Ybotspot
2010-06-14, 15:43
I'v had all sorts of problems since I Did..For one thing my security service is always turning off functions... I ran windows one care safety scanner (online) also I have a trial of trojan cleaner which I ran and deleted some entries.. Also I have quick-heal whickh I run from time to time...I dont know for sure if I really have trojans or it was juast a spoof report but I don't wanna be stupid... I'v had this system for three years now and have reinstalled windows 14 times... it seems to be my fix for problems...instead of paying for trojan cleaning but I never had one in my system b4 can some one help?
DDS (Ver_10-03-17.01) - NTFSx86
Run by Ybot at 8:48:29.87 on Mon 06/14/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1592 [GMT -4:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\FrostWire\FrostWire.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ybot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SSSD0H81\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uWindow Title = Fuck You Microsoft
uURLSearchHooks: H - No File
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p10 /q c:\users\ybot\appdata\local\temp\diva727.sh! c:\users\ybot\appdata\local\temp\divA5DF.SH!
StartupFolder: c:\users\ybot\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
================= FIREFOX ===================
FF - ProfilePath - c:\users\ybot\appdata\roaming\mozilla\firefox\profiles\zdjc8ywi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\users\ybot\appdata\roaming\mozilla\firefox\profiles\zdjc8ywi.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-6-13 201320]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-4-29 176128]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-9 155648]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-6-13 358224]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-6-13 144704]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-7-14 1443584]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-6-13 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-6-13 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-6-13 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-6-13 40488]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 42368]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher; [x]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-6-13 33832]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-1-20 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-1-20 251904]
=============== Created Last 30 ================
2010-06-14 12:05:28 0 d-----w- c:\programdata\Apple Computer
2010-06-14 12:05:03 0 d-----w- c:\programdata\Apple
2010-06-14 03:15:30 0 d---a-w- c:\programdata\TEMP
2010-06-14 03:13:54 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-06-14 03:13:54 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-06-14 03:13:54 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-06-14 03:13:54 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-06-14 03:13:54 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-06-14 03:13:46 0 d-----w- c:\users\ybot\appdata\roaming\Simply Super Software
2010-06-14 03:13:46 0 d-----w- c:\programdata\Simply Super Software
2010-06-14 03:13:46 0 d-----w- c:\program files\Trojan Remover
2010-06-14 02:34:41 0 d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-06-14 00:49:55 0 d-----w- c:\users\ybot\appdata\roaming\Dell
2010-06-14 00:48:48 0 dc-h--w- c:\programdata\{7322D736-AA5F-4DD0-8E33-EA48318CC276}
2010-06-14 00:48:38 0 d-----w- c:\programdata\Dell
2010-06-13 17:14:07 0 d-----w- c:\windows\system32\Dell
2010-06-13 14:36:38 0 d-----w- c:\program files\PowerISO
2010-06-13 11:29:12 0 d-----w- c:\program files\common files\DivX Shared
2010-06-13 11:24:13 0 d-----w- c:\program files\DivX
2010-06-13 10:54:18 0 d-----w- c:\programdata\DivX
2010-06-13 08:33:56 0 d-----w- c:\program files\MSXML 4.0
2010-06-13 08:08:49 0 d-----w- c:\windows\pss
2010-06-13 07:47:05 7977 ----a-w- c:\windows\system32\Config.MPF
2010-06-13 07:45:44 143360 ----a-w- c:\windows\system32\dunzip32.dll
2010-06-13 07:44:32 33832 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-06-13 07:44:31 79304 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-06-13 07:44:31 40488 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-06-13 07:44:31 35240 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-13 07:44:31 201320 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-13 07:44:16 125728 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-13 07:43:46 0 d-----w- c:\program files\McAfee.com
2010-06-13 07:43:45 0 d-----w- c:\program files\common files\McAfee
2010-06-13 07:43:28 0 d-----w- c:\program files\McAfee
2010-06-13 07:38:45 0 d-----w- c:\programdata\McAfee
2010-06-13 07:32:01 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-06-13 07:32:01 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-06-13 07:31:54 0 d-----w- c:\program files\Winamp Detect
2010-06-13 06:47:21 0 d-----w- c:\programdata\Uninstall
2010-06-13 06:46:18 0 d-----w- c:\programdata\Sonic
2010-06-13 06:44:30 0 d-----w- c:\programdata\Roxio
2010-06-13 06:43:49 0 d-----w- c:\program files\common files\SureThing Shared
2010-06-13 06:43:29 0 d-----w- c:\program files\common files\PX Storage Engine
2010-06-13 06:43:28 0 d-----w- c:\program files\common files\Sonic Shared
2010-06-13 06:43:08 0 d-----w- c:\programdata\InstallShield
2010-06-13 06:43:07 0 d-----w- c:\program files\Roxio
2010-06-13 06:42:07 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-06-13 06:42:06 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2010-06-13 06:42:06 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-06-13 06:10:52 0 d-----w- c:\program files\Modem Diagnostic Tool
2010-06-13 06:09:31 0 d-----w- c:\program files\NetWaiting
2010-06-13 06:07:04 16382 ----a-w- c:\windows\system32\drivers\hcw85mlC.rom
2010-06-13 06:07:03 0 d-----w- c:\windows\system32\Hauppauge
2010-06-13 06:07:00 270392 ----a-w- c:\windows\system32\hcwpnp32.dll
2010-06-13 06:07:00 102456 ----a-w- c:\windows\system32\hcwi2c32.dll
2010-06-13 06:07:00 0 d-----w- c:\program files\WinTV
2010-06-13 06:06:54 36921 ----a-w- c:\windows\system32\hcwutl32.dll
2010-06-13 06:06:54 0 d-----w- c:\program files\HCW85
2010-06-13 06:05:12 0 d-----w- c:\program files\CONEXANT
2010-06-13 06:05:10 661504 ----a-w- c:\windows\system32\drivers\HSX_CNXT.sys
2010-06-13 06:05:10 267776 ----a-w- c:\windows\system32\drivers\HSXHWBS2.sys
2010-06-13 06:05:09 985600 ----a-w- c:\windows\system32\drivers\HSX_DPV.sys
2010-06-13 06:05:09 94208 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-06-13 06:05:09 8704 ----a-w- c:\windows\system32\drivers\XAudio.sys
2010-06-13 06:05:09 386560 ----a-w- c:\windows\system32\drivers\XAudio.exe
2010-06-13 06:05:09 12672 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2010-06-13 06:04:44 229376 ----a-w- c:\windows\system32\UCI32M25.dll
2010-06-13 06:04:44 145890 ----a-w- c:\windows\system32\drivers\HSFProf.cty
2010-06-12 14:48:43 0 d-----w- c:\users\ybot\appdata\roaming\FrostWire
2010-06-12 14:48:20 0 d-----w- c:\programdata\Sun
2010-06-12 14:48:20 0 d-----w- c:\program files\FrostWire
2010-06-12 14:48:11 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-12 13:09:51 0 d-----w- c:\program files\Microsoft Security Essentials
2010-06-11 21:20:44 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-06-11 20:17:36 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-11 20:17:36 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-11 18:24:36 0 d-----w- c:\programdata\ATI
2010-06-11 17:44:00 0 d-----w- c:\program files\ATI Technologies
2010-06-11 17:43:57 0 d-----w- c:\program files\ATI
2010-06-11 17:20:22 0 d-----w- C:\temp
2010-06-11 17:01:57 0 d-----w- c:\users\ybot\appdata\roaming\McAfee
2010-06-11 16:30:22 0 d-----w- c:\programdata\Office Genuine Advantage
2010-06-11 14:05:02 0 d-----w- c:\users\ybot\Tracing
2010-06-11 13:45:28 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-06-11 13:45:14 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-11 13:44:53 0 d-----w- c:\program files\Microsoft
2010-06-11 13:44:05 0 d-----w- c:\windows\PCHEALTH
2010-06-11 13:34:41 0 d-----w- c:\program files\common files\Windows Live
2010-06-11 04:53:38 0 ----a-w- c:\windows\hqstat.mtl
2010-06-11 04:53:38 0 ----a-w- c:\windows\hqstat.mnt
2010-06-11 04:53:12 0 d-----w- c:\program files\Quick Heal
2010-06-10 22:51:08 0 d-----w- c:\programdata\Windows Genuine Advantage
2010-06-10 21:30:51 0 d-----w- c:\program files\Windows Portable Devices
2010-06-10 21:29:13 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-06-10 21:29:12 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-06-10 21:29:12 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-06-10 21:26:35 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-06-10 21:26:34 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-06-10 21:26:34 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-06-10 21:21:17 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-06-10 21:21:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-10 21:21:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-10 19:46:05 0 d-----w- c:\windows\Panther
2010-06-10 19:45:53 8192 --s-a-r- C:\BOOTSECT.BAK
2010-06-10 19:45:52 333257 --sha-r- C:\bootmgr
2010-06-10 19:45:52 0 d-sh--w- C:\Boot
2010-06-10 19:45:37 24 ---ha-r- c:\windows\dell_version
2010-06-10 19:45:37 0 d-----w- c:\windows\system32\OEM
2010-06-10 19:21:54 0 d-----w- c:\windows\system32\eu-ES
2010-06-10 19:21:54 0 d-----w- c:\windows\system32\ca-ES
2010-06-10 19:21:53 0 d-----w- c:\windows\system32\vi-VN
2010-06-10 19:03:27 0 d-----w- c:\windows\system32\EventProviders
2010-06-10 19:01:59 527848 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-06-10 19:00:58 90112 ----a-w- c:\windows\system32\wbem\WmiApRpl.dll
2010-06-10 18:34:28 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-06-10 18:34:27 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-06-10 17:37:00 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-10 17:35:52 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-10 17:34:20 2501921 ----a-w- c:\windows\system32\wlan.tmf
2010-06-10 17:34:17 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-06-10 17:34:17 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-06-10 17:34:17 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-06-10 17:34:17 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-06-10 17:34:16 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-06-10 17:34:14 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-06-10 17:34:11 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-10 17:34:11 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-10 17:31:29 2868224 ----a-w- c:\windows\system32\mf.dll
2010-06-10 17:30:54 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-06-10 17:30:54 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-06-10 17:30:42 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-06-10 17:30:42 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-10 17:30:39 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-06-10 17:30:39 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-06-10 17:30:39 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-06-10 17:30:35 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-06-10 17:30:23 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-06-10 17:30:23 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-06-10 17:30:22 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-06-10 17:29:59 71680 ----a-w- c:\windows\system32\atl.dll
2010-06-10 17:29:57 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-06-10 17:29:50 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-06-10 17:29:50 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-06-10 17:29:49 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-10 17:29:46 623616 ----a-w- c:\windows\system32\localspl.dll
2010-06-10 17:29:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-06-10 17:29:31 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-06-10 17:27:06 243712 ----a-w- c:\windows\system32\rastls.dll
2010-06-10 17:27:04 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-06-10 17:26:49 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-10 17:26:48 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-10 17:22:31 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-06-10 17:22:26 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-06-10 17:22:23 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-06-10 17:22:23 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-06-10 17:22:23 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-06-10 17:21:10 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-06-10 17:21:10 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-06-10 17:21:10 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-06-10 17:21:09 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-06-10 17:21:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-06-10 17:21:07 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-06-10 17:21:07 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-06-10 17:21:07 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-06-10 17:21:04 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-06-10 17:19:57 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-06-10 17:19:57 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-06-10 17:19:56 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-06-10 17:19:56 471552 ----a-w- c:\windows\system32\secproc.dll
2010-06-10 17:19:54 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-06-10 17:19:54 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-06-10 17:19:54 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-06-10 17:19:54 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-06-10 17:19:51 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-06-10 17:15:45 1904 ------w- c:\windows\system32\SetupBD.din
2010-06-10 17:14:46 39288 ----a-w- c:\windows\system32\NicInE6.dll
2010-06-10 17:14:46 28536 ----a-w- c:\windows\system32\NicCo6.dll
2010-06-10 17:14:46 2689 ----a-w- c:\windows\system32\e1e6032.din
2010-06-10 17:14:46 228224 ----a-w- c:\windows\system32\drivers\e1e6032.sys
2010-06-10 17:14:46 179048 ----a-w- c:\windows\system32\e1000msg.dll
2010-06-10 17:14:46 154496 ----a-w- c:\windows\system32\Prounstl.exe
2010-06-10 17:11:10 0 ----a-w- c:\windows\ativpsrm.bin
2010-06-10 17:03:34 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-06-10 17:03:31 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-06-10 16:59:30 0 d-----w- c:\windows\system32\RTCOM
2010-06-10 16:58:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-06-10 16:58:29 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-06-10 16:58:28 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-06-10 16:42:53 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-06-10 16:42:48 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-10 16:42:43 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-06-10 16:42:27 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 16:37:43 0 d-----w- C:\Intel
2010-06-10 16:37:40 0 d-----w- C:\dell
2010-06-10 16:37:00 0 d-----w- c:\windows\system32\vmm32
2010-06-10 16:37:00 0 d-----w- c:\program files\Dell
2010-06-10 16:36:55 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-06-10 16:36:37 0 d-sh--w- c:\windows\Installer
2010-06-10 16:36:25 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-06-10 16:28:06 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-06-10 16:27:57 98304 ----a-w- c:\windows\system32\cabview.dll
2010-06-10 16:24:02 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-06-10 16:23:52 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-06-10 16:23:47 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-06-10 16:23:47 171608 ----a-w- c:\windows\system32\wuwebv.dll
==================== Find3M ====================
2010-06-14 03:29:44 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-06-14 03:29:44 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-14 03:29:44 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-10 21:30:30 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-10 19:10:52 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-27 18:40:40 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-17 04:04:40 306032 ----a-w- c:\windows\WLXPGSS.SCR
2010-04-17 02:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 8:49:24.96 ===============
http://forums.spybot.info/showthread.php?t=58073
-----------------------------------------
I was not real clear on how to get the scan files you wantd on to the post... u say to copy paste or not I dunno. I know when the time comes I couldn't find the button to attch files however you want, maybe u should post a quick screen shot tutorial for retards like me...:) Hope I didn't do it wrong.
---------------------------------------
Waiting for help in the Malware Forum FOUR days or longer? (http://forums.spybot.info/showthread.php?t=1137)
DDS (Ver_10-03-17.01) - NTFSx86
Run by Ybot at 8:48:29.87 on Mon 06/14/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1592 [GMT -4:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\FrostWire\FrostWire.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ybot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SSSD0H81\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uWindow Title = Fuck You Microsoft
uURLSearchHooks: H - No File
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p10 /q c:\users\ybot\appdata\local\temp\diva727.sh! c:\users\ybot\appdata\local\temp\divA5DF.SH!
StartupFolder: c:\users\ybot\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
================= FIREFOX ===================
FF - ProfilePath - c:\users\ybot\appdata\roaming\mozilla\firefox\profiles\zdjc8ywi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\users\ybot\appdata\roaming\mozilla\firefox\profiles\zdjc8ywi.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-6-13 201320]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-4-29 176128]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-9 155648]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-6-13 358224]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-6-13 144704]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-7-14 1443584]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-6-13 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-6-13 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-6-13 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-6-13 40488]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 42368]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher; [x]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-6-13 33832]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-1-20 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-1-20 251904]
=============== Created Last 30 ================
2010-06-14 12:05:28 0 d-----w- c:\programdata\Apple Computer
2010-06-14 12:05:03 0 d-----w- c:\programdata\Apple
2010-06-14 03:15:30 0 d---a-w- c:\programdata\TEMP
2010-06-14 03:13:54 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-06-14 03:13:54 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-06-14 03:13:54 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-06-14 03:13:54 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-06-14 03:13:54 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-06-14 03:13:46 0 d-----w- c:\users\ybot\appdata\roaming\Simply Super Software
2010-06-14 03:13:46 0 d-----w- c:\programdata\Simply Super Software
2010-06-14 03:13:46 0 d-----w- c:\program files\Trojan Remover
2010-06-14 02:34:41 0 d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-06-14 00:49:55 0 d-----w- c:\users\ybot\appdata\roaming\Dell
2010-06-14 00:48:48 0 dc-h--w- c:\programdata\{7322D736-AA5F-4DD0-8E33-EA48318CC276}
2010-06-14 00:48:38 0 d-----w- c:\programdata\Dell
2010-06-13 17:14:07 0 d-----w- c:\windows\system32\Dell
2010-06-13 14:36:38 0 d-----w- c:\program files\PowerISO
2010-06-13 11:29:12 0 d-----w- c:\program files\common files\DivX Shared
2010-06-13 11:24:13 0 d-----w- c:\program files\DivX
2010-06-13 10:54:18 0 d-----w- c:\programdata\DivX
2010-06-13 08:33:56 0 d-----w- c:\program files\MSXML 4.0
2010-06-13 08:08:49 0 d-----w- c:\windows\pss
2010-06-13 07:47:05 7977 ----a-w- c:\windows\system32\Config.MPF
2010-06-13 07:45:44 143360 ----a-w- c:\windows\system32\dunzip32.dll
2010-06-13 07:44:32 33832 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-06-13 07:44:31 79304 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-06-13 07:44:31 40488 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-06-13 07:44:31 35240 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-13 07:44:31 201320 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-13 07:44:16 125728 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-13 07:43:46 0 d-----w- c:\program files\McAfee.com
2010-06-13 07:43:45 0 d-----w- c:\program files\common files\McAfee
2010-06-13 07:43:28 0 d-----w- c:\program files\McAfee
2010-06-13 07:38:45 0 d-----w- c:\programdata\McAfee
2010-06-13 07:32:01 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-06-13 07:32:01 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-06-13 07:31:54 0 d-----w- c:\program files\Winamp Detect
2010-06-13 06:47:21 0 d-----w- c:\programdata\Uninstall
2010-06-13 06:46:18 0 d-----w- c:\programdata\Sonic
2010-06-13 06:44:30 0 d-----w- c:\programdata\Roxio
2010-06-13 06:43:49 0 d-----w- c:\program files\common files\SureThing Shared
2010-06-13 06:43:29 0 d-----w- c:\program files\common files\PX Storage Engine
2010-06-13 06:43:28 0 d-----w- c:\program files\common files\Sonic Shared
2010-06-13 06:43:08 0 d-----w- c:\programdata\InstallShield
2010-06-13 06:43:07 0 d-----w- c:\program files\Roxio
2010-06-13 06:42:07 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-06-13 06:42:06 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2010-06-13 06:42:06 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-06-13 06:10:52 0 d-----w- c:\program files\Modem Diagnostic Tool
2010-06-13 06:09:31 0 d-----w- c:\program files\NetWaiting
2010-06-13 06:07:04 16382 ----a-w- c:\windows\system32\drivers\hcw85mlC.rom
2010-06-13 06:07:03 0 d-----w- c:\windows\system32\Hauppauge
2010-06-13 06:07:00 270392 ----a-w- c:\windows\system32\hcwpnp32.dll
2010-06-13 06:07:00 102456 ----a-w- c:\windows\system32\hcwi2c32.dll
2010-06-13 06:07:00 0 d-----w- c:\program files\WinTV
2010-06-13 06:06:54 36921 ----a-w- c:\windows\system32\hcwutl32.dll
2010-06-13 06:06:54 0 d-----w- c:\program files\HCW85
2010-06-13 06:05:12 0 d-----w- c:\program files\CONEXANT
2010-06-13 06:05:10 661504 ----a-w- c:\windows\system32\drivers\HSX_CNXT.sys
2010-06-13 06:05:10 267776 ----a-w- c:\windows\system32\drivers\HSXHWBS2.sys
2010-06-13 06:05:09 985600 ----a-w- c:\windows\system32\drivers\HSX_DPV.sys
2010-06-13 06:05:09 94208 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-06-13 06:05:09 8704 ----a-w- c:\windows\system32\drivers\XAudio.sys
2010-06-13 06:05:09 386560 ----a-w- c:\windows\system32\drivers\XAudio.exe
2010-06-13 06:05:09 12672 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2010-06-13 06:04:44 229376 ----a-w- c:\windows\system32\UCI32M25.dll
2010-06-13 06:04:44 145890 ----a-w- c:\windows\system32\drivers\HSFProf.cty
2010-06-12 14:48:43 0 d-----w- c:\users\ybot\appdata\roaming\FrostWire
2010-06-12 14:48:20 0 d-----w- c:\programdata\Sun
2010-06-12 14:48:20 0 d-----w- c:\program files\FrostWire
2010-06-12 14:48:11 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-12 13:09:51 0 d-----w- c:\program files\Microsoft Security Essentials
2010-06-11 21:20:44 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-06-11 20:17:36 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-11 20:17:36 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-11 18:24:36 0 d-----w- c:\programdata\ATI
2010-06-11 17:44:00 0 d-----w- c:\program files\ATI Technologies
2010-06-11 17:43:57 0 d-----w- c:\program files\ATI
2010-06-11 17:20:22 0 d-----w- C:\temp
2010-06-11 17:01:57 0 d-----w- c:\users\ybot\appdata\roaming\McAfee
2010-06-11 16:30:22 0 d-----w- c:\programdata\Office Genuine Advantage
2010-06-11 14:05:02 0 d-----w- c:\users\ybot\Tracing
2010-06-11 13:45:28 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-06-11 13:45:14 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-11 13:44:53 0 d-----w- c:\program files\Microsoft
2010-06-11 13:44:05 0 d-----w- c:\windows\PCHEALTH
2010-06-11 13:34:41 0 d-----w- c:\program files\common files\Windows Live
2010-06-11 04:53:38 0 ----a-w- c:\windows\hqstat.mtl
2010-06-11 04:53:38 0 ----a-w- c:\windows\hqstat.mnt
2010-06-11 04:53:12 0 d-----w- c:\program files\Quick Heal
2010-06-10 22:51:08 0 d-----w- c:\programdata\Windows Genuine Advantage
2010-06-10 21:30:51 0 d-----w- c:\program files\Windows Portable Devices
2010-06-10 21:29:13 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-06-10 21:29:12 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-06-10 21:29:12 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-06-10 21:26:35 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-06-10 21:26:34 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-06-10 21:26:34 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-06-10 21:21:17 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-06-10 21:21:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-10 21:21:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-10 19:46:05 0 d-----w- c:\windows\Panther
2010-06-10 19:45:53 8192 --s-a-r- C:\BOOTSECT.BAK
2010-06-10 19:45:52 333257 --sha-r- C:\bootmgr
2010-06-10 19:45:52 0 d-sh--w- C:\Boot
2010-06-10 19:45:37 24 ---ha-r- c:\windows\dell_version
2010-06-10 19:45:37 0 d-----w- c:\windows\system32\OEM
2010-06-10 19:21:54 0 d-----w- c:\windows\system32\eu-ES
2010-06-10 19:21:54 0 d-----w- c:\windows\system32\ca-ES
2010-06-10 19:21:53 0 d-----w- c:\windows\system32\vi-VN
2010-06-10 19:03:27 0 d-----w- c:\windows\system32\EventProviders
2010-06-10 19:01:59 527848 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-06-10 19:00:58 90112 ----a-w- c:\windows\system32\wbem\WmiApRpl.dll
2010-06-10 18:34:28 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-06-10 18:34:27 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-06-10 17:37:00 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-10 17:35:52 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-10 17:34:20 2501921 ----a-w- c:\windows\system32\wlan.tmf
2010-06-10 17:34:17 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-06-10 17:34:17 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-06-10 17:34:17 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-06-10 17:34:17 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-06-10 17:34:16 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-06-10 17:34:14 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-06-10 17:34:11 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-10 17:34:11 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-10 17:31:29 2868224 ----a-w- c:\windows\system32\mf.dll
2010-06-10 17:30:54 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-06-10 17:30:54 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-06-10 17:30:42 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-06-10 17:30:42 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-10 17:30:39 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-06-10 17:30:39 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-06-10 17:30:39 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-06-10 17:30:35 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-06-10 17:30:23 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-06-10 17:30:23 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-06-10 17:30:22 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-06-10 17:29:59 71680 ----a-w- c:\windows\system32\atl.dll
2010-06-10 17:29:57 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-06-10 17:29:50 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-06-10 17:29:50 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-06-10 17:29:49 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-10 17:29:46 623616 ----a-w- c:\windows\system32\localspl.dll
2010-06-10 17:29:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-06-10 17:29:31 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-06-10 17:27:06 243712 ----a-w- c:\windows\system32\rastls.dll
2010-06-10 17:27:04 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-06-10 17:26:49 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-10 17:26:48 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-10 17:22:31 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-06-10 17:22:26 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-06-10 17:22:23 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-06-10 17:22:23 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-06-10 17:22:23 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-06-10 17:21:10 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-06-10 17:21:10 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-06-10 17:21:10 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-06-10 17:21:09 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-06-10 17:21:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-06-10 17:21:07 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-06-10 17:21:07 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-06-10 17:21:07 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-06-10 17:21:04 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-06-10 17:19:57 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-06-10 17:19:57 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-06-10 17:19:56 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-06-10 17:19:56 471552 ----a-w- c:\windows\system32\secproc.dll
2010-06-10 17:19:54 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-06-10 17:19:54 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-06-10 17:19:54 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-06-10 17:19:54 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-06-10 17:19:51 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-06-10 17:15:45 1904 ------w- c:\windows\system32\SetupBD.din
2010-06-10 17:14:46 39288 ----a-w- c:\windows\system32\NicInE6.dll
2010-06-10 17:14:46 28536 ----a-w- c:\windows\system32\NicCo6.dll
2010-06-10 17:14:46 2689 ----a-w- c:\windows\system32\e1e6032.din
2010-06-10 17:14:46 228224 ----a-w- c:\windows\system32\drivers\e1e6032.sys
2010-06-10 17:14:46 179048 ----a-w- c:\windows\system32\e1000msg.dll
2010-06-10 17:14:46 154496 ----a-w- c:\windows\system32\Prounstl.exe
2010-06-10 17:11:10 0 ----a-w- c:\windows\ativpsrm.bin
2010-06-10 17:03:34 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-06-10 17:03:31 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-06-10 16:59:30 0 d-----w- c:\windows\system32\RTCOM
2010-06-10 16:58:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-06-10 16:58:29 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-06-10 16:58:28 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-06-10 16:42:53 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-06-10 16:42:48 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-10 16:42:43 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-06-10 16:42:27 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 16:37:43 0 d-----w- C:\Intel
2010-06-10 16:37:40 0 d-----w- C:\dell
2010-06-10 16:37:00 0 d-----w- c:\windows\system32\vmm32
2010-06-10 16:37:00 0 d-----w- c:\program files\Dell
2010-06-10 16:36:55 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-06-10 16:36:37 0 d-sh--w- c:\windows\Installer
2010-06-10 16:36:25 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-06-10 16:28:06 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-06-10 16:27:57 98304 ----a-w- c:\windows\system32\cabview.dll
2010-06-10 16:24:02 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-06-10 16:23:52 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-06-10 16:23:47 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-06-10 16:23:47 171608 ----a-w- c:\windows\system32\wuwebv.dll
==================== Find3M ====================
2010-06-14 03:29:44 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-06-14 03:29:44 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-14 03:29:44 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-10 21:30:30 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-10 19:10:52 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-27 18:40:40 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-17 04:04:40 306032 ----a-w- c:\windows\WLXPGSS.SCR
2010-04-17 02:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 8:49:24.96 ===============
http://forums.spybot.info/showthread.php?t=58073
-----------------------------------------
I was not real clear on how to get the scan files you wantd on to the post... u say to copy paste or not I dunno. I know when the time comes I couldn't find the button to attch files however you want, maybe u should post a quick screen shot tutorial for retards like me...:) Hope I didn't do it wrong.
---------------------------------------
Waiting for help in the Malware Forum FOUR days or longer? (http://forums.spybot.info/showthread.php?t=1137)