View Full Version : Possible infection with multipal worms/virus
I am not sure but i think i have more then 1 virus or worm, computer is acting strange and in spybot startup tool the descriptions say BHARAT.A WORM,PAHATIA.A WORM, Fake Alert Trojan, qttask.exe, and SDBOT WORM,
Any help would be greatly appreciated Thanks.
here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:00 PM, on 5/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
c:\program files\clearwire\connection manager\Location Finder\mylocal.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Clearwire Connection Manager] "C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe" -a
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Clearwire RcAppSvc (CLEARWIRERcAppSvc) - SmithMicro Inc. - C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Clearwire Device Launch Service (SMSI Device Launch Service) - Unknown owner - C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 6947 bytes
Hi jamper
Please post spybot report next :)
Thanks for looking at this for me. This is the last report.
--- Report generated: 2010-05-09 03:39 ---
Huntbar.Stoolbar: [SBI $630BA1F3] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-166070640-231741892-2153587266-1006\Software\Search Toolbar
Common Dialogs: History (9 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log
Log: Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log
Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\mofcomp.log
Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log
Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_
Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\bin.clearspring.com\clearspring.sol
Properties.size=61
Properties.md5=4F47613A869DBE30328E8292128D6E06
Properties.filedate=1273359344
Properties.filedatetext=2010-05-08 15:55:43
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\cdn-i.dmdentertainment.com\com.conviva.livePass.sol
Properties.size=123
Properties.md5=E9CFFE9EFD1257E77D9DA9C8A2B43C69
Properties.filedate=1273342314
Properties.filedatetext=2010-05-08 11:11:53
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\cdn.gigya.com\cache.sol
Properties.size=1248
Properties.md5=AF41046ADAFFBBB103327AB2F636DD9C
Properties.filedate=1273275658
Properties.filedatetext=2010-05-07 16:40:58
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\cdn.gigya.com\soreg.sol
Properties.size=61
Properties.md5=C6423C25A8929A82DC6AF32E2919E462
Properties.filedate=1273287919
Properties.filedatetext=2010-05-07 20:05:19
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\cdn.gigya.com\wfas3cfg_1273287684000_2t3.sol
Properties.size=212
Properties.md5=9C736159AAFF31D5E6D38B4B54A0E592
Properties.filedate=1273287688
Properties.filedatetext=2010-05-07 20:01:27
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\cdn.gigya.com\wfas3cfg_1273287684000_3t2.sol
Properties.size=2574
Properties.md5=3753A82E66AC7B6C88D8DF6338774869
Properties.filedate=1273287685
Properties.filedatetext=2010-05-07 20:01:25
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\cdn.gigya.com\wfas3cfg_1273287684000_ka.sol
Properties.size=69
Properties.md5=EC35DC322F535F7C3E7DF78C00DC1A1C
Properties.filedate=1273287920
Properties.filedatetext=2010-05-07 20:05:20
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\cdn.visiblemeasures.com\com.quantserve.sol
Properties.size=73
Properties.md5=7ECE2F59C5BF0DACF53AA57FAD92EE08
Properties.filedate=1273278346
Properties.filedatetext=2010-05-07 17:25:45
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\cdn.visiblemeasures.com\configData.sol
Properties.size=349
Properties.md5=432420C8533B1BCD140D7BB72D77D7BF
Properties.filedate=1273359974
Properties.filedatetext=2010-05-08 16:06:13
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\cdn.visiblemeasures.com\sessionData.sol
Properties.size=137
Properties.md5=E787140975A53280384BDD8F46B713DE
Properties.filedate=1273361338
Properties.filedatetext=2010-05-08 16:28:58
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\cdn.visiblemeasures.com\userData.sol
Properties.size=97
Properties.md5=72C27EB33AAE93DE8E8C1E1DB081764B
Properties.filedate=1273311206
Properties.filedatetext=2010-05-08 02:33:25
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\cdn.widgetserver.com\com.quantserve.sol
Properties.size=72
Properties.md5=CB72518E408A57AB347469108C4A5033
Properties.filedate=1273288870
Properties.filedatetext=2010-05-07 20:21:09
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\core.mochibot.com\com.mochibot.sol
Properties.size=105
Properties.md5=5D6A13863282161218153278331F6465
Properties.filedate=1273226354
Properties.filedatetext=2010-05-07 02:59:14
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\flash.quantserve.com\com.quantserve.sol
Properties.size=72
Properties.md5=363A67034C8A824475132B2321B8B8C7
Properties.filedate=1273268095
Properties.filedatetext=2010-05-07 14:34:55
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\i.adultswim.com\s_br.sol
Properties.size=35
Properties.md5=760FCA2DC2B18E30543493B04290322A
Properties.filedate=1273278269
Properties.filedatetext=2010-05-07 17:24:28
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\i.adultswim.com\VideoPreferences.sol
Properties.size=119
Properties.md5=25DA9BAD3C98BA28AC3DB05887D62360
Properties.filedate=1273278260
Properties.filedatetext=2010-05-07 17:24:20
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\ia.media-imdb.com\IMDBTEST.sol
Properties.size=62
Properties.md5=56332522EF83FB58B6227F5772AB2C78
Properties.filedate=1273365442
Properties.filedatetext=2010-05-08 17:37:22
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\inplay.tubemogul.com\StreamMinerInfo.sol
Properties.size=70
Properties.md5=EBAE8E3CC9AC948D9A9961804BB994B9
Properties.filedate=1273311154
Properties.filedatetext=2010-05-08 02:32:33
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\media.mtvnservices.com\com.quantserve.sol
Properties.size=73
Properties.md5=8AD4F3E560FBFD926EEB6E0D631CCA5B
Properties.filedate=1273229401
Properties.filedatetext=2010-05-07 03:50:01
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\media.mtvnservices.com\OVPMetricsProvider.sol
Properties.size=64
Properties.md5=2E490FBBF3F67DF3FDAFDF7C301FDDE0
Properties.filedate=1273316844
Properties.filedatetext=2010-05-08 04:07:23
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\media1.break.com\break.sol
Properties.size=71
Properties.md5=A518F9051F62D81C9475CDABC80A9D06
Properties.filedate=1273274851
Properties.filedatetext=2010-05-07 16:27:31
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\media1.break.com\com.conviva.livePass.sol
Properties.size=123
Properties.md5=A32B668936EB5FC44F21B93723BB4FAA
Properties.filedate=1273283590
Properties.filedatetext=2010-05-07 18:53:09
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\mochiads.com\mochiLCStatus.sol
Properties.size=127
Properties.md5=AAEC045C30989495F4DCB53F8C6250CA
Properties.filedate=1273226357
Properties.filedatetext=2010-05-07 02:59:16
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\mochiads.com\__ms_1273226350296_88024.sol
Properties.size=61
Properties.md5=30398EC1FE82753BEA4DEFE65A5AA997
Properties.filedate=1273226359
Properties.filedatetext=2010-05-07 02:59:18
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\mochiads.com\__ms_1273226350296_88024_fromgame.sol
Properties.size=70
Properties.md5=43FD2A32D604B44D5D1E52AF357D0B63
Properties.filedate=1273226358
Properties.filedatetext=2010-05-07 02:59:17
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\pfiles.5min.com\analytics.sol
Properties.size=450
Properties.md5=C312D7860195B7D72EEC1FE1678F45E6
Properties.filedate=1273288869
Properties.filedatetext=2010-05-07 20:21:09
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\player.cdn.targetspot.com\com.quantserve.sol
Properties.size=72
Properties.md5=CB72518E408A57AB347469108C4A5033
Properties.filedate=1273268096
Properties.filedatetext=2010-05-07 14:34:55
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\player.cdn.targetspot.com\ts_CBSRadio.sol
Properties.size=51
Properties.md5=2A4FE417CED3BC7E3D57B6A5F81C280D
Properties.filedate=1273234027
Properties.filedatetext=2010-05-07 05:07:07
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\player.play.it\s_br.sol
Properties.size=41
Properties.md5=03C74ED0C59AF8F19DD2CB8FFDF0DB98
Properties.filedate=1273294524
Properties.filedatetext=2010-05-07 21:55:23
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\public0.ordienetworks.com\analytics.sol
Properties.size=493
Properties.md5=11984CF3BF39260A321B114F634BD35A
Properties.filedate=1273283519
Properties.filedatetext=2010-05-07 18:51:59
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\public0.ordienetworks.com\com.ordienetworks.sol
Properties.size=49
Properties.md5=5D61EF9AC38D3EC3F27AD368C7AA44EE
Properties.filedate=1273283338
Properties.filedatetext=2010-05-07 18:48:58
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\redir.adap.tv\adap.tv.sol
Properties.size=53
Properties.md5=208567A0D100A66A6E94E3F7A5CBCA9E
Properties.filedate=1273342314
Properties.filedatetext=2010-05-08 11:11:53
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\s.ytimg.com\soundData.sol
Properties.size=49
Properties.md5=F2945B8419B125F71FC8FD7CDDB59948
Properties.filedate=1273365329
Properties.filedatetext=2010-05-08 17:35:29
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\s.ytimg.com\videostats.sol
Properties.size=199
Properties.md5=A858328F2CBC4F253540E81D1519E706
Properties.filedate=1273381932
Properties.filedatetext=2010-05-08 22:12:12
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\secure-us.imrworldwide.com\_ggCvar.sol
Properties.size=74
Properties.md5=87852C6BFA61DF8CDBF43128263F54DB
Properties.filedate=1273229377
Properties.filedatetext=2010-05-07 03:49:37
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\secure-us.imrworldwide.com\_ggCvar_temp.sol
Properties.size=79
Properties.md5=D1E18FEBD41137ED1F925EA5E857941B
Properties.filedate=1273229377
Properties.filedatetext=2010-05-07 03:49:37
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\secure-us.imrworldwide.com\_ggMCvar_1.sol
Properties.size=74
Properties.md5=811FFC7218CC47232F1828AB6790992D
Properties.filedate=1273316810
Properties.filedatetext=2010-05-08 04:06:49
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\tap-cdn.rubiconproject.com\anon_user.sol
Properties.size=56
Properties.md5=F68C89BB4B86BD1DB8EFE9C93D8AE150
Properties.filedate=1273280745
Properties.filedatetext=2010-05-07 18:05:44
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\udn.specificclick.net\fug.sol
Properties.size=33
Properties.md5=E7B0D4B4CDD1420BACDDC9C15B48B39A
Properties.filedate=1273278268
Properties.filedatetext=2010-05-07 17:24:27
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\vizu.com\acUserData.sol
Properties.size=305
Properties.md5=F593B7166335FE2CCB3DFBA1BC270CBA
Properties.filedate=1273360472
Properties.filedatetext=2010-05-08 16:14:31
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\www.dailymotion.com\analytics.sol
Properties.size=465
Properties.md5=AAABE7BD263EA01BF3DC47BC1E17E584
Properties.filedate=1273311206
Properties.filedatetext=2010-05-08 02:33:25
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\www.leenks.com\com.jeroenwijerin.players.sol
Properties.size=65
Properties.md5=8E236827DADDAA37F2AD3A168962FF93
Properties.filedate=1273289881
Properties.filedatetext=2010-05-07 20:38:00
Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\cdn4.specificclick.net\img\gu.sol
Properties.size=132
Properties.md5=96F78CDB0FAC180D0C55B78747CFD228
Properties.filedate=1273377110
Properties.filedatetext=2010-05-08 20:51:50
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\cdn.static.viddler.com\flash\player732.swf\undefined.sol
Properties.size=213
Properties.md5=EF440C0B6BE3484AF17517E0352B3B2B
Properties.filedate=1273283303
Properties.filedatetext=2010-05-07 18:48:23
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\media.mtvnservices.com\player\gui\ffGUILogging.sol
Properties.size=52
Properties.md5=92ABF1051C6BC12E0631B0456FD4DC84
Properties.filedate=1273230778
Properties.filedatetext=2010-05-07 04:12:57
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\media.mtvnservices.com\player\gui\fps.sol
Properties.size=34
Properties.md5=1F62FD0F589C1C796860C861283B93C3
Properties.filedate=1273230778
Properties.filedatetext=2010-05-07 04:12:57
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\media.mtvnservices.com\player\loader\loaderLogging.sol
Properties.size=54
Properties.md5=B2389C69BFDFE9B91C3F86FF2EA9B2F3
Properties.filedate=1273230778
Properties.filedatetext=2010-05-07 04:12:57
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\media.mtvnservices.com\player\release\MetadataHistory.sol
Properties.size=4040
Properties.md5=5C9D6AF10C964F133A1ABB9B105C7ECC
Properties.filedate=1273316844
Properties.filedatetext=2010-05-08 04:07:23
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\media.mtvnservices.com\player\release\playerCounter.sol
Properties.size=261
Properties.md5=9F6F0CDE3161250D804EEF777A74EC4F
Properties.filedate=1273316806
Properties.filedatetext=2010-05-08 04:06:45
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\media.mtvnservices.com\player\release\skytide.sol
Properties.size=77
Properties.md5=64992D6FA09161371F94AAEE3D27E3A8
Properties.filedate=1273229395
Properties.filedatetext=2010-05-07 03:49:55
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\media.mtvnservices.com\player\release\userPrefs4.sol
Properties.size=312
Properties.md5=BB9EA2C2651F0FC8858332599910275F
Properties.filedate=1273316844
Properties.filedatetext=2010-05-08 04:07:23
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\player.play.it\player\AOL_Player_5_0_32.swf\R20PLAYER.sol
Properties.size=23999
Properties.md5=E49EA7D050CE2B9150493449F2C3E1C1
Properties.filedate=1273334478
Properties.filedatetext=2010-05-08 09:01:18
