Results 1 to 3 of 3

Thread: my security shield

  1. 2010-09-23, 09:40 #1
    patrice
    patrice is offline
    Junior Member
    Join Date
    Sep 2010
    Posts
    1

    Default my security shield

    Hello,

    First of all I caught My security shield.
    I tried to remove it using Malwarebytes' Anti-Malware and OTM from old timer to change the host file.
    I believed it was sufficient.
    I used spy search & delete to delete some tracking cookies.
    then, nothing was found in Malwarebytes' Anti-Malware.

    Unfortunately, i think that i have another spyware, i am redirected in internet to pages similar to the my security shield, something like "your computer is infected" and you can see a kind of scan at the screen in the browser.

    Then, I decided to delete the following key
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.jp.msn.com/USREL/19
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/sphome.aspx
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    And now, I am pretty sure that the computer is not safe yet.
    Can you please have a look at the DDS log and tell me what you think ?

    Thank you in advance

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Owner at 16:28:04.17 on Thu 23/09/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3510.2453 [GMT 10:00]

    AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {68825CCE-CE96-4E56-9AAA-F11EF6BCD0CA}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IDT\WDM\stacsv.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    svchost.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
    C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\OA015Mon.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
    C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
    C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\stickies\stickies.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
    C:\Program Files\UltraMon\UltraMon.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\igfxext.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\UltraMon\UltraMonTaskbar.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Download\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://mxintra/
    uSearch Page = hxxp://www.bing.com
    uSearch Bar = hxxp://www.bing.com/sphome.aspx
    uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [OA015Mon] c:\windows\OA015Mon.exe
    mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
    mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
    mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [DellBtrEvent] d:\program files\dell\reader 2.1\DellBtrEvent.exe
    mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
    mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [SearchSettings] c:\program files\pdfforge toolbar\SearchSettings.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{b49673f8-7ab6-4a14-8213-c8a7be370010}\IcoUltraMon.ico
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    uPolicies-explorer: DisallowRun = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://au-dc1:4343/officescan/console/html/ClientInstall/WinNTChk.cab
    DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://au-dc1:4343/officescan/console/html/ClientInstall/setup.cab
    DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://au-dc1:4343/officescan/console/html/root/AtxEnc.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
    LSA: Authentication Packages = msv1_0 wvauth
    IFEO: image file execution options - svchost.exe

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\pbourely\applic~1\mozilla\firefox\profiles\21tz9hvo.default\
    FF - prefs.js: browser.search.selectedEngine - search
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - component: c:\program files\pdfforge toolbar\ff\components\pdfforgeToolbarFF.dll
    FF - component: c:\program files\pdfforge toolbar\ssff\components\SearchSettingsFF.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-9-1 17072]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-16 65584]
    R1 DVMIO;DVMIO;d:\program files\dell\reader 2.1\dvmio.sys [2010-5-4 18320]
    R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
    R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]
    R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-24 812448]
    R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-24 27040]
    R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2010-2-8 376688]
    R2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\dell\reader 2.1\DVMExportService.exe [2010-5-4 327680]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-9-1 13336]
    R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-9-1 60928]
    R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-9-2 59904]
    R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-9-6 51792]
    R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXpflt.sys [2009-12-4 230928]
    R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\TmPreflt.sys [2009-12-4 36368]
    R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
    R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-9-1 42672]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-9-2 113664]
    R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-9-1 134144]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-9-1 144576]
    R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-9-2 33832]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-9-2 168616]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-9-2 132480]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-9-2 235520]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-9-17 38224]
    R3 OA015Afx;Provides a software interface to control audio effects of OA015 camera.;c:\windows\system32\drivers\OA015Afx.sys [2010-9-2 134144]
    R3 OA015Vid;Creative Camera OA015 Function Driver;c:\windows\system32\drivers\OA015Vid.sys [2010-9-2 273568]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 r_server;Remote Administrator Service;c:\windows\system32\r_server.exe [2010-9-6 241664]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-9-8 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-9-8 8456]
    S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2009-2-23 652552]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-26 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-09-23 06:22:43 754 ----a-w- c:\windows\WORDPAD.INI
    2010-09-22 07:07:29 0 d-----w- c:\docume~1\pbourely\applic~1\Search Settings
    2010-09-22 07:07:27 0 d-----w- c:\docume~1\pbourely\applic~1\pdfforge
    2010-09-22 07:02:45 0 d-----w- c:\program files\Application Updater
    2010-09-22 07:02:43 0 d-----w- c:\program files\pdfforge Toolbar
    2010-09-22 07:02:10 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
    2010-09-22 07:02:09 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
    2010-09-22 07:02:09 0 d-----w- c:\program files\PDFCreator
    2010-09-17 08:49:44 5204 ----a-w- c:\windows\system32\tmp.reg
    2010-09-17 08:49:09 79360 ----a-w- c:\windows\system32\swxcacls.exe
    2010-09-17 08:49:09 75776 ----a-w- c:\windows\system32\WS2Fix.exe
    2010-09-17 08:49:09 51200 ----a-w- c:\windows\system32\dumphive.exe
    2010-09-17 08:49:09 289144 ----a-w- c:\windows\system32\VCCLSID.exe
    2010-09-17 08:49:09 135168 ----a-w- c:\windows\system32\swreg.exe
    2010-09-17 07:16:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-17 07:16:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-17 07:16:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-17 05:26:39 0 d-----w- c:\docume~1\pbourely\applic~1\stickies
    2010-09-17 05:26:37 592 ----a-w- c:\windows\uninstallstickies.bat
    2010-09-17 05:26:37 0 d-----w- c:\program files\stickies
    2010-09-17 05:15:28 0 d-----w- c:\program files\Defraggler
    2010-09-17 01:28:25 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2010-09-17 01:04:25 467928 ----a-w- c:\windows\system32\sqlite3.dll
    2010-09-17 00:45:15 0 d-----w- c:\program files\CCleaner
    2010-09-16 08:41:58 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-09-16 08:41:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-09-16 07:13:16 0 d-----w- c:\program files\common files\PC Tools
    2010-09-16 07:09:12 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
    2010-09-16 06:46:31 0 d-----w- c:\docume~1\pbourely\applic~1\Malwarebytes
    2010-09-16 06:46:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-09-16 04:31:57 0 d-----w- c:\docume~1\pbourely\applic~1\Realtime Soft
    2010-09-16 04:31:55 0 d-----w- c:\program files\common files\Realtime Soft
    2010-09-16 04:31:53 0 d-----w- c:\program files\UltraMon
    2010-09-16 04:31:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Realtime Soft
    2010-09-16 04:18:16 0 d-----w- C:\cygwin
    2010-09-16 04:01:33 0 d-----w- c:\program files\MMTaskbar
    2010-09-13 09:35:06 0 d-----w- c:\windows\system32\appmgmt
    2010-09-13 09:25:49 0 d-----w- c:\docume~1\pbourely\applic~1\eclipse_workspace
    2010-09-13 06:22:56 0 d-----w- c:\program files\TMbot
    2010-09-13 05:49:00 0 d-----w- c:\documents and settings\pbourely\RichClient
    2010-09-13 01:50:23 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2010-09-13 01:47:37 0 d-----r- c:\program files\Skype
    2010-09-13 01:46:57 0 d-----w- c:\program files\Xming
    2010-09-10 07:07:27 0 d-----w- C:\15.0-ebf16074
    2010-09-10 06:21:23 35602 ----a-w- c:\windows\vpd.properties
    2010-09-10 06:01:45 0 d--h--w- c:\windows\PIF
    2010-09-10 04:32:07 94208 -c--a-w- c:\windows\system32\dllcache\fpencode.dll
    2010-09-10 04:32:07 876653 -c--a-w- c:\windows\system32\dllcache\fp4awel.dll
    2010-09-10 02:23:45 0 d-----w- c:\documents and settings\pbourely\.p4scc
    2010-09-10 02:21:34 256 ---h--w- c:\windows\uedit32.cfg
    2010-09-10 02:17:29 4677 ----a-w- c:\windows\UEDIT32.INI
    2010-09-10 02:17:29 0 d-----w- c:\program files\ULTRAEDT
    2010-09-10 00:34:56 0 d-----w- c:\program files\Aqua Data Studio 4.7
    2010-09-10 00:19:28 0 d-----w- C:\j2sdk1.4.2_08
    2010-09-10 00:17:33 0 d-----w- C:\jdk1.6.0_07
    2010-09-09 23:48:48 0 d-----w- c:\windows\SQLTools9_KB970892_ENU
    2010-09-09 23:46:57 0 d-----w- c:\windows\SQL9_KB970892_ENU
    2010-09-09 07:45:05 0 d-----w- c:\program files\Gadwin Systems
    2010-09-09 04:49:23 0 d-----w- c:\docume~1\pbourely\applic~1\Capturino
    2010-09-09 00:35:55 0 d-----w- c:\documents and settings\pbourely\.datastudio
    2010-09-08 08:35:06 0 d-----w- c:\documents and settings\pbourely\.p4qt
    2010-09-08 08:33:04 0 d-----w- c:\program files\Perforce
    2010-09-08 08:13:20 0 d-----w- c:\temp\p4.install
    2010-09-08 08:05:15 0 d-----w- C:\temp
    2010-09-08 05:55:24 0 d-----w- c:\program files\MSDN
    2010-09-08 05:47:52 172 ----a-w- c:\windows\ODBC.INI
    2010-09-08 05:47:01 0 d-----w- c:\windows\system32\js
    2010-09-08 05:47:01 0 d-----w- c:\windows\system32\images
    2010-09-08 05:47:01 0 d-----w- c:\windows\system32\html
    2010-09-08 05:47:01 0 d-----w- c:\windows\system32\css
    2010-09-08 05:47:01 0 d-----w- c:\program files\Business Objects
    2010-09-08 05:42:48 0 d-----w- c:\program files\MSXML 6.0
    2010-09-08 05:40:55 0 d-----w- c:\program files\Microsoft SQL Server
    2010-09-08 05:40:28 0 d-----w- c:\program files\Microsoft Device Emulator
    2010-09-08 05:39:08 0 d-----w- c:\program files\Windows Mobile 5.0 SDK R2
    2010-09-08 05:38:22 0 d-----w- c:\program files\Microsoft Synchronization Services
    2010-09-08 05:32:29 0 d-----w- c:\docume~1\alluse~1\applic~1\PreEmptive Solutions
    2010-09-08 05:25:42 0 d-----w- c:\program files\HTML Help Workshop
    2010-09-08 05:25:42 0 d-----w- c:\program files\common files\Merge Modules
    2010-09-08 05:25:42 0 d-----w- c:\program files\CE Remote Tools
    2010-09-08 05:24:42 0 d-----w- c:\program files\Microsoft Web Designer Tools
    2010-09-08 04:56:46 945 ---ha-w- c:\windows\EPMBatch.ept
    2010-09-08 04:53:02 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
    2010-09-08 04:53:01 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
    2010-09-08 04:53:01 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
    2010-09-08 04:53:01 1774720 ----a-w- c:\windows\system32\BootMan.exe
    2010-09-08 04:53:01 13192 ----a-w- c:\windows\system32\epmntdrv.sys
    2010-09-08 04:52:53 0 d-----w- c:\program files\EASEUS
    2010-09-07 23:51:42 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
    2010-09-07 01:55:35 0 d-----w- c:\program files\Windows Media Connect 2
    2010-09-07 01:54:12 0 d-----w- c:\windows\system32\LogFiles
    2010-09-07 00:58:14 0 d-----w- c:\docume~1\pbourely\applic~1\Windows Search
    2010-09-07 00:57:18 0 d-sh--w- c:\documents and settings\pbourely\PrivacIE
    2010-09-06 09:17:56 0 d-----w- C:\email
    2010-09-06 08:30:44 274288 ----a-w- c:\windows\system32\mucltui.dll
    2010-09-06 08:30:44 215920 ----a-w- c:\windows\system32\muweb.dll
    2010-09-06 08:30:44 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
    2010-09-06 08:19:08 3249 ----a-w- c:\windows\system32\wbem\Outlook_01cb4d9c2dc89b9c.mof
    2010-09-06 08:17:20 0 d-----w- c:\docume~1\pbourely\applic~1\ICAClient
    2010-09-06 08:16:09 0 d-----w- c:\docume~1\pbourely\applic~1\Windows Desktop Search
    2010-09-06 08:16:09 0 d-----w- c:\docume~1\pbourely\applic~1\Wave Systems Corp
    2010-09-06 08:16:09 0 d-----w- c:\docume~1\pbourely\applic~1\Roxio Log Files
    2010-09-06 08:16:09 0 d-----w- c:\docume~1\pbourely\applic~1\Intel Corporation
    2010-09-06 08:16:09 0 d-----w- c:\docume~1\pbourely\applic~1\Broadcom
    2010-09-06 07:49:08 176235 ----a-w- c:\windows\system32\Primomonnt.dll
    2010-09-06 07:49:02 0 d-----w- c:\windows\PrimoPDF4
    2010-09-06 07:45:06 0 d-----w- c:\program files\Acro Software
    2010-09-06 07:09:30 15279 ----a-w- c:\windows\cfgall.ini
    2010-09-06 07:09:12 59472 ----a-w- c:\windows\system32\drivers\tmactmon.sys
    2010-09-06 07:09:12 51792 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
    2010-09-06 07:09:12 163408 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2010-09-06 07:09:10 0 d-----w- c:\windows\system32\log
    2010-09-06 07:08:37 0 d-----w- c:\program files\Trend Micro
    2010-09-06 07:08:36 21 ----a-w- C:\tmuninst.ini
    2010-09-06 06:54:23 0 d-----w- C:\MurexApp
    2010-09-06 06:51:37 0 d-----w- c:\program files\Enterprise Vault
    2010-09-06 06:50:47 0 d-----w- c:\program files\Murex Systems
    2010-09-06 06:45:29 241664 ----a-w- c:\windows\system32\r_server.exe
    2010-09-06 06:45:28 0 d-----w- c:\program files\Radmin
    2010-09-06 06:44:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Citrix
    2010-09-06 06:44:35 0 d-----w- c:\program files\Citrix
    2010-09-06 06:37:55 32656 ----a-w- c:\windows\system32\msonpmon.dll
    2010-09-06 06:33:25 0 d-----w- c:\program files\Microsoft Visual Studio 8
    2010-09-06 06:32:56 0 d-----w- c:\windows\SHELLNEW
    2010-09-06 06:26:35 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
    2010-09-06 06:26:35 0 d-----w- c:\program files\MagicDisc
    2010-09-06 06:24:48 0 d-----w- c:\program files\MagicISO
    2010-09-06 05:44:44 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2010-09-06 05:44:37 0 d-----w- c:\windows\ie8updates
    2010-09-06 05:44:33 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2010-09-06 05:44:33 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2010-09-06 05:44:33 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-09-06 05:44:33 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-09-06 05:44:33 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2010-09-06 05:44:33 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-09-06 05:44:33 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2010-09-06 05:44:15 0 dc-h--w- c:\windows\ie8
    2010-09-06 05:39:26 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2010-09-06 05:34:34 0 d-----w- c:\windows\system32\PreInstall
    2010-09-06 05:33:20 0 d-----w- c:\windows\SchCache
    2010-09-06 04:31:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-09-06 04:18:41 221184 ----a-w- c:\windows\system32\wmpns.dll
    2010-09-06 04:17:05 0 d-----w- c:\windows\system32\SoftwareDistribution
    2010-09-06 04:05:44 8192 ----a-w- c:\windows\REGLOCS.OLD
    2010-09-02 06:23:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_cvusbdrv_01005.Wdf
    2010-09-02 06:22:21 0 d-----w- c:\program files\CONEXANT
    2010-09-02 06:22:09 0 d-----w- c:\program files\IDT
    2010-09-02 06:21:57 0 d-----w- c:\program files\DellTPad
    2010-09-02 06:20:59 1026819 ----a-w- c:\windows\setupapi.log.1.old
    2010-09-02 02:17:46 5489 ---ha-r- C:\dell.sdr
    2010-09-02 02:15:59 435736 ----a-w- c:\windows\system32\drivers\iaStor.sys
    2010-09-02 02:14:52 0 d-----w- C:\Apps
    2010-09-02 02:12:48 96310 ----a-w- c:\windows\system32\DELLWALL.BMP
    2010-09-02 02:12:48 787356 ----a-w- c:\windows\system32\OEMBKGN1.BMP
    2010-09-02 02:12:48 30056 ----a-w- c:\windows\system32\OEMLOGO.bmp
    2010-09-02 02:12:48 1200 ----a-w- c:\windows\system32\OEMINFO.INI
    2010-09-01 11:17:13 61 ----a-w- c:\windows\smscfg.ini
    2010-09-01 11:17:07 333 ----a-w- c:\windows\system32\$ncsp$.inf
    2010-09-01 11:12:17 0 d-----w- c:\windows\RegisteredPackages
    2010-09-01 11:12:15 57656 ------w- c:\windows\system32\drivers\FilterPC.bmp
    2010-09-01 11:12:15 24995 ------w- c:\windows\system32\drivers\FilterPC.jpg
    2010-09-01 11:12:15 0 d-----w- c:\program files\Creative
    2010-09-01 11:12:12 144576 ----a-w- c:\windows\system32\drivers\CtClsFlt.sys
    2010-09-01 11:12:12 134144 ----a-w- c:\windows\system32\drivers\CtAudDrv.sys
    2010-09-01 11:12:12 0 d-----w- c:\program files\Dell Webcam
    2010-09-01 11:10:12 0 d-----w- c:\docume~1\alluse~1\applic~1\{BABCE4AB-AD57-4904-8E84-026E11C6632A}
    2010-09-01 11:08:50 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2010-09-01 11:08:48 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-09-01 11:07:58 0 d-----w- c:\program files\Microsoft
    2010-09-01 11:07:43 0 d-----w- c:\program files\Windows Live SkyDrive
    2010-09-01 11:06:19 0 d-----w- c:\program files\common files\Windows Live
    2010-09-01 11:06:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Uninstall
    2010-09-01 11:06:11 0 d-----w- c:\program files\common files\SureThing Shared
    2010-09-01 11:05:54 0 d-----w- c:\program files\common files\Sonic Shared
    2010-09-01 11:05:41 0 d-----w- c:\program files\Roxio
    2010-09-01 11:01:19 0 d-----w- c:\program files\Wave Systems Corp
    2010-09-01 11:01:12 0 d-----w- c:\windows\system32\Test
    2010-09-01 11:01:11 0 d-----w- c:\windows\Downloaded Installations
    2010-09-01 11:01:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Wave Systems Corp
    2010-09-01 11:00:54 0 d-----w- c:\program files\NTRU Cryptosystems
    2010-09-01 11:00:54 0 d-----w- c:\docume~1\alluse~1\applic~1\NTRU Cryptosystems
    2010-09-01 10:59:57 911400 ----a-w- c:\windows\system32\drivers\btkrnl.sys
    2010-09-01 10:59:53 0 d-----w- c:\program files\WIDCOMM
    2010-09-01 10:55:06 42672 ----a-w- c:\windows\system32\drivers\Accelern.sys
    2010-09-01 10:55:06 17072 ----a-w- c:\windows\system32\drivers\stdfltn.sys
    2010-09-01 10:55:06 0 d-----w- c:\program files\STMicroelectronics
    2010-09-01 10:51:41 319456 ----a-w- c:\windows\system32\difxapi.dll
    2010-09-01 10:51:20 0 d-----w- c:\program files\Digital Line Detect
    2010-09-01 10:51:16 0 d-----w- c:\program files\Netwaiting
    2010-09-01 10:50:43 0 d-----w- c:\program files\Modem Diagnostic Tool
    2010-09-01 10:48:34 206216 ----a-w- c:\windows\system32\bipbsp.dll
    2010-09-01 10:48:33 308624 ----a-w- c:\windows\system32\brcmbsp.dll
    2010-09-01 10:46:28 0 d-----w- c:\program files\Broadcom Corporation
    2010-09-01 10:46:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Broadcom
    2010-09-01 10:45:55 80368 ----a-w- c:\windows\system32\pbadrvdll.dll
    2010-09-01 10:45:55 26608 ----a-w- c:\windows\system32\drivers\PBADRV.sys
    2010-09-01 10:45:22 29184 -c----w- c:\windows\system32\dllcache\usbccid.sys
    2010-09-01 10:43:06 0 d-----w- c:\windows\system32\BioAPIFFDB
    2010-09-01 10:42:33 0 d-----w- c:\program files\Dell
    2010-09-01 10:42:28 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
    2010-09-01 10:42:28 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
    2010-09-01 10:42:28 465920 ------w- c:\windows\system32\imapi2fs.dll
    2010-09-01 10:42:28 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
    2010-09-01 10:42:28 317952 ------w- c:\windows\system32\imapi2.dll
    2010-09-01 10:42:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-01 10:42:06 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-01 10:39:13 0 d-----w- c:\windows\system32\DRM
    2010-09-01 10:38:24 0 d-----w- c:\program files\Windows Desktop Search
    2010-09-01 10:38:09 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
    2010-09-01 10:38:09 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
    2010-09-01 10:38:09 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
    2010-09-01 10:34:06 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
    2010-09-01 10:34:02 28672 -c----w- c:\windows\system32\dllcache\msvidc32.dll
    2010-09-01 10:34:02 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
    2010-09-01 10:33:03 474112 -c----w- c:\windows\system32\dllcache\shlwapi.dll
    2010-09-01 10:32:49 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2010-09-01 10:32:42 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
    2010-09-01 10:32:35 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
    2010-09-01 10:32:27 86016 -c----w- c:\windows\system32\dllcache\cabview.dll
    2010-09-01 10:32:01 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
    2010-09-01 10:32:01 265728 -c----w- c:\windows\system32\dllcache\http.sys
    2010-09-01 10:32:01 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
    2010-09-01 10:31:39 65536 -c----w- c:\windows\system32\dllcache\asycfilt.dll
    2010-09-01 10:31:25 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
    2010-09-01 10:31:23 0 d-----w- c:\program files\MSXML 4.0
    2010-09-01 10:31:01 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-09-01 10:30:51 0 d-----w- c:\windows\$968930Uinstall_KB968930$
    2010-09-01 10:30:49 0 d-----w- c:\windows\system32\winrm
    2010-09-01 10:30:49 0 d-----w- c:\windows\system32\GroupPolicy
    2010-09-01 10:30:41 285696 -c----w- c:\windows\system32\dllcache\atmfd.dll
    2010-09-01 10:30:34 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
    2010-09-01 10:30:34 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
    2010-09-01 10:30:22 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2010-09-01 10:30:08 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll
    2010-09-01 10:29:52 184320 -c----w- c:\windows\system32\dllcache\iepeers.dll
    2010-09-01 10:29:51 66560 -c--a-w- c:\windows\system32\dllcache\tdc.ocx
    2010-09-01 10:29:51 1025024 -c----w- c:\windows\system32\dllcache\browseui.dll
    2010-09-01 10:29:41 1435648 -c----w- c:\windows\system32\dllcache\query.dll

    ==================== Find3M ====================

    2010-09-22 09:20:41 24576 ----a-w- c:\windows\OA015Mon.exe
    2010-09-22 09:01:56 737280 ----a-w- c:\windows\system32\AESTFltr.exe
    2010-09-02 06:22:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01009.Wdf
    2010-09-02 06:22:04 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    2010-09-02 02:15:24 5489 ----a-w- c:\windows\system32\drivers\1028_Dell_LAT_E6410.mrk
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-07-19 08:31:56 1556480 ----a-w- c:\windows\system32\wvauth.dll
    2010-07-19 08:31:46 823296 ----a-w- c:\windows\system32\waveGina.dll
    2010-07-19 08:24:10 622592 ----a-w- c:\windows\system32\AmRes_de.dll
    2010-07-19 08:24:10 593920 ----a-w- c:\windows\system32\AmRes_en.dll
    2010-07-19 08:24:08 618496 ----a-w- c:\windows\system32\AmRes_fr.dll
    2010-07-19 08:24:08 618496 ----a-w- c:\windows\system32\AmRes_es.dll
    2010-07-19 08:24:08 614400 ----a-w- c:\windows\system32\AmRes_it.dll
    2010-07-19 08:24:04 602112 ----a-w- c:\windows\system32\AmRes_pt-BR.dll
    2010-07-19 08:24:04 598016 ----a-w- c:\windows\system32\AmRes_ja.dll
    2010-07-19 08:24:04 581632 ----a-w- c:\windows\system32\AmRes_ko.dll
    2010-07-19 08:24:02 647168 ----a-w- c:\windows\system32\AmRes_ru.dll
    2010-07-19 08:24:00 552960 ----a-w- c:\windows\system32\AmRes_zh-CHT.dll
    2010-07-19 08:24:00 552960 ----a-w- c:\windows\system32\AmRes_zh-CHS.dll
    2010-07-19 08:23:14 593920 ----a-w- c:\windows\system32\AmRes_da.dll
    2010-07-19 08:23:12 618496 ----a-w- c:\windows\system32\AmRes_nl.dll
    2010-07-19 08:23:12 589824 ----a-w- c:\windows\system32\AmRes_no.dll
    2010-07-19 08:23:10 606208 ----a-w- c:\windows\system32\AmRes_pl.dll
    2010-07-19 08:23:10 593920 ----a-w- c:\windows\system32\AmRes_sv.dll
    2010-07-19 08:22:52 589824 ----a-w- c:\windows\system32\AmRes_ar.dll
    2010-07-19 08:22:50 606208 ----a-w- c:\windows\system32\AmRes_cs.dll
    2010-07-19 08:22:48 618496 ----a-w- c:\windows\system32\AmRes_el.dll
    2010-07-19 08:22:46 598016 ----a-w- c:\windows\system32\AmRes_fi.dll
    2010-07-19 08:22:44 581632 ----a-w- c:\windows\system32\AmRes_he.dll
    2010-07-19 08:22:42 610304 ----a-w- c:\windows\system32\AmRes_hu.dll
    2010-07-19 08:22:40 610304 ----a-w- c:\windows\system32\AmRes_pt-PT.dll
    2010-07-19 08:22:38 614400 ----a-w- c:\windows\system32\AmRes_ro.dll
    2010-07-19 08:22:34 602112 ----a-w- c:\windows\system32\AmRes_tr.dll
    2010-07-19 08:22:26 552960 ----a-w- c:\windows\system32\AmRes_zh-HK.dll
    2010-07-19 08:22:24 585728 ----a-w- c:\windows\system32\AmRes_th.dll
    2010-07-19 08:21:48 593920 ----a-w- c:\windows\system32\AmRes_sl.dll
    2010-07-19 08:21:46 598016 ----a-w- c:\windows\system32\AmRes_hr.dll
    2010-07-19 07:51:52 360448 ----a-w- c:\windows\system32\OEM_Resources.dll
    2010-07-19 07:47:40 598016 ----a-w- c:\windows\system32\AmRes_sk.dll
    2010-07-09 19:43:04 65536 ----a-w- c:\windows\system32\wltrynt.dll
    2010-07-09 19:43:04 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
    2010-07-09 19:43:04 2670592 ----a-w- c:\windows\system32\WLTRAY.EXE
    2010-07-09 19:43:04 2670592 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL
    2010-07-09 19:43:04 25088 ----a-w- c:\windows\system32\WLTRYSVC.EXE
    2010-07-09 19:43:04 143360 ----a-w- c:\windows\system32\preflib.dll
    2010-07-09 19:43:00 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll
    2010-07-09 19:43:00 311296 ----a-w- c:\windows\system32\bcmwlu00.exe
    2010-07-09 19:43:00 2404352 ----a-w- c:\windows\system32\BCMWLTRY.EXE
    2010-07-09 19:42:52 835584 ----a-w- c:\windows\system32\BCMLogon.dll
    2010-07-09 19:42:52 757760 ----a-w- c:\windows\system32\bcm1xsup.dll
    2010-07-09 19:42:52 155648 ----a-w- c:\windows\system32\bcmwlapi.dll
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

    ============= FINISH: 16:29:02.92 ===============

    just to add that sometimes I am redirected to the web page http://67.201.62.122/nolink.htm
    and there is white page with "Sorry this link is not longer available"

    Thank you

    Hello,

    I did scan online with bitdefender and it found
    Trojan.Heur.TP.Fm0@bmXFnhb in winlogon.exe
    and
    Trojan.Heur.TP.@qo@b5B5ord in explorer.exe

    Thank you for your help
    Last edited by Blade81; 2010-09-24 at 06:53. Reason: Posts merged. Helpers look for topics with 0 replies
  2. 2010-09-26, 11:54 #2
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully first.


    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  3. 2010-09-26, 18:03 #3
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Member sent email, this topic can be closed.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules