
installation for Microsoft .NET Framework 3.0 Service Pack 2 is currently suspended.
You must undo the changes made by that installation to continue. Do you want
to undo those changes?

[ System Events ]
Error - 6/11/2010 2:51:40 PM | Computer Name = BRANDON | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service dlcf_device
with arguments " " in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}

Error - 6/11/2010 6:15:33 PM | Computer Name = BRANDON | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service dlcf_device
with arguments " " in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}

Error - 6/11/2010 6:15:33 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the dlcf_device service to
connect.

Error - 6/11/2010 6:15:33 PM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7000
Description = The dlcf_device service failed to start due to the following error:
%%1053

Error - 6/11/2010 6:15:46 PM | Computer Name = BRANDON | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service dlcf_device
with arguments " " in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}

Error - 6/12/2010 2:16:05 AM | Computer Name = BRANDON | Source = Dhcp | ID = 1002
Description = The IP address lease 10.45.80.121 for the Network Card with network
address 0015C5AC278A has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 6/12/2010 4:31:08 AM | Computer Name = BRANDON | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service dlcf_device
with arguments " " in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}

Error - 6/12/2010 4:31:09 AM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the dlcf_device service to
connect.

Error - 6/12/2010 4:31:09 AM | Computer Name = BRANDON | Source = Service Control Manager | ID = 7000
Description = The dlcf_device service failed to start due to the following error:
%%1053

Error - 6/12/2010 4:31:29 AM | Computer Name = BRANDON | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service dlcf_device
with arguments " " in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}

< End of report >

Log in or Sign up

Solved Google Search Results Redirect to wrong sites

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Google Search Results Redirect to wrong sites

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

broni Moderator Malware Analyst

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

sambaker Inactive Thread Starter

Share This Page

Useful Searches