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\player.play.it\player\AOL_Player_5_0_32.swf\R20RELAY.sol
Properties.size=283
Properties.md5=CFB400D15DD5BBBB4B898C33F80CB9F1
Properties.filedate=1273334478
Properties.filedatetext=2010-05-08 09:01:18
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\player.play.it\player\CBS_Player_5_0_32.swf\R20PLAYER.sol
Properties.size=25899
Properties.md5=52983BDBD9F260D093D90A3DBE806FBE
Properties.filedate=1273266439
Properties.filedatetext=2010-05-07 14:07:18
Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, nothing done)
C:\Documents and Settings\Dell\Application Data\Macromedia\Flash Player\#SharedObjects\CXRBW4DH\player.play.it\player\CBS_Player_5_0_32.swf\R20RELAY.sol
Properties.size=216
Properties.md5=7DDCA1DBFD62469D64FB1D0C1B8A8A8C
Properties.filedate=1273258934
Properties.filedatetext=2010-05-07 12:02:14
MS Media Player: [SBI $E48560B4] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-166070640-231741892-2153587266-1006\Software\Microsoft\MediaPlayer\Player\RecentFileList
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-166070640-231741892-2153587266-1006\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-166070640-231741892-2153587266-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $9E8D5C8A] Open with list - .CDA extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-166070640-231741892-2153587266-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList
Windows Explorer: [SBI $AA0766B5] Stream history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-166070640-231741892-2153587266-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (7 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-166070640-231741892-2153587266-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (90 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-166070640-231741892-2153587266-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $B7EBA926] Last visited history (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-166070640-231741892-2153587266-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-166070640-231741892-2153587266-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-166070640-231741892-2153587266-1006\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-166070640-231741892-2153587266-1006\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-166070640-231741892-2153587266-1006\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Cookie: [SBI $49804B54] Cookie (1) (Cookie, nothing done)
Cache: [SBI $49804B54] Cache (9) (Cache, nothing done)
History: [SBI $49804B54] History (10) (History, nothing done)
Cookie: [SBI $49804B54] Cookie (341) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-07-29 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-02-17 Includes\Adware.sbi (*)
2010-05-04 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-05-04 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-05-04 Includes\HijackersC.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-05-04 Includes\KeyloggersC.sbi (*)
2010-05-05 Includes\Malware.sbi (*)
2010-05-05 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2010-04-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-05-04 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-03-02 Includes\Spyware.sbi (*)
2010-05-04 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti (*)
2010-04-27 Includes\Trojans.sbi (*)
2010-05-04 Includes\TrojansC-02.sbi (*)
2010-05-04 Includes\TrojansC-03.sbi (*)
2010-05-04 Includes\TrojansC-04.sbi (*)
2010-05-04 Includes\TrojansC-05.sbi (*)
2010-05-04 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Not sure what report you needed so this one is the system startup:
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-07-29 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-02-17 Includes\Adware.sbi
2010-05-04 Includes\AdwareC.sbi
2010-01-25 Includes\Cookies.sbi
2009-11-03 Includes\Dialer.sbi
2010-05-04 Includes\DialerC.sbi
2010-01-25 Includes\HeavyDuty.sbi
2009-05-26 Includes\Hijackers.sbi
2010-05-04 Includes\HijackersC.sbi
2010-01-20 Includes\Keyloggers.sbi
2010-05-04 Includes\KeyloggersC.sbi
2010-05-05 Includes\Malware.sbi
2010-05-05 Includes\MalwareC.sbi
2009-03-25 Includes\PUPS.sbi
2010-04-13 Includes\PUPSC.sbi
2010-01-25 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2010-05-04 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2010-03-02 Includes\Spyware.sbi
2010-05-04 Includes\SpywareC.sbi
2010-03-08 Includes\Tracks.uti
2010-04-27 Includes\Trojans.sbi
2010-05-04 Includes\TrojansC-02.sbi
2010-05-04 Includes\TrojansC-03.sbi
2010-05-04 Includes\TrojansC-04.sbi
2010-05-04 Includes\TrojansC-05.sbi
2010-05-04 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 952768
MD5: DB1DB28467111A24664933AB8908CBCE
Located: HK_LM:Run, Apoint
command: C:\Program Files\Apoint\Apoint.exe
file: C:\Program Files\Apoint\Apoint.exe
size: 155648
MD5: A0B4823C28AD825728550796042C68A4
Located: HK_LM:Run, Clearwire Connection Manager
command: "C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe" -a
file: C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe
size: 54608
MD5: DF554CC0A0D217368B7AA94002838444
Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 155648
MD5: DFCBA58A26C6540CB398418A050FFFC3
Located: HK_LM:Run, ISUSPM Startup
command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
size: 221184
MD5: FB9E5C251CF6C37749F296BACB34A69B
Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 763DAB43BDAB27316DBF3373192823D7
Located: HK_LM:Run, PCMService
command: "C:\Program Files\Dell\Media Experience\PCMService.exe"
file: C:\Program Files\Dell\Media Experience\PCMService.exe
size: 290816
MD5: E02C0E78E5CFB01BF9D1866DBA18B456
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files\Common Files\Java\Java Update\jusched.exe
size: 248040
MD5: 52DB6CDAC5BC7A1FC884E97C41C91213
Located: HK_LM:Run, Adobe Reader Speed Launcher (DISABLED)
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 36272
MD5: F91F52F4EA5D88DAB6245682A16F3A72
Located: HK_LM:Run, Dell QuickSet (DISABLED)
command: C:\Program Files\Dell\QuickSet\quickset.exe
file: C:\Program Files\Dell\QuickSet\quickset.exe
size: 606208
MD5: C67C916B6B43B4B092ADEAF7ADF285BF
Located: HK_LM:Run, DivXUpdate (DISABLED)
command: "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
file: C:\Program Files\DivX\DivX Update\DivXUpdate.exe
size: 1135912
MD5: 58CD0490E2341844237532874DCC34B4
Located: HK_LM:Run, DVDLauncher (DISABLED)
command: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
file: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 53248
MD5: B3E3C57FD22E71CE20389372D972C6DC
Located: HK_LM:Run, HotKeysCmds (DISABLED)
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 126976
MD5: E278BA143188E6029555D70F291DDB6B
Located: HK_LM:Run, IntelWireless (DISABLED)
command: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
file: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
size: 385024
MD5: C2DCBCE29ECB74F8BFE89BFF149A4D97
Located: HK_LM:Run, mmtask (DISABLED)
command: C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
file: C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
size: 53248
MD5: DDDED6213D8E8CB91A9BF3107114B335
Located: HK_LM:Run, NBAgent (DISABLED)
command: "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
file: C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Windows Defender (DISABLED)
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-166070640-231741892-2153587266-1006...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, InstallIQUpdater
where: S-1-5-21-166070640-231741892-2153587266-1006...
command: "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
file: C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
size: 982528
MD5: 7B891E43D440945B88452583F450342F
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-166070640-231741892-2153587266-1006...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: S-1-5-21-166070640-231741892-2153587266-1006...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, Memory (DISABLED)
where: S-1-5-21-166070640-231741892-2153587266-1006...
command: C:\Program Files\Memory ++\Memory ++
file: C:\Program Files\Memory ++\Memory ++
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (common), Digital Line Detect.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Digital Line Detect\DLG.exe
file: C:\Program Files\Digital Line Detect\DLG.exe
size: 24576
MD5: B66E56733E2CD6A10FDA5919625FBF46
Located: Startup (common), Microsoft Office.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A
Located: Startup (common), Windows Search.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
file: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
size: 123904
MD5: B5C9F63C01FCFEC3F64EC6A0940A1825
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, IntelWireless
command: C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
file: C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
size: 110592
MD5: E0305040E70BE2AE657987CE0D7D14DF
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
So there is only one real threat, first one.
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
Hi Shaba, thanks for helping me here is the reports:
Kaspersky:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, May 11, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, May 11, 2010 03:23:26
Records in database: 4093337
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: no
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 61186
Threats found: 1
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 02:16:47
File name / Threat / Threats count
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-67c5acb0 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\15\310e48cf-68357989 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-277351bb Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-2cf1b0ce Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\52\e649f74-5e50da35 Infected: Exploit.Java.Agent.f 1
Selected area has been scanned.
And here is the HJT report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:58 AM, on 5/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
c:\program files\clearwire\connection manager\Location Finder\mylocal.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://Bing.zugo.com/?cfg=2-71-0-13GZu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Clearwire Connection Manager] "C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe" -a
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Clearwire RcAppSvc (CLEARWIRERcAppSvc) - SmithMicro Inc. - C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Clearwire Device Launch Service (SMSI Device Launch Service) - Unknown owner - C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 7291 bytes
I don't know what happened but i ran the scan again and this is what came up:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, May 11, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, May 11, 2010 03:23:26
Records in database: 4093337
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: no
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 61130
Threats found: 2
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 01:27:07
File name / Threat / Threats count
explorer.exe\AnewCM.dll/explorer.exe\AnewCM.dll Infected: Backdoor.Win32.Hupigon.bkkv 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-67c5acb0 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\15\310e48cf-68357989 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-277351bb Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-2cf1b0ce Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\52\e649f74-5e50da35 Infected: Exploit.Java.Agent.f 1
Selected area has been scanned.
i think it was because Kaspersky said i needed to disable Norton and i forgot to turn it back on. anyway here is The new HJT log.
Thank You.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:14 AM, on 5/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
c:\program files\clearwire\connection manager\Location Finder\mylocal.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://Bing.zugo.com/?cfg=2-71-0-13GZu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Clearwire Connection Manager] "C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe" -a
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Clearwire RcAppSvc (CLEARWIRERcAppSvc) - SmithMicro Inc. - C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Clearwire Device Launch Service (SMSI Device Launch Service) - Unknown owner - C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 7258 bytes
Please do a search for AnewCM.dll and post back location(s).
OK, I did the search and even checked in hidden files and folders and nothing showed up.
If anewdm.dll is part of the anewsoft program i actually uninstalled the program today.
I see.
Please then rescan with Kaspersky and post back fresh kaspersky log.
OK here is both just in case 1 Kaspersky 2 HJC
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, May 11, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, May 11, 2010 03:23:26
Records in database: 4093337
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: no
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 61130
Threats found: 2
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 01:27:07
File name / Threat / Threats count
explorer.exe\AnewCM.dll/explorer.exe\AnewCM.dll Infected: Backdoor.Win32.Hupigon.bkkv 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-67c5acb0 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\15\310e48cf-68357989 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-277351bb Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-2cf1b0ce Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\52\e649f74-5e50da35 Infected: Exploit.Java.Agent.f 1
Selected area has been scanned.
_________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:40 PM, on 5/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
c:\program files\clearwire\connection manager\Location Finder\mylocal.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://Bing.zugo.com/?cfg=2-71-0-13GZu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Clearwire Connection Manager] "C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe" -a
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Clearwire RcAppSvc (CLEARWIRERcAppSvc) - SmithMicro Inc. - C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Clearwire Device Launch Service (SMSI Device Launch Service) - Unknown owner - C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 7409 bytes
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
You will now be presented with a screen similar to the one below:
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player 11
ALPS Touch Pad Driver
AOLIcon
Ashampoo Movie Shrink & Burn 3 3.03
Avi2Dvd 0.4.0 beta
AviSynth 2.5
Broadcom Management Programs 2
CLEAR Connection Manager
Conexant D110 MDC V.9x Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
DellSupport
Digital Line Detect
DivX Setup
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB960043)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB979306)
ImgBurn
InstallIQ Updater
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 19
Joboshare AVI to DVD Converter
K-Lite Codec Pack 5.8.3 (Full)
Learn2 Player (Uninstall Only)
Loki ActiveX Control
Macromedia Flash Player
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Primary Interoperability Assemblies 2005
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Miro
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.6.3)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mToolkit
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mXML
mZConfig
NetWaiting
Norton AntiVirus
PowerDVD 5.5
QuickSet
QuickTime
Real Alternative 1.9.0
RunAlyzer
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Sonne Video Converter 11.2.0.2010
Spybot - Search & Destroy
TBS WMP Plug-in
The Extractor
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
VLC media player 1.1.0-pre3
WebCyberCoach 3.2 Dell
Windows Defender
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
ComboFix 10-05-16.01 - Dell 05/16/2010 22:53:26.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.383 [GMT -7:00]
Running from: c:\documents and settings\Dell\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Dell\Application Data\EurekaLog
c:\documents and settings\Dell\Application Data\inst.exe
c:\documents and settings\Dell\Local Settings\Temporary Internet Files\_tm22.tmp
c:\documents and settings\Dell\Local Settings\Temporary Internet Files\_tm2EB.tmp
c:\documents and settings\Dell\Local Settings\Temporary Internet Files\_tm40B.tmp
c:\documents and settings\Dell\Local Settings\Temporary Internet Files\_tm4A8.tmp
c:\documents and settings\Dell\Local Settings\Temporary Internet Files\_tm4B6.tmp
c:\documents and settings\Dell\Local Settings\Temporary Internet Files\_tm7D.tmp
c:\documents and settings\Dell\Local Settings\Temporary Internet Files\_tmA.tmp
c:\documents and settings\Dell\Local Settings\Temporary Internet Files\stb06759.tmp
C:\install.exe
c:\program files\Search Toolbar
c:\program files\Search Toolbar\SearchToolbar.dll
c:\windows\system32\system
c:\windows\system32\system\msvcr80.dll
c:\windows\system32\system\msvcr80d.dll
.
((((((((((((((((((((((((( Files Created from 2010-04-17 to 2010-05-17 )))))))))))))))))))))))))))))))
.
2010-05-17 03:11 . 2010-05-17 03:11 -------- d-----w- c:\windows\LastGood
2010-05-17 00:07 . 2010-05-17 00:07 -------- d-----w- c:\program files\W3i
2010-05-15 03:33 . 2010-05-15 03:33 -------- d-----w- c:\program files\Joboshare
2010-05-15 00:10 . 2010-05-15 00:10 -------- d-----w- c:\program files\AviSynth 2.5
2010-05-15 00:09 . 2010-05-15 01:18 -------- d-----w- c:\program files\Avi2Dvd
2010-05-14 06:13 . 2010-05-14 06:13 -------- d-----w- c:\documents and settings\Dell\Application Data\AVS4YOU
2010-05-14 06:11 . 2010-05-15 00:08 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-05-14 06:10 . 2010-05-15 00:08 -------- d-----w- c:\program files\AVS4YOU
2010-05-14 06:10 . 2010-05-14 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-05-14 06:10 . 2008-08-13 18:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-13 02:05 . 2010-05-13 02:14 -------- d-----w- C:\9d7e71432518b0ecc414879b92bd
2010-05-13 01:06 . 2008-04-14 02:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-05-13 01:06 . 2008-04-14 02:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-05-13 01:05 . 2008-04-13 20:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-05-13 01:05 . 2008-04-13 20:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-05-09 07:02 . 2010-05-09 07:02 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Real
2010-05-09 07:00 . 2010-05-09 08:08 -------- d-----w- c:\program files\Sonne Video Converter
2010-05-09 06:57 . 2010-05-09 06:57 737280 ----a-w- c:\windows\iun6002.exe
2010-05-09 06:57 . 2010-05-09 06:57 -------- d-----w- c:\program files\The Extractor
2010-05-09 06:54 . 2010-05-09 06:54 -------- d-----w- c:\documents and settings\Dell\Application Data\DriverCure
2010-05-09 06:54 . 2010-05-09 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-05-09 06:54 . 2010-05-09 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-05-08 22:40 . 2010-05-09 00:11 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Ashampoo Movie Shrink & Burn 3
2010-05-08 22:37 . 2010-05-08 22:37 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\ashampoo
2010-05-08 22:37 . 2010-05-08 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2010-05-08 22:37 . 2010-05-08 22:37 -------- d-----w- c:\program files\Ashampoo
2010-05-08 17:46 . 2010-05-09 00:33 -------- d-----w- c:\documents and settings\Dell\Application Data\ImgBurn
2010-05-08 16:48 . 2010-05-15 02:03 -------- d-----w- c:\documents and settings\Dell\Application Data\PCF-VLC
2010-05-08 16:37 . 2010-05-09 04:57 -------- d-----w- c:\program files\ImgBurn
2010-05-08 08:58 . 2010-05-15 02:09 -------- d-----w- c:\documents and settings\Dell\Application Data\gtk-2.0
2010-05-08 08:48 . 2010-05-08 08:48 -------- d-----w- c:\documents and settings\Dell\Application Data\Participatory Culture Foundation
2010-05-08 08:40 . 2010-05-08 08:40 -------- d-----w- c:\program files\Participatory Culture Foundation
2010-05-06 07:29 . 2010-05-06 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-05-06 05:17 . 2010-05-08 08:38 -------- d-----w- c:\program files\VSO
2010-05-06 05:06 . 2010-05-06 05:07 -------- d-----w- c:\documents and settings\Dell\Application Data\vlc
2010-05-06 04:54 . 2010-05-06 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-06 04:54 . 2010-05-06 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\W3i
2010-05-06 04:54 . 2010-05-06 04:54 -------- d-----w- c:\documents and settings\Dell\Application Data\Yahoo!
2010-05-06 04:53 . 2010-05-06 04:53 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-05-06 04:53 . 2010-05-06 06:23 -------- d-----w- c:\program files\Yahoo!
2010-05-06 04:29 . 2010-05-08 08:38 -------- d-----w- c:\documents and settings\Dell\Application Data\Vso
2010-05-06 04:29 . 2010-05-08 08:38 47360 ----a-w- c:\documents and settings\Dell\Application Data\pcouffin.sys
2010-05-06 04:29 . 2010-05-06 05:17 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-06 04:24 . 2010-05-08 08:38 -------- d-----w- c:\program files\Satsuki Decoder Pack
2010-05-05 19:26 . 2010-05-05 19:26 -------- d-----w- c:\program files\Trend Micro
2010-05-05 02:56 . 2010-05-04 14:26 650240 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2010-05-03 20:25 . 2010-05-03 21:05 -------- d-----w- c:\documents and settings\Dell\Application Data\ScanSpyware
2010-05-02 07:19 . 2004-08-04 10:00 6656 ----a-w- c:\windows\system32\dllcache\c_is2022.dll
2010-05-02 07:19 . 2004-08-04 10:00 6656 ----a-w- c:\windows\system32\c_is2022.dll
2010-05-02 07:19 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-05-02 07:19 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-05-02 07:19 . 2001-08-18 05:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-05-02 07:19 . 2001-08-18 05:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-05-02 07:19 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-05-02 07:19 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-05-02 07:19 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-05-02 07:19 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2010-05-02 07:18 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-05-02 07:18 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-05-02 07:18 . 2008-04-14 02:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-05-02 07:18 . 2008-04-14 02:09 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2010-05-02 06:07 . 2010-05-11 09:47 -------- d-----w- c:\program files\Anewsoft Video Converter
2010-05-01 06:07 . 2010-05-01 06:07 -------- d-----w- c:\documents and settings\Dell\Application Data\Nero
2010-05-01 05:42 . 2010-05-01 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-05-01 05:31 . 2010-05-01 05:31 -------- d-----w- c:\program files\Microsoft.NET
2010-05-01 05:28 . 2009-09-05 00:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-05-01 05:28 . 2009-09-05 00:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-01 05:27 . 2008-10-15 13:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-05-01 05:27 . 2007-07-20 01:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-05-01 05:27 . 2007-05-16 23:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-05-01 05:26 . 2010-05-01 05:26 -------- d-----w- c:\windows\Logs
2010-04-23 15:31 . 2010-01-20 19:24 52224 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\{56ad905d-0e2d-469f-a492-c751ed7192fc}\components\FFExternalAlert.dll
2010-04-23 15:31 . 2010-01-20 19:24 101376 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\{56ad905d-0e2d-469f-a492-c751ed7192fc}\components\RadioWMPCore.dll
2010-04-21 15:38 . 2010-05-03 18:26 -------- d-----w- c:\program files\Memory ++
2010-04-17 06:33 . 2010-04-17 06:33 -------- d-----w- c:\documents and settings\Dell\Application Data\Media Player Classic
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 17:36 . 2010-03-11 23:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-03 21:36 . 2005-09-01 07:17 -------- d-----w- c:\program files\QuickTime
2010-05-03 18:49 . 2009-08-05 12:57 -------- d-----w- c:\documents and settings\Dell\Application Data\Move Networks
2010-05-03 03:05 . 2009-07-20 19:32 31792 ----a-w- c:\documents and settings\Dell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-02 04:42 . 2009-08-02 09:51 -------- d-----w- c:\program files\Graboid
2010-05-01 03:05 . 2005-09-01 07:12 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-05-01 03:03 . 2005-09-01 07:12 -------- d-----w- c:\program files\Sonic
2010-04-23 14:58 . 2005-09-01 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2010-03-30 22:28 . 2005-09-01 07:01 -------- d-----w- c:\program files\Common Files\Java
2010-03-30 22:27 . 2010-03-30 22:27 503808 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25fb02c6-n\msvcp71.dll
2010-03-30 22:27 . 2010-03-30 22:27 499712 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25fb02c6-n\jmc.dll
2010-03-30 22:27 . 2010-03-30 22:27 348160 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25fb02c6-n\msvcr71.dll
2010-03-30 22:27 . 2010-03-30 22:27 61440 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4da605e8-n\decora-sse.dll
2010-03-30 22:27 . 2010-03-30 22:27 12800 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4da605e8-n\decora-d3d.dll
2010-03-30 22:26 . 2005-09-01 07:01 -------- d-----w- c:\program files\Java
2010-03-27 23:55 . 2010-03-27 23:55 -------- d-----w- c:\program files\Safer Networking
2010-03-27 04:08 . 2009-07-20 19:42 -------- d-----w- c:\program files\Google
2010-03-22 07:42 . 2010-03-22 07:41 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-22 05:54 . 2010-03-22 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-03-22 05:51 . 2010-03-22 05:51 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:49 -------- d-----w- c:\program files\DivX
2010-03-22 05:51 . 2010-03-22 05:51 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:51 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:51 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:51 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:50 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-22 05:51 . 2010-03-22 05:51 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-03-22 05:49 . 2010-03-22 05:51 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-03-22 05:47 . 2010-03-22 05:51 986392 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-03-12 21:57 . 2010-03-12 21:57 152576 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-12 21:57 . 2010-03-12 21:57 79488 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-10 06:35 . 2010-03-10 06:35 216 ----a-w- c:\windows\PowerReg.dat
2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:28 . 2009-07-20 19:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-25 06:24 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2005-09-01 06:41 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 16:10 . 2004-08-10 17:51 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 03:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2010-05-05 1000960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"Clearwire Connection Manager"="c:\program files\Clearwire\Connection Manager\ClearwireCM.exe" [2009-12-01 54608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-1 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Memory"=c:\program files\Memory ++\Memory ++
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"mmtask"=c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
"IntelWireless"=c:\program files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1008000.029\SymEFA.sys [3/11/2010 6:45 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1008000.029\BHDrvx86.sys [3/11/2010 6:45 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1008000.029\cchpx86.sys [3/11/2010 6:44 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100505.001\IDSXpx86.sys [5/7/2010 2:31 PM 329592]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [3/11/2010 6:45 PM 117640]
R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\Clearwire\Connection Manager\DeviceLaunchSvc.exe [11/9/2009 1:00 PM 107856]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 5:19 PM 13592]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [10/1/2009 4:51 PM 282112]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [10/1/2009 4:51 PM 51712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/4/2009 1:40 PM 102448]
S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\Clearwire\Connection Manager\RcAppSvc.exe [11/9/2009 1:02 PM 120144]
.
Contents of the 'Scheduled Tasks' folder
2010-05-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://Bing.zugo.com/?cfg=2-71-0-13GZu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2496572&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL -
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Sonne Video Converter\codec\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Sonne Video Converter\codec\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
BHO-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
Toolbar-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-16 22:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(856)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2010-05-16 23:02:34
ComboFix-quarantined-files.txt 2010-05-17 06:02
Pre-Run: 47,374,585,856 bytes free
Post-Run: 47,468,748,800 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
- - End Of File - - 344A8D4C74062F84F99BD782199275D2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:40 PM, on 5/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe
C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
c:\program files\clearwire\connection manager\Location Finder\mylocal.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://Bing.zugo.com/?cfg=2-71-0-13GZu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Clearwire Connection Manager] "C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe" -a
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Clearwire RcAppSvc (CLEARWIRERcAppSvc) - SmithMicro Inc. - C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Clearwire Device Launch Service (SMSI Device Launch Service) - Unknown owner - C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 7049 bytes
PLEASE DISREGARD PREVIOUS COMBOFIX LOG AS I DID NOT HAVE MY FIREWALL DISABLED! PLEASE GO BY THIS ONE. THANKS
ComboFix 10-05-16.01 - Dell 05/16/2010 23:17:20.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.378 [GMT -7:00]
Running from: c:\documents and settings\Dell\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.
((((((((((((((((((((((((( Files Created from 2010-04-17 to 2010-05-17 )))))))))))))))))))))))))))))))
.
2010-05-17 03:11 . 2010-05-17 03:11 -------- d-----w- c:\windows\LastGood
2010-05-17 00:07 . 2010-05-17 00:07 -------- d-----w- c:\program files\W3i
2010-05-15 03:33 . 2010-05-15 03:33 -------- d-----w- c:\program files\Joboshare
2010-05-15 00:10 . 2010-05-15 00:10 -------- d-----w- c:\program files\AviSynth 2.5
2010-05-15 00:09 . 2010-05-15 01:18 -------- d-----w- c:\program files\Avi2Dvd
2010-05-14 06:13 . 2010-05-14 06:13 -------- d-----w- c:\documents and settings\Dell\Application Data\AVS4YOU
2010-05-14 06:11 . 2010-05-15 00:08 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-05-14 06:10 . 2010-05-15 00:08 -------- d-----w- c:\program files\AVS4YOU
2010-05-14 06:10 . 2010-05-14 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-05-14 06:10 . 2008-08-13 18:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-13 02:05 . 2010-05-13 02:14 -------- d-----w- C:\9d7e71432518b0ecc414879b92bd
2010-05-13 01:06 . 2008-04-14 02:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-05-13 01:06 . 2008-04-14 02:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-05-13 01:05 . 2008-04-13 20:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-05-13 01:05 . 2008-04-13 20:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-05-09 07:02 . 2010-05-09 07:02 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Real
2010-05-09 07:00 . 2010-05-09 08:08 -------- d-----w- c:\program files\Sonne Video Converter
2010-05-09 06:57 . 2010-05-09 06:57 737280 ----a-w- c:\windows\iun6002.exe
2010-05-09 06:57 . 2010-05-09 06:57 -------- d-----w- c:\program files\The Extractor
2010-05-09 06:54 . 2010-05-09 06:54 -------- d-----w- c:\documents and settings\Dell\Application Data\DriverCure
2010-05-09 06:54 . 2010-05-09 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-05-09 06:54 . 2010-05-09 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-05-08 22:40 . 2010-05-09 00:11 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Ashampoo Movie Shrink & Burn 3
2010-05-08 22:37 . 2010-05-08 22:37 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\ashampoo
2010-05-08 22:37 . 2010-05-08 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2010-05-08 22:37 . 2010-05-08 22:37 -------- d-----w- c:\program files\Ashampoo
2010-05-08 17:46 . 2010-05-09 00:33 -------- d-----w- c:\documents and settings\Dell\Application Data\ImgBurn
2010-05-08 16:48 . 2010-05-15 02:03 -------- d-----w- c:\documents and settings\Dell\Application Data\PCF-VLC
2010-05-08 16:37 . 2010-05-09 04:57 -------- d-----w- c:\program files\ImgBurn
2010-05-08 08:58 . 2010-05-15 02:09 -------- d-----w- c:\documents and settings\Dell\Application Data\gtk-2.0
2010-05-08 08:48 . 2010-05-08 08:48 -------- d-----w- c:\documents and settings\Dell\Application Data\Participatory Culture Foundation
2010-05-08 08:40 . 2010-05-08 08:40 -------- d-----w- c:\program files\Participatory Culture Foundation
2010-05-06 07:29 . 2010-05-06 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-05-06 05:17 . 2010-05-08 08:38 -------- d-----w- c:\program files\VSO
2010-05-06 05:06 . 2010-05-06 05:07 -------- d-----w- c:\documents and settings\Dell\Application Data\vlc
2010-05-06 04:54 . 2010-05-06 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-06 04:54 . 2010-05-06 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\W3i
2010-05-06 04:54 . 2010-05-06 04:54 -------- d-----w- c:\documents and settings\Dell\Application Data\Yahoo!
2010-05-06 04:53 . 2010-05-06 04:53 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-05-06 04:53 . 2010-05-06 06:23 -------- d-----w- c:\program files\Yahoo!
2010-05-06 04:29 . 2010-05-08 08:38 -------- d-----w- c:\documents and settings\Dell\Application Data\Vso
2010-05-06 04:29 . 2010-05-08 08:38 47360 ----a-w- c:\documents and settings\Dell\Application Data\pcouffin.sys
2010-05-06 04:29 . 2010-05-06 05:17 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-06 04:24 . 2010-05-08 08:38 -------- d-----w- c:\program files\Satsuki Decoder Pack
2010-05-05 19:26 . 2010-05-05 19:26 -------- d-----w- c:\program files\Trend Micro
2010-05-05 02:56 . 2010-05-04 14:26 650240 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2010-05-03 20:25 . 2010-05-03 21:05 -------- d-----w- c:\documents and settings\Dell\Application Data\ScanSpyware
2010-05-02 07:19 . 2004-08-04 10:00 6656 ----a-w- c:\windows\system32\dllcache\c_is2022.dll
2010-05-02 07:19 . 2004-08-04 10:00 6656 ----a-w- c:\windows\system32\c_is2022.dll
2010-05-02 07:19 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-05-02 07:19 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-05-02 07:19 . 2001-08-18 05:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-05-02 07:19 . 2001-08-18 05:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-05-02 07:19 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-05-02 07:19 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-05-02 07:19 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-05-02 07:19 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2010-05-02 07:18 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-05-02 07:18 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-05-02 07:18 . 2008-04-14 02:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-05-02 07:18 . 2008-04-14 02:09 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2010-05-02 06:07 . 2010-05-11 09:47 -------- d-----w- c:\program files\Anewsoft Video Converter
2010-05-01 06:07 . 2010-05-01 06:07 -------- d-----w- c:\documents and settings\Dell\Application Data\Nero
2010-05-01 05:42 . 2010-05-01 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-05-01 05:31 . 2010-05-01 05:31 -------- d-----w- c:\program files\Microsoft.NET
2010-05-01 05:28 . 2009-09-05 00:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-05-01 05:28 . 2009-09-05 00:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-01 05:27 . 2008-10-15 13:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-05-01 05:27 . 2007-07-20 01:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-05-01 05:27 . 2007-05-16 23:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-05-01 05:26 . 2010-05-01 05:26 -------- d-----w- c:\windows\Logs
2010-04-23 15:31 . 2010-01-20 19:24 52224 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\{56ad905d-0e2d-469f-a492-c751ed7192fc}\components\FFExternalAlert.dll
2010-04-23 15:31 . 2010-01-20 19:24 101376 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\{56ad905d-0e2d-469f-a492-c751ed7192fc}\components\RadioWMPCore.dll
2010-04-21 15:38 . 2010-05-03 18:26 -------- d-----w- c:\program files\Memory ++
2010-04-17 06:33 . 2010-04-17 06:33 -------- d-----w- c:\documents and settings\Dell\Application Data\Media Player Classic
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 17:36 . 2010-03-11 23:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-03 21:36 . 2005-09-01 07:17 -------- d-----w- c:\program files\QuickTime
2010-05-03 18:49 . 2009-08-05 12:57 -------- d-----w- c:\documents and settings\Dell\Application Data\Move Networks
2010-05-03 03:05 . 2009-07-20 19:32 31792 ----a-w- c:\documents and settings\Dell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-02 04:42 . 2009-08-02 09:51 -------- d-----w- c:\program files\Graboid
2010-05-01 03:05 . 2005-09-01 07:12 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-05-01 03:03 . 2005-09-01 07:12 -------- d-----w- c:\program files\Sonic
2010-04-23 14:58 . 2005-09-01 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2010-03-30 22:28 . 2005-09-01 07:01 -------- d-----w- c:\program files\Common Files\Java
2010-03-30 22:27 . 2010-03-30 22:27 503808 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25fb02c6-n\msvcp71.dll
2010-03-30 22:27 . 2010-03-30 22:27 499712 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25fb02c6-n\jmc.dll
2010-03-30 22:27 . 2010-03-30 22:27 348160 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25fb02c6-n\msvcr71.dll
2010-03-30 22:27 . 2010-03-30 22:27 61440 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4da605e8-n\decora-sse.dll
2010-03-30 22:27 . 2010-03-30 22:27 12800 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4da605e8-n\decora-d3d.dll
2010-03-30 22:26 . 2005-09-01 07:01 -------- d-----w- c:\program files\Java
2010-03-27 23:55 . 2010-03-27 23:55 -------- d-----w- c:\program files\Safer Networking
2010-03-27 04:08 . 2009-07-20 19:42 -------- d-----w- c:\program files\Google
2010-03-22 07:42 . 2010-03-22 07:41 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-22 05:54 . 2010-03-22 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-03-22 05:51 . 2010-03-22 05:51 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:49 -------- d-----w- c:\program files\DivX
2010-03-22 05:51 . 2010-03-22 05:51 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:51 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:51 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:51 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:50 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-22 05:51 . 2010-03-22 05:51 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-03-22 05:49 . 2010-03-22 05:51 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-03-22 05:47 . 2010-03-22 05:51 986392 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-03-12 21:57 . 2010-03-12 21:57 152576 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-12 21:57 . 2010-03-12 21:57 79488 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-10 06:35 . 2010-03-10 06:35 216 ----a-w- c:\windows\PowerReg.dat
2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:28 . 2009-07-20 19:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-25 06:24 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2005-09-01 06:41 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 16:10 . 2004-08-10 17:51 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 03:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2010-05-05 1000960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"Clearwire Connection Manager"="c:\program files\Clearwire\Connection Manager\ClearwireCM.exe" [2009-12-01 54608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-1 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Memory"=c:\program files\Memory ++\Memory ++
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"mmtask"=c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
"IntelWireless"=c:\program files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1008000.029\SymEFA.sys [3/11/2010 6:45 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1008000.029\BHDrvx86.sys [3/11/2010 6:45 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1008000.029\cchpx86.sys [3/11/2010 6:44 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100505.001\IDSXpx86.sys [5/7/2010 2:31 PM 329592]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [3/11/2010 6:45 PM 117640]
R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\Clearwire\Connection Manager\DeviceLaunchSvc.exe [11/9/2009 1:00 PM 107856]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 5:19 PM 13592]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [10/1/2009 4:51 PM 282112]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [10/1/2009 4:51 PM 51712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/4/2009 1:40 PM 102448]
S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\Clearwire\Connection Manager\RcAppSvc.exe [11/9/2009 1:02 PM 120144]
.
Contents of the 'Scheduled Tasks' folder
2010-05-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://Bing.zugo.com/?cfg=2-71-0-13GZu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2496572&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL -
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Sonne Video Converter\codec\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Sonne Video Converter\codec\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-16 23:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(856)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'explorer.exe'(3548)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-16 23:25:35
ComboFix-quarantined-files.txt 2010-05-17 06:25
ComboFix2.txt 2010-05-17 06:02
Pre-Run: 47,488,995,328 bytes free
Post-Run: 47,469,895,680 bytes free
- - End Of File - - F39EFC0E6BDF39F004B998C0E85CFF03
Have you set this as your firefox start page?
hxxp://Bing.zugo.com/?cfg=2-71-0-13GZu
No I set my start page as Firefox speed dial
So then we remove it.
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Firefox::
uStart Page = hxxp://Bing.zugo.com/?cfg=2-71-0-13GZu
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
ComboFix 10-05-16.01 - Dell 05/20/2010 13:43:08.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.504 [GMT -7:00]
Running from: c:\documents and settings\Dell\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dell\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Dell\Application Data\inst.exe
.
((((((((((((((((((((((((( Files Created from 2010-04-20 to 2010-05-20 )))))))))))))))))))))))))))))))
.
2010-05-18 23:17 . 2010-05-18 23:19 -------- d-----w- c:\documents and settings\Dell\Application Data\Audio2VCD
2010-05-18 23:16 . 2010-05-18 23:16 -------- d-----w- c:\program files\Audio2VCD
2010-05-18 23:14 . 2010-05-18 23:14 -------- d-----w- c:\documents and settings\Dell\Application Data\VCDEasy
2010-05-18 23:14 . 2010-05-18 23:14 -------- d-----w- c:\program files\VCDEasy
2010-05-18 09:55 . 2010-05-18 09:55 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Help
2010-05-18 05:51 . 2010-05-18 09:55 -------- d-----w- c:\program files\VCDwizard
2010-05-18 05:51 . 2010-05-18 05:51 -------- d-----w- c:\program files\lkCDRtools
2010-05-18 05:51 . 2010-05-18 05:51 -------- d-----w- c:\program files\Common Files\DirectX
2010-05-18 05:47 . 2010-05-18 05:58 -------- d-----w- c:\program files\XVideoConverter
2010-05-17 18:49 . 2010-03-14 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-05-17 08:18 . 2010-05-17 08:18 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Yahoo
2010-05-17 00:07 . 2010-05-17 00:07 -------- d-----w- c:\program files\W3i
2010-05-15 03:33 . 2010-05-15 03:33 -------- d-----w- c:\program files\Joboshare
2010-05-15 00:10 . 2010-05-15 00:10 -------- d-----w- c:\program files\AviSynth 2.5
2010-05-15 00:09 . 2010-05-15 01:18 -------- d-----w- c:\program files\Avi2Dvd
2010-05-14 06:13 . 2010-05-14 06:13 -------- d-----w- c:\documents and settings\Dell\Application Data\AVS4YOU
2010-05-14 06:11 . 2010-05-15 00:08 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-05-14 06:10 . 2010-05-15 00:08 -------- d-----w- c:\program files\AVS4YOU
2010-05-14 06:10 . 2010-05-14 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-05-14 06:10 . 2008-08-13 18:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-13 02:05 . 2010-05-13 02:14 -------- d-----w- C:\9d7e71432518b0ecc414879b92bd
2010-05-13 01:06 . 2008-04-14 02:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-05-13 01:06 . 2008-04-14 02:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-05-13 01:05 . 2008-04-13 20:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-05-13 01:05 . 2008-04-13 20:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-05-09 07:02 . 2010-05-09 07:02 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Real
2010-05-09 07:00 . 2010-05-19 04:41 -------- d-----w- c:\program files\Sonne Video Converter
2010-05-09 06:57 . 2010-05-09 06:57 737280 ----a-w- c:\windows\iun6002.exe
2010-05-09 06:57 . 2010-05-09 06:57 -------- d-----w- c:\program files\The Extractor
2010-05-09 06:54 . 2010-05-09 06:54 -------- d-----w- c:\documents and settings\Dell\Application Data\DriverCure
2010-05-09 06:54 . 2010-05-09 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-05-09 06:54 . 2010-05-09 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-05-08 22:40 . 2010-05-09 00:11 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Ashampoo Movie Shrink & Burn 3
2010-05-08 22:37 . 2010-05-08 22:37 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\ashampoo
2010-05-08 22:37 . 2010-05-08 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2010-05-08 22:37 . 2010-05-08 22:37 -------- d-----w- c:\program files\Ashampoo
2010-05-08 17:46 . 2010-05-09 00:33 -------- d-----w- c:\documents and settings\Dell\Application Data\ImgBurn
2010-05-08 16:48 . 2010-05-20 01:54 -------- d-----w- c:\documents and settings\Dell\Application Data\PCF-VLC
2010-05-08 16:37 . 2010-05-09 04:57 -------- d-----w- c:\program files\ImgBurn
2010-05-08 08:58 . 2010-05-17 08:11 -------- d-----w- c:\documents and settings\Dell\Application Data\gtk-2.0
2010-05-08 08:48 . 2010-05-08 08:48 -------- d-----w- c:\documents and settings\Dell\Application Data\Participatory Culture Foundation
2010-05-08 08:40 . 2010-05-08 08:40 -------- d-----w- c:\program files\Participatory Culture Foundation
2010-05-06 07:29 . 2010-05-06 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-05-06 05:17 . 2010-05-17 18:12 -------- d-----w- c:\program files\VSO
2010-05-06 05:06 . 2010-05-06 05:07 -------- d-----w- c:\documents and settings\Dell\Application Data\vlc
2010-05-06 04:54 . 2010-05-17 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-06 04:54 . 2010-05-06 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\W3i
2010-05-06 04:54 . 2010-05-06 04:54 -------- d-----w- c:\documents and settings\Dell\Application Data\Yahoo!
2010-05-06 04:53 . 2010-05-17 08:16 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-05-06 04:53 . 2010-05-17 16:11 -------- d-----w- c:\program files\Yahoo!
2010-05-06 04:29 . 2010-05-17 18:12 -------- d-----w- c:\documents and settings\Dell\Application Data\Vso
2010-05-06 04:29 . 2010-05-17 18:12 47360 ----a-w- c:\documents and settings\Dell\Application Data\pcouffin.sys
2010-05-06 04:29 . 2010-05-17 17:53 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-06 04:24 . 2010-05-08 08:38 -------- d-----w- c:\program files\Satsuki Decoder Pack
2010-05-05 19:26 . 2010-05-05 19:26 -------- d-----w- c:\program files\Trend Micro
2010-05-05 02:56 . 2010-05-04 14:26 650240 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2010-05-03 20:25 . 2010-05-03 21:05 -------- d-----w- c:\documents and settings\Dell\Application Data\ScanSpyware
2010-05-02 07:19 . 2004-08-04 10:00 6656 ----a-w- c:\windows\system32\dllcache\c_is2022.dll
2010-05-02 07:19 . 2004-08-04 10:00 6656 ----a-w- c:\windows\system32\c_is2022.dll
2010-05-02 07:19 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-05-02 07:19 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-05-02 07:19 . 2001-08-18 05:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-05-02 07:19 . 2001-08-18 05:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-05-02 07:19 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-05-02 07:19 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-05-02 07:19 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-05-02 07:19 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2010-05-02 07:18 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-05-02 07:18 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-05-02 07:18 . 2008-04-14 02:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-05-02 07:18 . 2008-04-14 02:09 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2010-05-02 06:07 . 2010-05-11 09:47 -------- d-----w- c:\program files\Anewsoft Video Converter
2010-05-01 06:07 . 2010-05-01 06:07 -------- d-----w- c:\documents and settings\Dell\Application Data\Nero
2010-05-01 05:42 . 2010-05-01 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-05-01 05:31 . 2010-05-01 05:31 -------- d-----w- c:\program files\Microsoft.NET
2010-05-01 05:28 . 2009-09-05 00:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-05-01 05:28 . 2009-09-05 00:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-01 05:27 . 2008-10-15 13:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-05-01 05:27 . 2007-07-20 01:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-05-01 05:27 . 2007-05-16 23:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-05-01 05:26 . 2010-05-01 05:26 -------- d-----w- c:\windows\Logs
2010-04-23 15:31 . 2010-01-20 19:24 52224 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\{56ad905d-0e2d-469f-a492-c751ed7192fc}\components\FFExternalAlert.dll
2010-04-23 15:31 . 2010-01-20 19:24 101376 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\{56ad905d-0e2d-469f-a492-c751ed7192fc}\components\RadioWMPCore.dll
2010-04-21 15:38 . 2010-05-03 18:26 -------- d-----w- c:\program files\Memory ++
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-19 05:35 . 2009-08-05 04:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-17 18:50 . 2010-03-22 07:41 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-05-12 18:21 . 2010-03-11 23:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-03 21:36 . 2005-09-01 07:17 -------- d-----w- c:\program files\QuickTime
2010-05-03 18:49 . 2009-08-05 12:57 -------- d-----w- c:\documents and settings\Dell\Application Data\Move Networks
2010-05-03 03:05 . 2009-07-20 19:32 31792 ----a-w- c:\documents and settings\Dell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-02 04:42 . 2009-08-02 09:51 -------- d-----w- c:\program files\Graboid
2010-05-01 03:05 . 2005-09-01 07:12 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-05-01 03:03 . 2005-09-01 07:12 -------- d-----w- c:\program files\Sonic
2010-04-23 14:58 . 2005-09-01 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2010-04-17 06:33 . 2010-04-17 06:33 -------- d-----w- c:\documents and settings\Dell\Application Data\Media Player Classic
2010-03-30 22:28 . 2005-09-01 07:01 -------- d-----w- c:\program files\Common Files\Java
2010-03-30 22:27 . 2010-03-30 22:27 503808 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25fb02c6-n\msvcp71.dll
2010-03-30 22:27 . 2010-03-30 22:27 499712 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25fb02c6-n\jmc.dll
2010-03-30 22:27 . 2010-03-30 22:27 348160 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25fb02c6-n\msvcr71.dll
2010-03-30 22:27 . 2010-03-30 22:27 61440 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4da605e8-n\decora-sse.dll
2010-03-30 22:27 . 2010-03-30 22:27 12800 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4da605e8-n\decora-d3d.dll
2010-03-30 22:26 . 2005-09-01 07:01 -------- d-----w- c:\program files\Java
2010-03-27 23:55 . 2010-03-27 23:55 -------- d-----w- c:\program files\Safer Networking
2010-03-27 04:08 . 2009-07-20 19:42 -------- d-----w- c:\program files\Google
2010-03-22 05:54 . 2010-03-22 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-03-22 05:51 . 2010-03-22 05:51 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:49 -------- d-----w- c:\program files\DivX
2010-03-22 05:51 . 2010-03-22 05:51 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:51 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:51 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:51 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:50 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-22 05:51 . 2010-03-22 05:51 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-03-22 05:49 . 2010-03-22 05:51 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-03-22 05:47 . 2010-03-22 05:51 986392 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-03-12 21:57 . 2010-03-12 21:57 152576 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-12 21:57 . 2010-03-12 21:57 79488 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-10 06:35 . 2010-03-10 06:35 216 ----a-w- c:\windows\PowerReg.dat
2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:28 . 2009-07-20 19:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-25 06:24 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2005-09-01 06:41 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-05-17_05.58.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-20 20:26 . 2010-05-20 20:26 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
+ 2010-05-20 15:06 . 2010-05-20 15:06 16384 c:\windows\Temp\Perflib_Perfdata_778.dat
- 2004-08-10 17:51 . 2010-05-17 04:27 79610 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2010-05-20 10:36 79610 c:\windows\system32\perfc009.dat
- 2010-04-09 21:34 . 2010-05-17 03:30 65536 c:\windows\system\vdsvrlnk.dll
+ 2010-04-09 21:34 . 2010-04-09 21:34 65536 c:\windows\system\vdsvrlnk.dll
+ 2010-04-09 21:35 . 2010-04-09 21:35 73728 c:\windows\system\vdremote.dll
- 2010-04-09 21:35 . 2010-05-17 03:30 73728 c:\windows\system\vdremote.dll
+ 2010-05-18 05:51 . 2010-05-18 05:51 28672 c:\windows\Installer\{E78D6337-8E3C-11D8-A0A8-0050BF61B407}\_1D81EE058E3F_11D8_A0A8_0050BF61B470.exe
- 2010-05-17 04:25 . 2010-05-17 04:25 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-05-20 10:24 . 2010-05-20 10:24 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-05-20 10:24 . 2010-05-20 10:24 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-05-20 10:29 . 2010-05-20 10:29 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-05-20 10:28 . 2010-05-20 10:28 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-05-20 10:30 . 2010-05-20 10:30 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-05-20 10:30 . 2010-05-20 10:30 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-05-20 10:30 . 2010-05-20 10:30 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-05-20 10:31 . 2010-05-20 10:31 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-05-17 04:26 . 2010-05-17 04:26 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-05-20 10:30 . 2010-05-20 10:30 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-05-20 10:28 . 2010-05-20 10:28 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-05-20 10:27 . 2010-05-20 10:27 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-05-20 10:30 . 2010-05-20 10:30 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-05-20 10:28 . 2010-05-20 10:28 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-05-20 10:30 . 2010-05-20 10:30 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-05-20 10:27 . 2010-05-20 10:27 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-05-20 10:28 . 2010-05-20 10:28 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-05-17 04:25 . 2010-05-17 04:25 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-05-17 04:25 . 2010-05-17 04:25 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-05-20 10:30 . 2010-05-20 10:30 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-05-20 10:30 . 2010-05-20 10:30 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-05-20 10:26 . 2010-05-20 10:26 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-05-20 10:26 . 2010-05-20 10:26 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2004-08-10 17:51 . 2010-05-17 04:27 464500 c:\windows\system32\perfh009.dat
+ 2004-08-10 17:51 . 2010-05-20 10:36 464500 c:\windows\system32\perfh009.dat
+ 2003-11-22 02:42 . 2003-11-22 02:42 397312 c:\windows\system32\mjpgTools.dll
+ 2003-07-23 18:27 . 2003-07-23 18:27 491520 c:\windows\system32\lkVCDimager.dll
+ 2010-05-18 05:51 . 2010-05-18 05:51 337920 c:\windows\Installer\f8c0eb.msi
+ 2010-05-18 05:50 . 2004-04-15 03:14 337896 c:\windows\Downloaded Installations\VCDwizard.msi
+ 2010-05-19 10:07 . 2010-05-19 10:07 113664 c:\windows\assembly\tmp\2CKRZ7FM\System.EnterpriseServices.Wrapper.dll
+ 2010-05-19 10:07 . 2010-05-19 10:07 258048 c:\windows\assembly\tmp\2CKRZ7FM\System.EnterpriseServices.dll
+ 2010-05-20 10:23 . 2010-05-20 10:23 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-05-20 10:23 . 2010-05-20 10:23 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-05-17 04:26 . 2010-05-17 04:26 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-05-20 10:33 . 2010-05-20 10:33 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-05-17 04:26 . 2010-05-17 04:26 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-05-20 10:32 . 2010-05-20 10:32 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-05-20 10:26 . 2010-05-20 10:26 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-05-20 10:26 . 2010-05-20 10:26 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-05-20 10:26 . 2010-05-20 10:26 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-05-20 10:26 . 2010-05-20 10:26 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-05-20 10:31 . 2010-05-20 10:31 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-05-17 04:26 . 2010-05-17 04:26 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-05-20 10:27 . 2010-05-20 10:27 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-05-20 10:27 . 2010-05-20 10:27 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-05-17 04:26 . 2010-05-17 04:26 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-05-20 10:32 . 2010-05-20 10:32 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-05-17 04:26 . 2010-05-17 04:26 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-05-20 10:32 . 2010-05-20 10:32 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-05-20 10:32 . 2010-05-20 10:32 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-05-17 04:26 . 2010-05-17 04:26 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-05-20 10:29 . 2010-05-20 10:29 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-05-20 10:28 . 2010-05-20 10:28 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-05-20 10:28 . 2010-05-20 10:28 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-05-20 10:25 . 2010-05-20 10:25 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-05-20 10:25 . 2010-05-20 10:25 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-05-20 10:24 . 2010-05-20 10:24 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-05-20 10:30 . 2010-05-20 10:30 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-05-20 10:24 . 2010-05-20 10:24 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-05-20 10:25 . 2010-05-20 10:25 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-05-20 10:26 . 2010-05-20 10:26 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-05-20 10:26 . 2010-05-20 10:26 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-05-17 04:26 . 2010-05-17 04:26 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-05-20 10:31 . 2010-05-20 10:31 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-05-20 10:24 . 2010-05-20 10:24 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-05-20 10:24 . 2010-05-20 10:24 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-05-20 10:32 . 2010-05-20 10:32 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-05-17 04:26 . 2010-05-17 04:26 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2010-05-05 1000960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"Clearwire Connection Manager"="c:\program files\Clearwire\Connection Manager\ClearwireCM.exe" [2009-12-01 54608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-1 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Memory"=c:\program files\Memory ++\Memory ++
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"mmtask"=c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
"IntelWireless"=c:\program files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1008000.029\SymEFA.sys [3/11/2010 6:45 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1008000.029\BHDrvx86.sys [3/11/2010 6:45 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1008000.029\cchpx86.sys [3/11/2010 6:44 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100513.002\IDSXpx86.sys [5/17/2010 5:58 PM 329592]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [3/11/2010 6:45 PM 117640]
R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\Clearwire\Connection Manager\DeviceLaunchSvc.exe [11/9/2009 1:00 PM 107856]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 5:19 PM 13592]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [10/1/2009 4:51 PM 282112]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [10/1/2009 4:51 PM 51712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/4/2009 1:40 PM 102448]
S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\Clearwire\Connection Manager\RcAppSvc.exe [11/9/2009 1:02 PM 120144]
.
Contents of the 'Scheduled Tasks' folder
2010-05-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=w3i&type=W3i_SP,150,0_0,StartPage,20100521,6687,0,8,0
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2496572&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL -
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Sonne Video Converter\codec\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Sonne Video Converter\codec\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
BHO-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-20 13:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(856)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2010-05-20 13:53:16
ComboFix-quarantined-files.txt 2010-05-20 20:52
ComboFix2.txt 2010-05-17 06:25
ComboFix3.txt 2010-05-17 06:02
Pre-Run: 42,815,848,448 bytes free
Post-Run: 46,025,428,992 bytes free
- - End Of File - - 8F731B60305A8CDC658B57CEBA3A7096
Sorry for delay.
Did you copy everything from code box to CFScript?
Yes I think I did it right, but just in case I ran it again just now
ComboFix 10-05-16.01 - Dell 05/22/2010 23:20:03.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.539 [GMT -7:00]
Running from: c:\documents and settings\Dell\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dell\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.
((((((((((((((((((((((((( Files Created from 2010-04-23 to 2010-05-23 )))))))))))))))))))))))))))))))
.
2010-05-22 03:25 . 2010-05-22 03:25 -------- d-----w- c:\program files\Unibrain
2010-05-22 03:20 . 2009-11-11 12:26 557056 ----a-w- c:\windows\system32\Netw2c32.dll
2010-05-22 03:20 . 2009-11-11 12:26 2732032 ----a-w- c:\windows\system32\Netw2r32.dll
2010-05-22 03:20 . 2010-05-22 03:20 -------- dc----w- c:\windows\system32\DRVSTORE
2010-05-22 03:19 . 2010-05-22 03:19 53248 ----a-r- c:\documents and settings\Dell\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-05-22 03:19 . 2010-05-22 03:19 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-05-22 03:19 . 2008-11-08 01:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-05-22 03:16 . 2010-05-22 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-05-22 03:16 . 2010-05-22 03:17 -------- d-----w- c:\program files\Logitech
2010-05-22 03:16 . 2010-05-22 03:19 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-05-22 03:16 . 2010-05-22 03:20 -------- d-----w- c:\documents and settings\Dell\Application Data\Logitech
2010-05-22 03:16 . 2010-05-22 03:16 -------- d-----w- c:\documents and settings\Dell\Application Data\Logishrd
2010-05-22 03:15 . 2007-07-26 23:15 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-05-22 03:15 . 2010-05-22 03:15 -------- d-----w- C:\Intel
2010-05-22 03:08 . 2010-05-22 03:09 12289448 ----a-w- c:\documents and settings\Dell\Application Data\Easeware\DriverEasy\drivers\o1zei444.fy2\ubCore32_033109.exe
2010-05-22 03:08 . 2010-05-22 03:08 4679665 ----a-w- c:\documents and settings\Dell\Application Data\Easeware\DriverEasy\drivers\xsrx1ohn.zja\ICS_Dx32.exe
2010-05-22 03:07 . 2010-05-22 03:07 4758792 ----a-w- c:\documents and settings\Dell\Application Data\Easeware\DriverEasy\drivers\mywstt40.uiz\R154493.EXE
2010-05-22 03:04 . 2010-05-22 03:06 24803808 ----a-w- c:\documents and settings\Dell\Application Data\Easeware\DriverEasy\drivers\25kvdgx5.kmu\setpoint600.exe
2010-05-22 03:03 . 2010-05-22 03:03 -------- d-----w- c:\documents and settings\Dell\Application Data\Easeware
2010-05-22 03:03 . 2010-05-22 03:03 -------- d-----w- c:\program files\Easeware
2010-05-22 02:45 . 2010-05-22 03:49 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Deployment
2010-05-22 02:23 . 2010-05-22 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-05-22 02:06 . 2010-05-22 02:06 -------- d-----w- c:\program files\Opti Drive Control
2010-05-21 21:24 . 2010-05-21 21:24 -------- d-----w- c:\program files\Joboshare
2010-05-18 23:17 . 2010-05-18 23:19 -------- d-----w- c:\documents and settings\Dell\Application Data\Audio2VCD
2010-05-18 23:16 . 2010-05-18 23:16 -------- d-----w- c:\program files\Audio2VCD
2010-05-18 09:55 . 2010-05-18 09:55 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Help
2010-05-18 05:51 . 2010-05-18 09:55 -------- d-----w- c:\program files\VCDwizard
2010-05-18 05:51 . 2010-05-18 05:51 -------- d-----w- c:\program files\lkCDRtools
2010-05-18 05:51 . 2010-05-18 05:51 -------- d-----w- c:\program files\Common Files\DirectX
2010-05-18 05:47 . 2010-05-18 05:58 -------- d-----w- c:\program files\XVideoConverter
2010-05-17 18:49 . 2010-03-14 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-05-17 08:18 . 2010-05-17 08:18 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Yahoo
2010-05-17 00:07 . 2010-05-17 00:07 -------- d-----w- c:\program files\W3i
2010-05-15 00:10 . 2010-05-15 00:10 -------- d-----w- c:\program files\AviSynth 2.5
2010-05-15 00:09 . 2010-05-21 21:20 -------- d-----w- c:\program files\Avi2Dvd
2010-05-14 06:13 . 2010-05-14 06:13 -------- d-----w- c:\documents and settings\Dell\Application Data\AVS4YOU
2010-05-14 06:11 . 2010-05-15 00:08 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-05-14 06:10 . 2010-05-15 00:08 -------- d-----w- c:\program files\AVS4YOU
2010-05-14 06:10 . 2010-05-14 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-05-14 06:10 . 2008-08-13 18:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-13 02:05 . 2010-05-13 02:14 -------- d-----w- C:\9d7e71432518b0ecc414879b92bd
2010-05-13 01:06 . 2008-04-14 02:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-05-13 01:06 . 2008-04-14 02:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-05-13 01:05 . 2008-04-13 20:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-05-13 01:05 . 2008-04-13 20:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-05-09 07:02 . 2010-05-09 07:02 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Real
2010-05-09 07:00 . 2010-05-21 14:27 -------- d-----w- c:\program files\Sonne Video Converter
2010-05-09 06:57 . 2010-05-09 06:57 737280 ----a-w- c:\windows\iun6002.exe
2010-05-09 06:57 . 2010-05-09 06:57 -------- d-----w- c:\program files\The Extractor
2010-05-09 06:54 . 2010-05-09 06:54 -------- d-----w- c:\documents and settings\Dell\Application Data\DriverCure
2010-05-09 06:54 . 2010-05-09 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-05-09 06:54 . 2010-05-09 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-05-08 22:40 . 2010-05-09 00:11 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Ashampoo Movie Shrink & Burn 3
2010-05-08 22:37 . 2010-05-08 22:37 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\ashampoo
2010-05-08 22:37 . 2010-05-08 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2010-05-08 22:37 . 2010-05-08 22:37 -------- d-----w- c:\program files\Ashampoo
2010-05-08 17:46 . 2010-05-09 00:33 -------- d-----w- c:\documents and settings\Dell\Application Data\ImgBurn
2010-05-08 16:48 . 2010-05-20 01:54 -------- d-----w- c:\documents and settings\Dell\Application Data\PCF-VLC
2010-05-08 16:37 . 2010-05-09 04:57 -------- d-----w- c:\program files\ImgBurn
2010-05-08 08:58 . 2010-05-17 08:11 -------- d-----w- c:\documents and settings\Dell\Application Data\gtk-2.0
2010-05-08 08:48 . 2010-05-08 08:48 -------- d-----w- c:\documents and settings\Dell\Application Data\Participatory Culture Foundation
2010-05-08 08:40 . 2010-05-08 08:40 -------- d-----w- c:\program files\Participatory Culture Foundation
2010-05-06 07:29 . 2010-05-06 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-05-06 05:17 . 2010-05-17 18:12 -------- d-----w- c:\program files\VSO
2010-05-06 05:06 . 2010-05-06 05:07 -------- d-----w- c:\documents and settings\Dell\Application Data\vlc
2010-05-06 04:54 . 2010-05-17 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-06 04:54 . 2010-05-06 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\W3i
2010-05-06 04:54 . 2010-05-06 04:54 -------- d-----w- c:\documents and settings\Dell\Application Data\Yahoo!
2010-05-06 04:53 . 2010-05-17 08:16 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-05-06 04:53 . 2010-05-17 16:11 -------- d-----w- c:\program files\Yahoo!
2010-05-06 04:29 . 2010-05-17 18:12 -------- d-----w- c:\documents and settings\Dell\Application Data\Vso
2010-05-06 04:29 . 2010-05-17 18:12 47360 ----a-w- c:\documents and settings\Dell\Application Data\pcouffin.sys
2010-05-06 04:29 . 2010-05-17 17:53 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-06 04:24 . 2010-05-08 08:38 -------- d-----w- c:\program files\Satsuki Decoder Pack
2010-05-05 19:26 . 2010-05-05 19:26 -------- d-----w- c:\program files\Trend Micro
2010-05-05 02:56 . 2010-05-04 14:26 650240 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2010-05-03 20:25 . 2010-05-03 21:05 -------- d-----w- c:\documents and settings\Dell\Application Data\ScanSpyware
2010-05-02 07:19 . 2004-08-04 10:00 6656 ----a-w- c:\windows\system32\dllcache\c_is2022.dll
2010-05-02 07:19 . 2004-08-04 10:00 6656 ----a-w- c:\windows\system32\c_is2022.dll
2010-05-02 07:19 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-05-02 07:19 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-05-02 07:19 . 2001-08-18 05:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-05-02 07:19 . 2001-08-18 05:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-05-02 07:19 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-05-02 07:19 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-05-02 07:19 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-05-02 07:19 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2010-05-02 07:18 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-05-02 07:18 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-05-02 07:18 . 2008-04-14 02:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-05-02 07:18 . 2008-04-14 02:09 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2010-05-02 06:07 . 2010-05-11 09:47 -------- d-----w- c:\program files\Anewsoft Video Converter
2010-05-01 06:07 . 2010-05-01 06:07 -------- d-----w- c:\documents and settings\Dell\Application Data\Nero
2010-05-01 05:42 . 2010-05-01 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-05-01 05:31 . 2010-05-01 05:31 -------- d-----w- c:\program files\Microsoft.NET
2010-05-01 05:28 . 2009-09-05 00:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-05-01 05:28 . 2009-09-05 00:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-01 05:27 . 2008-10-15 13:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-05-01 05:27 . 2007-07-20 01:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-05-01 05:27 . 2007-05-16 23:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-05-01 05:26 . 2010-05-01 05:26 -------- d-----w- c:\windows\Logs
2010-04-23 15:31 . 2010-01-20 19:24 52224 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\{56ad905d-0e2d-469f-a492-c751ed7192fc}\components\FFExternalAlert.dll
2010-04-23 15:31 . 2010-01-20 19:24 101376 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\{56ad905d-0e2d-469f-a492-c751ed7192fc}\components\RadioWMPCore.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-22 03:26 . 2005-09-01 07:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-22 03:19 . 2010-05-22 03:19 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-05-21 04:52 . 2009-08-05 04:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-17 18:50 . 2010-03-22 07:41 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-05-12 18:21 . 2010-03-11 23:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-03 21:36 . 2005-09-01 07:17 -------- d-----w- c:\program files\QuickTime
2010-05-03 18:49 . 2009-08-05 12:57 -------- d-----w- c:\documents and settings\Dell\Application Data\Move Networks
2010-05-03 18:26 . 2010-04-21 15:38 -------- d-----w- c:\program files\Memory ++
2010-05-03 03:05 . 2009-07-20 19:32 31792 ----a-w- c:\documents and settings\Dell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-02 04:42 . 2009-08-02 09:51 -------- d-----w- c:\program files\Graboid
2010-05-01 03:05 . 2005-09-01 07:12 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-05-01 03:03 . 2005-09-01 07:12 -------- d-----w- c:\program files\Sonic
2010-04-23 14:58 . 2005-09-01 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2010-04-17 06:33 . 2010-04-17 06:33 -------- d-----w- c:\documents and settings\Dell\Application Data\Media Player Classic
2010-03-30 22:28 . 2005-09-01 07:01 -------- d-----w- c:\program files\Common Files\Java
2010-03-30 22:27 . 2010-03-30 22:27 503808 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25fb02c6-n\msvcp71.dll
2010-03-30 22:27 . 2010-03-30 22:27 499712 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25fb02c6-n\jmc.dll
2010-03-30 22:27 . 2010-03-30 22:27 348160 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25fb02c6-n\msvcr71.dll
2010-03-30 22:27 . 2010-03-30 22:27 61440 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4da605e8-n\decora-sse.dll
2010-03-30 22:27 . 2010-03-30 22:27 12800 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4da605e8-n\decora-d3d.dll
2010-03-30 22:26 . 2005-09-01 07:01 -------- d-----w- c:\program files\Java
2010-03-27 23:55 . 2010-03-27 23:55 -------- d-----w- c:\program files\Safer Networking
2010-03-27 04:08 . 2009-07-20 19:42 -------- d-----w- c:\program files\Google
2010-03-22 05:51 . 2010-03-22 05:51 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:51 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:51 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:51 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:51 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:51 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-03-22 05:49 . 2010-03-22 05:51 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-03-22 05:47 . 2010-03-22 05:51 986392 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-03-12 21:57 . 2010-03-12 21:57 152576 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-12 21:57 . 2010-03-12 21:57 79488 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-10 06:35 . 2010-03-10 06:35 216 ----a-w- c:\windows\PowerReg.dat
2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:28 . 2009-07-20 19:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-25 06:24 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2005-09-01 06:41 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((((((( SnapShot_2010-05-20_20.49.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-22 20:34 . 2010-05-22 20:34 16384 c:\windows\Temp\Perflib_Perfdata_8c.dat
+ 2010-05-22 20:34 . 2010-05-22 20:34 16384 c:\windows\Temp\Perflib_Perfdata_7cc.dat
+ 2007-10-03 21:56 . 2007-10-03 21:56 53248 c:\windows\system32\UB1394DH.dll
- 2009-07-20 17:45 . 2009-05-12 22:12 26144 c:\windows\system32\spupdsvc.exe
+ 2009-07-20 17:45 . 2008-11-08 01:55 26144 c:\windows\system32\spupdsvc.exe
+ 2010-05-22 03:18 . 2001-08-17 18:48 12160 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\mouhid.sys
+ 2010-05-22 03:18 . 2008-04-13 18:39 23040 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\mouclass.sys
- 2004-08-10 17:51 . 2010-05-20 10:36 79610 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2010-05-22 10:29 79610 c:\windows\system32\perfc009.dat
+ 2009-11-10 11:55 . 2009-11-10 11:55 52240 c:\windows\system32\LMouFiltCoInst.dll
+ 2007-02-27 19:48 . 2007-02-27 19:48 57344 c:\windows\system32\Firei.dll
+ 2009-07-14 17:35 . 2009-07-14 17:35 37608 c:\windows\system32\drivers\wdfldr.sys
+ 2009-03-28 04:50 . 2009-03-28 04:50 46592 c:\windows\system32\drivers\UBUMAPI.sys
+ 2009-03-28 04:50 . 2009-03-28 04:50 17408 c:\windows\system32\drivers\UBSBM.sys
- 2009-07-21 17:29 . 2001-08-17 18:48 12160 c:\windows\system32\drivers\mouhid.sys
+ 2009-07-21 17:29 . 2001-08-17 20:48 12160 c:\windows\system32\drivers\mouhid.sys
- 2004-08-04 03:58 . 2008-04-13 18:39 23040 c:\windows\system32\drivers\mouclass.sys
+ 2004-08-04 03:58 . 2008-04-13 20:39 23040 c:\windows\system32\drivers\mouclass.sys
+ 2009-11-10 11:55 . 2009-11-10 11:55 37392 c:\windows\system32\drivers\LMouFilt.Sys
+ 2009-11-10 11:54 . 2009-11-10 11:54 35984 c:\windows\system32\drivers\LHidFilt.Sys
+ 2009-07-21 17:29 . 2001-08-17 20:48 12160 c:\windows\system32\dllcache\mouhid.sys
- 2009-07-21 17:29 . 2001-08-17 18:48 12160 c:\windows\system32\dllcache\mouhid.sys
+ 2004-08-04 03:58 . 2008-04-13 20:39 23040 c:\windows\system32\dllcache\mouclass.sys
+ 2010-05-22 02:22 . 2010-05-22 02:22 46392 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\ProductName.chm.de_E8BE655ADEA641369B5E012FC4DD61C6.exe
+ 2010-05-22 02:22 . 2010-05-22 02:22 75064 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.pt_6CF114D33913468CBA2AA6967939B819.exe
+ 2010-05-22 02:22 . 2010-05-22 02:22 75064 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.it_251B66F1CA924E82A1EE29E85D5EC5A1.exe
+ 2010-05-22 02:22 . 2010-05-22 02:22 75064 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.fr_E1678746353A46E3A9150D3E8B3832B1.exe
+ 2010-05-22 02:22 . 2010-05-22 02:22 75064 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.es_654C8EA5162D4D4084239A5EDD67F462.exe
+ 2010-05-22 10:14 . 2010-05-22 10:14 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-05-20 10:24 . 2010-05-20 10:24 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-05-22 10:15 . 2010-05-22 10:15 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-05-20 10:24 . 2010-05-20 10:24 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-05-22 10:19 . 2010-05-22 10:19 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-05-20 10:29 . 2010-05-20 10:29 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-05-22 10:18 . 2010-05-22 10:18 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-05-20 10:28 . 2010-05-20 10:28 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-05-20 10:30 . 2010-05-20 10:30 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-05-22 10:20 . 2010-05-22 10:20 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-05-20 10:30 . 2010-05-20 10:30 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-05-22 10:20 . 2010-05-22 10:20 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-05-20 10:30 . 2010-05-20 10:30 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-05-22 10:19 . 2010-05-22 10:19 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-05-20 10:31 . 2010-05-20 10:31 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-05-22 10:20 . 2010-05-22 10:20 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-05-20 10:30 . 2010-05-20 10:30 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-05-22 10:19 . 2010-05-22 10:19 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-05-20 10:28 . 2010-05-20 10:28 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-05-22 10:18 . 2010-05-22 10:18 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-05-20 10:27 . 2010-05-20 10:27 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-05-22 10:17 . 2010-05-22 10:17 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-05-22 10:19 . 2010-05-22 10:19 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-05-20 10:30 . 2010-05-20 10:30 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-05-22 10:18 . 2010-05-22 10:18 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-05-20 10:28 . 2010-05-20 10:28 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-05-22 10:19 . 2010-05-22 10:19 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-05-20 10:30 . 2010-05-20 10:30 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-05-22 03:25 . 2010-05-22 03:25 3262 c:\windows\Installer\{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}\ARPPRODUCTICON.exe
+ 2010-05-22 10:17 . 2010-05-22 10:17 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-05-20 10:27 . 2010-05-20 10:27 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-05-20 10:28 . 2010-05-20 10:28 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-05-22 10:18 . 2010-05-22 10:18 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-05-22 10:20 . 2010-05-22 10:20 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-05-20 10:30 . 2010-05-20 10:30 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-05-20 10:30 . 2010-05-20 10:30 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-05-22 10:19 . 2010-05-22 10:19 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-05-20 10:26 . 2010-05-20 10:26 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-05-22 10:17 . 2010-05-22 10:17 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-05-20 10:26 . 2010-05-20 10:26 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-05-22 10:17 . 2010-05-22 10:17 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-03-28 05:15 . 2009-03-28 05:15 237568 c:\windows\system32\ubVideo.dll
+ 2009-03-30 23:41 . 2009-03-30 23:41 692224 c:\windows\system32\ubUI.dll
- 2004-08-10 17:51 . 2010-05-20 10:36 464500 c:\windows\system32\perfh009.dat
+ 2004-08-10 17:51 . 2010-05-22 10:29 464500 c:\windows\system32\perfh009.dat
+ 2009-03-30 23:46 . 2009-03-30 23:46 647168 c:\windows\system32\FireiX.dll
+ 2009-03-30 23:28 . 2009-03-30 23:28 253952 c:\windows\system32\FiCommon.dll
+ 2010-05-22 03:20 . 2009-11-11 12:26 557056 c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\Netw2c32.dll
+ 2010-05-22 03:20 . 2008-06-20 17:32 663552 c:\windows\system32\DRVSTORE\netw5x32_82B9AE35153F0147942779E59FCCBAEDA8F5CF94\NETw5c32.dll
+ 2009-07-14 17:35 . 2009-07-14 17:35 444136 c:\windows\system32\drivers\wdf01000.sys
+ 2009-03-28 04:55 . 2009-03-28 04:55 116224 c:\windows\system32\drivers\ubohci.sys
+ 2009-03-28 04:49 . 2009-03-28 04:49 127488 c:\windows\system32\drivers\UB1394.sys
+ 2009-03-30 23:43 . 2009-03-30 23:43 393216 c:\windows\system32\CFiCamera.dll
+ 2010-05-22 03:19 . 2010-05-22 03:19 240640 c:\windows\Installer\1b045e1.msi
- 2010-05-20 10:23 . 2010-05-20 10:23 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-05-22 10:13 . 2010-05-22 10:13 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-05-20 10:23 . 2010-05-20 10:23 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-05-22 10:14 . 2010-05-22 10:14 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-05-22 10:22 . 2010-05-22 10:22 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-05-20 10:33 . 2010-05-20 10:33 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-05-20 10:32 . 2010-05-20 10:32 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-05-22 10:21 . 2010-05-22 10:21 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-05-22 10:16 . 2010-05-22 10:16 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-05-20 10:26 . 2010-05-20 10:26 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-05-20 10:26 . 2010-05-20 10:26 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-05-22 10:16 . 2010-05-22 10:16 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-05-22 10:16 . 2010-05-22 10:16 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-05-20 10:26 . 2010-05-20 10:26 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-05-22 10:16 . 2010-05-22 10:16 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-05-20 10:26 . 2010-05-20 10:26 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-05-20 10:31 . 2010-05-20 10:31 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-05-22 10:21 . 2010-05-22 10:21 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-05-22 10:17 . 2010-05-22 10:17 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-05-20 10:27 . 2010-05-20 10:27 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-05-20 10:27 . 2010-05-20 10:27 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-05-22 10:17 . 2010-05-22 10:17 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-05-20 10:32 . 2010-05-20 10:32 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-05-22 10:22 . 2010-05-22 10:22 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-05-22 10:21 . 2010-05-22 10:21 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-05-20 10:32 . 2010-05-20 10:32 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-05-20 10:32 . 2010-05-20 10:32 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-05-22 10:21 . 2010-05-22 10:21 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-05-20 10:29 . 2010-05-20 10:29 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-05-22 10:19 . 2010-05-22 10:19 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-05-22 10:18 . 2010-05-22 10:18 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-05-20 10:28 . 2010-05-20 10:28 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-05-20 10:28 . 2010-05-20 10:28 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-05-22 10:18 . 2010-05-22 10:18 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-05-22 10:15 . 2010-05-22 10:15 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-05-20 10:25 . 2010-05-20 10:25 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-05-22 10:16 . 2010-05-22 10:16 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-05-20 10:25 . 2010-05-20 10:25 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-05-20 10:24 . 2010-05-20 10:24 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-05-22 10:15 . 2010-05-22 10:15 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-05-20 10:30 . 2010-05-20 10:30 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-05-22 10:20 . 2010-05-22 10:20 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-05-20 10:24 . 2010-05-20 10:24 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-05-22 10:15 . 2010-05-22 10:15 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-05-20 10:25 . 2010-05-20 10:25 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-05-22 10:16 . 2010-05-22 10:16 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-05-20 10:26 . 2010-05-20 10:26 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-05-22 10:17 . 2010-05-22 10:17 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-05-20 10:26 . 2010-05-20 10:26 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-05-22 10:17 . 2010-05-22 10:17 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-03-30 23:22 . 2009-03-30 23:22 1540096 c:\windows\system32\ubShared.dll
+ 2009-03-30 23:25 . 2009-03-30 23:25 1138688 c:\windows\system32\UB1394.dll
+ 2009-11-10 11:55 . 2009-11-10 11:55 1581072 c:\windows\system32\LkmdfCoInst.dll
+ 2010-05-22 03:20 . 2009-11-11 12:26 2216064 c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\w29n51.sys
+ 2010-05-22 03:20 . 2009-11-11 12:26 2212352 c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\w29n50.sys
+ 2010-05-22 03:20 . 2009-11-11 12:26 2732032 c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\Netw2r32.dll
+ 2010-05-22 03:20 . 2009-10-26 13:47 4221952 c:\windows\system32\DRVSTORE\netw5x32_82B9AE35153F0147942779E59FCCBAEDA8F5CF94\NETw5x32.sys
+ 2010-05-22 03:20 . 2008-06-20 17:33 2756608 c:\windows\system32\DRVSTORE\netw5x32_82B9AE35153F0147942779E59FCCBAEDA8F5CF94\NETw5r32.dll
+ 2005-09-01 06:42 . 2009-11-11 12:26 2216064 c:\windows\system32\drivers\w29n51.sys
+ 2010-05-22 03:25 . 2010-05-22 03:25 1191424 c:\windows\Installer\1b045e5.msi
- 2010-05-20 10:31 . 2010-05-20 10:31 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-05-22 10:20 . 2010-05-22 10:20 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-05-20 10:24 . 2010-05-20 10:24 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-05-22 10:14 . 2010-05-22 10:14 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-05-20 10:24 . 2010-05-20 10:24 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-05-22 10:14 . 2010-05-22 10:14 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-05-20 10:32 . 2010-05-20 10:32 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-05-22 10:21 . 2010-05-22 10:21 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2010-05-05 1000960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"Clearwire Connection Manager"="c:\program files\Clearwire\Connection Manager\ClearwireCM.exe" [2009-12-01 54608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
c:\documents and settings\Dell\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-1 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Memory"=c:\program files\Memory ++\Memory ++
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"mmtask"=c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
"IntelWireless"=c:\program files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1008000.029\SymEFA.sys [3/11/2010 6:45 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1008000.029\BHDrvx86.sys [3/11/2010 6:45 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1008000.029\cchpx86.sys [3/11/2010 6:44 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100513.002\IDSXpx86.sys [5/17/2010 5:58 PM 329592]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [3/11/2010 6:45 PM 117640]
R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\Clearwire\Connection Manager\DeviceLaunchSvc.exe [11/9/2009 1:00 PM 107856]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [3/27/2009 9:50 PM 17408]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [3/27/2009 9:50 PM 46592]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 5:19 PM 13592]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [10/1/2009 4:51 PM 282112]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [10/1/2009 4:51 PM 51712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/4/2009 1:40 PM 102448]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [3/27/2009 9:55 PM 116224]
S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\Clearwire\Connection Manager\RcAppSvc.exe [11/9/2009 1:02 PM 120144]
.
Contents of the 'Scheduled Tasks' folder
2010-05-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=w3i&type=W3i_SP,150,0_0,StartPage,20100521,6687,0,8,0
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2496572&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL -
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Sonne Video Converter\codec\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Sonne Video Converter\codec\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
BHO-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-22 23:25
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(864)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'explorer.exe'(972)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-22 23:29:16
ComboFix-quarantined-files.txt 2010-05-23 06:28
ComboFix2.txt 2010-05-20 20:53
ComboFix3.txt 2010-05-17 06:25
ComboFix4.txt 2010-05-17 06:02
Pre-Run: 46,377,332,736 bytes free
Post-Run: 46,359,851,008 bytes free
- - End Of File - - 4C9453657482EB78D4831B00007E9374
That looks OK now :)
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
Hello,
here are the latest Kaspersky and HJT reports, Thanks.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, May 25, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, May 25, 2010 06:57:50
Records in database: 4171379
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 77552
Threats found: 1
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 02:32:07
File name / Threat / Threats count
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-67c5acb0 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\15\310e48cf-68357989 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-277351bb Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-2cf1b0ce Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\52\e649f74-5e50da35 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\54\e0a5976-6d6176d9 Infected: Exploit.Java.Agent.f 1
Selected area has been scanned.
___________________________________________________________________________________________________________________________________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:02 AM, on 5/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
c:\program files\clearwire\connection manager\Location Finder\mylocal.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=w3i&type=W3i_SP,150,0_0,StartPage,20100521,6687,0,8,0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Clearwire Connection Manager] "C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe" -a
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Clearwire RcAppSvc (CLEARWIRERcAppSvc) - SmithMicro Inc. - C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Clearwire Device Launch Service (SMSI Device Launch Service) - Unknown owner - C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 7543 bytes
Empty this folder:
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache
Empty Recycle Bin.
Still problems?
Thank You That got rid of the problem:thanks:, and i ran Kaspersky and it was clean.
I do have another question. What about the items that spybot shows in the system start up? many of them (in the Paul Collins start up list) say they are worms/virus/Trojans etc. what do I do about them?
Thank You.
They are false positives, you can ignore them.
Are you ready for final instructions?
that's a relief. awaiting final instructions:bigthumb:.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Looking over your log, it seems you don't have any evidence of a third party firewall.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:
1) Comodo (http://www.personalfirewall.comodo.com/download_firewall.html) (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) PC Tools (http://www.pctools.com/firewall/download/)
4) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
Now lets uninstall ComboFix:
Click START then RUN
Now type Combofix /uninstall in the runbox and click OK
Next we remove all used tools.
Please download OTCleanIt (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Malwarebytes' Anti-Malware - Malwarebytes''Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:
Malwarebytes' Anti-Malware Setup Guide (http://www.lognrock.com/forum/index.php?showtopic=6926)
Malwarebytes' Anti-Malware Scanning Guide (http://www.lognrock.com/forum/index.php?showtopic=6913)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)
Happy surfing and stay clean! :bigthumb:
Done. Thanks so much for all your help.:rockon: