patrice
2010-09-23, 09:40
Hello,
First of all I caught My security shield.
I tried to remove it using Malwarebytes' Anti-Malware and OTM from old timer to change the host file.
I believed it was sufficient.
I used spy search & delete to delete some tracking cookies.
then, nothing was found in Malwarebytes' Anti-Malware.
Unfortunately, i think that i have another spyware, i am redirected in internet to pages similar to the my security shield, something like "your computer is infected" and you can see a kind of scan at the screen in the browser.
Then, I decided to delete the following key
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.jp.msn.com/USREL/19
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/sphome.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
And now, I am pretty sure that the computer is not safe yet.
Can you please have a look at the DDS log and tell me what you think ?
Thank you in advance
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 16:28:04.17 on Thu 23/09/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3510.2453 [GMT 10:00]
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {68825CCE-CE96-4E56-9AAA-F11EF6BCD0CA}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
svchost.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OA015Mon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\stickies\stickies.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Download\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://mxintra/
uSearch Page = hxxp://www.bing.com
uSearch Bar = hxxp://www.bing.com/sphome.aspx
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OA015Mon] c:\windows\OA015Mon.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DellBtrEvent] d:\program files\dell\reader 2.1\DellBtrEvent.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SearchSettings] c:\program files\pdfforge toolbar\SearchSettings.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{b49673f8-7ab6-4a14-8213-c8a7be370010}\IcoUltraMon.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://au-dc1:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://au-dc1:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://au-dc1:4343/officescan/console/html/root/AtxEnc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
LSA: Authentication Packages = msv1_0 wvauth
IFEO: image file execution options - svchost.exe
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\pbourely\applic~1\mozilla\firefox\profiles\21tz9hvo.default\
FF - prefs.js: browser.search.selectedEngine - search
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\pdfforge toolbar\ff\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge toolbar\ssff\components\SearchSettingsFF.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-9-1 17072]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-16 65584]
R1 DVMIO;DVMIO;d:\program files\dell\reader 2.1\dvmio.sys [2010-5-4 18320]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-24 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-24 27040]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2010-2-8 376688]
R2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\dell\reader 2.1\DVMExportService.exe [2010-5-4 327680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-9-1 13336]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-9-1 60928]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-9-2 59904]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-9-6 51792]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXpflt.sys [2009-12-4 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\TmPreflt.sys [2009-12-4 36368]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-9-1 42672]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-9-2 113664]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-9-1 134144]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-9-1 144576]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-9-2 33832]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-9-2 168616]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-9-2 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-9-2 235520]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-9-17 38224]
R3 OA015Afx;Provides a software interface to control audio effects of OA015 camera.;c:\windows\system32\drivers\OA015Afx.sys [2010-9-2 134144]
R3 OA015Vid;Creative Camera OA015 Function Driver;c:\windows\system32\drivers\OA015Vid.sys [2010-9-2 273568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 r_server;Remote Administrator Service;c:\windows\system32\r_server.exe [2010-9-6 241664]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-9-8 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-9-8 8456]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2009-2-23 652552]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-26 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-09-23 06:22:43 754 ----a-w- c:\windows\WORDPAD.INI
2010-09-22 07:07:29 0 d-----w- c:\docume~1\pbourely\applic~1\Search Settings
2010-09-22 07:07:27 0 d-----w- c:\docume~1\pbourely\applic~1\pdfforge
2010-09-22 07:02:45 0 d-----w- c:\program files\Application Updater
2010-09-22 07:02:43 0 d-----w- c:\program files\pdfforge Toolbar
2010-09-22 07:02:10 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-09-22 07:02:09 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-09-22 07:02:09 0 d-----w- c:\program files\PDFCreator
2010-09-17 08:49:44 5204 ----a-w- c:\windows\system32\tmp.reg
2010-09-17 08:49:09 79360 ----a-w- c:\windows\system32\swxcacls.exe
2010-09-17 08:49:09 75776 ----a-w- c:\windows\system32\WS2Fix.exe
2010-09-17 08:49:09 51200 ----a-w- c:\windows\system32\dumphive.exe
2010-09-17 08:49:09 289144 ----a-w- c:\windows\system32\VCCLSID.exe
2010-09-17 08:49:09 135168 ----a-w- c:\windows\system32\swreg.exe
2010-09-17 07:16:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-17 07:16:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-17 07:16:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-17 05:26:39 0 d-----w- c:\docume~1\pbourely\applic~1\stickies
2010-09-17 05:26:37 592 ----a-w- c:\windows\uninstallstickies.bat
2010-09-17 05:26:37 0 d-----w- c:\program files\stickies
2010-09-17 05:15:28 0 d-----w- c:\program files\Defraggler
2010-09-17 01:28:25 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-09-17 01:04:25 467928 ----a-w- c:\windows\system32\sqlite3.dll
2010-09-17 00:45:15 0 d-----w- c:\program files\CCleaner
2010-09-16 08:41:58 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-09-16 08:41:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-09-16 07:13:16 0 d-----w- c:\program files\common files\PC Tools
2010-09-16 07:09:12 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-09-16 06:46:31 0 d-----w- c:\docume~1\pbourely\applic~1\Malwarebytes
2010-09-16 06:46:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-16 04:31:57 0 d-----w- c:\docume~1\pbourely\applic~1\Realtime Soft
2010-09-16 04:31:55 0 d-----w- c:\program files\common files\Realtime Soft
2010-09-16 04:31:53 0 d-----w- c:\program files\UltraMon
2010-09-16 04:31:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Realtime Soft
2010-09-16 04:18:16 0 d-----w- C:\cygwin
2010-09-16 04:01:33 0 d-----w- c:\program files\MMTaskbar
2010-09-13 09:35:06 0 d-----w- c:\windows\system32\appmgmt
2010-09-13 09:25:49 0 d-----w- c:\docume~1\pbourely\applic~1\eclipse_workspace
2010-09-13 06:22:56 0 d-----w- c:\program files\TMbot
2010-09-13 05:49:00 0 d-----w- c:\documents and settings\pbourely\RichClient
2010-09-13 01:50:23 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-09-13 01:47:37 0 d-----r- c:\program files\Skype
2010-09-13 01:46:57 0 d-----w- c:\program files\Xming
2010-09-10 07:07:27 0 d-----w- C:\15.0-ebf16074
2010-09-10 06:21:23 35602 ----a-w- c:\windows\vpd.properties
2010-09-10 06:01:45 0 d--h--w- c:\windows\PIF
2010-09-10 04:32:07 94208 -c--a-w- c:\windows\system32\dllcache\fpencode.dll
2010-09-10 04:32:07 876653 -c--a-w- c:\windows\system32\dllcache\fp4awel.dll
2010-09-10 02:23:45 0 d-----w- c:\documents and settings\pbourely\.p4scc
2010-09-10 02:21:34 256 ---h--w- c:\windows\uedit32.cfg
2010-09-10 02:17:29 4677 ----a-w- c:\windows\UEDIT32.INI
2010-09-10 02:17:29 0 d-----w- c:\program files\ULTRAEDT
2010-09-10 00:34:56 0 d-----w- c:\program files\Aqua Data Studio 4.7
2010-09-10 00:19:28 0 d-----w- C:\j2sdk1.4.2_08
2010-09-10 00:17:33 0 d-----w- C:\jdk1.6.0_07
2010-09-09 23:48:48 0 d-----w- c:\windows\SQLTools9_KB970892_ENU
2010-09-09 23:46:57 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-09-09 07:45:05 0 d-----w- c:\program files\Gadwin Systems
2010-09-09 04:49:23 0 d-----w- c:\docume~1\pbourely\applic~1\Capturino
2010-09-09 00:35:55 0 d-----w- c:\documents and settings\pbourely\.datastudio
2010-09-08 08:35:06 0 d-----w- c:\documents and settings\pbourely\.p4qt
2010-09-08 08:33:04 0 d-----w- c:\program files\Perforce
2010-09-08 08:13:20 0 d-----w- c:\temp\p4.install
2010-09-08 08:05:15 0 d-----w- C:\temp
2010-09-08 05:55:24 0 d-----w- c:\program files\MSDN
2010-09-08 05:47:52 172 ----a-w- c:\windows\ODBC.INI
2010-09-08 05:47:01 0 d-----w- c:\windows\system32\js
2010-09-08 05:47:01 0 d-----w- c:\windows\system32\images
2010-09-08 05:47:01 0 d-----w- c:\windows\system32\html
2010-09-08 05:47:01 0 d-----w- c:\windows\system32\css
2010-09-08 05:47:01 0 d-----w- c:\program files\Business Objects
2010-09-08 05:42:48 0 d-----w- c:\program files\MSXML 6.0
2010-09-08 05:40:55 0 d-----w- c:\program files\Microsoft SQL Server
2010-09-08 05:40:28 0 d-----w- c:\program files\Microsoft Device Emulator
2010-09-08 05:39:08 0 d-----w- c:\program files\Windows Mobile 5.0 SDK R2
2010-09-08 05:38:22 0 d-----w- c:\program files\Microsoft Synchronization Services
2010-09-08 05:32:29 0 d-----w- c:\docume~1\alluse~1\applic~1\PreEmptive Solutions
2010-09-08 05:25:42 0 d-----w- c:\program files\HTML Help Workshop
2010-09-08 05:25:42 0 d-----w- c:\program files\common files\Merge Modules
2010-09-08 05:25:42 0 d-----w- c:\program files\CE Remote Tools
2010-09-08 05:24:42 0 d-----w- c:\program files\Microsoft Web Designer Tools
2010-09-08 04:56:46 945 ---ha-w- c:\windows\EPMBatch.ept
2010-09-08 04:53:02 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-09-08 04:53:01 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-09-08 04:53:01 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-09-08 04:53:01 1774720 ----a-w- c:\windows\system32\BootMan.exe
2010-09-08 04:53:01 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-09-08 04:52:53 0 d-----w- c:\program files\EASEUS
2010-09-07 23:51:42 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-09-07 01:55:35 0 d-----w- c:\program files\Windows Media Connect 2
2010-09-07 01:54:12 0 d-----w- c:\windows\system32\LogFiles
2010-09-07 00:58:14 0 d-----w- c:\docume~1\pbourely\applic~1\Windows Search
2010-09-07 00:57:18 0 d-sh--w- c:\documents and settings\pbourely\PrivacIE
2010-09-06 09:17:56 0 d-----w- C:\email
2010-09-06 08:30:44 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-09-06 08:30:44 215920 ----a-w- c:\windows\system32\muweb.dll
2010-09-06 08:30:44 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-09-06 08:19:08 3249 ----a-w- c:\windows\system32\wbem\Outlook_01cb4d9c2dc89b9c.mof
2010-09-06 08:17:20 0 d-----w- c:\docume~1\pbourely\applic~1\ICAClient
2010-09-06 08:16:09 0 d-----w- c:\docume~1\pbourely\applic~1\Windows Desktop Search
2010-09-06 08:16:09 0 d-----w- c:\docume~1\pbourely\applic~1\Wave Systems Corp
2010-09-06 08:16:09 0 d-----w- c:\docume~1\pbourely\applic~1\Roxio Log Files
2010-09-06 08:16:09 0 d-----w- c:\docume~1\pbourely\applic~1\Intel Corporation
2010-09-06 08:16:09 0 d-----w- c:\docume~1\pbourely\applic~1\Broadcom
2010-09-06 07:49:08 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2010-09-06 07:49:02 0 d-----w- c:\windows\PrimoPDF4
2010-09-06 07:45:06 0 d-----w- c:\program files\Acro Software
2010-09-06 07:09:30 15279 ----a-w- c:\windows\cfgall.ini
2010-09-06 07:09:12 59472 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-09-06 07:09:12 51792 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-09-06 07:09:12 163408 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-09-06 07:09:10 0 d-----w- c:\windows\system32\log
2010-09-06 07:08:37 0 d-----w- c:\program files\Trend Micro
2010-09-06 07:08:36 21 ----a-w- C:\tmuninst.ini
2010-09-06 06:54:23 0 d-----w- C:\MurexApp
2010-09-06 06:51:37 0 d-----w- c:\program files\Enterprise Vault
2010-09-06 06:50:47 0 d-----w- c:\program files\Murex Systems
2010-09-06 06:45:29 241664 ----a-w- c:\windows\system32\r_server.exe
2010-09-06 06:45:28 0 d-----w- c:\program files\Radmin
2010-09-06 06:44:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Citrix
2010-09-06 06:44:35 0 d-----w- c:\program files\Citrix
2010-09-06 06:37:55 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-09-06 06:33:25 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-09-06 06:32:56 0 d-----w- c:\windows\SHELLNEW
2010-09-06 06:26:35 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-09-06 06:26:35 0 d-----w- c:\program files\MagicDisc
2010-09-06 06:24:48 0 d-----w- c:\program files\MagicISO
2010-09-06 05:44:44 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-09-06 05:44:37 0 d-----w- c:\windows\ie8updates
2010-09-06 05:44:33 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-06 05:44:33 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-09-06 05:44:33 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-09-06 05:44:33 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-06 05:44:33 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-09-06 05:44:33 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-06 05:44:33 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-09-06 05:44:15 0 dc-h--w- c:\windows\ie8
2010-09-06 05:39:26 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-06 05:34:34 0 d-----w- c:\windows\system32\PreInstall
2010-09-06 05:33:20 0 d-----w- c:\windows\SchCache
2010-09-06 04:31:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-06 04:18:41 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-09-06 04:17:05 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-09-06 04:05:44 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-09-02 06:23:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_cvusbdrv_01005.Wdf
2010-09-02 06:22:21 0 d-----w- c:\program files\CONEXANT
2010-09-02 06:22:09 0 d-----w- c:\program files\IDT
2010-09-02 06:21:57 0 d-----w- c:\program files\DellTPad
2010-09-02 06:20:59 1026819 ----a-w- c:\windows\setupapi.log.1.old
2010-09-02 02:17:46 5489 ---ha-r- C:\dell.sdr
2010-09-02 02:15:59 435736 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-09-02 02:14:52 0 d-----w- C:\Apps
2010-09-02 02:12:48 96310 ----a-w- c:\windows\system32\DELLWALL.BMP
2010-09-02 02:12:48 787356 ----a-w- c:\windows\system32\OEMBKGN1.BMP
2010-09-02 02:12:48 30056 ----a-w- c:\windows\system32\OEMLOGO.bmp
2010-09-02 02:12:48 1200 ----a-w- c:\windows\system32\OEMINFO.INI
2010-09-01 11:17:13 61 ----a-w- c:\windows\smscfg.ini
2010-09-01 11:17:07 333 ----a-w- c:\windows\system32\$ncsp$.inf
2010-09-01 11:12:17 0 d-----w- c:\windows\RegisteredPackages
2010-09-01 11:12:15 57656 ------w- c:\windows\system32\drivers\FilterPC.bmp
2010-09-01 11:12:15 24995 ------w- c:\windows\system32\drivers\FilterPC.jpg
2010-09-01 11:12:15 0 d-----w- c:\program files\Creative
2010-09-01 11:12:12 144576 ----a-w- c:\windows\system32\drivers\CtClsFlt.sys
2010-09-01 11:12:12 134144 ----a-w- c:\windows\system32\drivers\CtAudDrv.sys
2010-09-01 11:12:12 0 d-----w- c:\program files\Dell Webcam
2010-09-01 11:10:12 0 d-----w- c:\docume~1\alluse~1\applic~1\{BABCE4AB-AD57-4904-8E84-026E11C6632A}
2010-09-01 11:08:50 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-09-01 11:08:48 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-01 11:07:58 0 d-----w- c:\program files\Microsoft
2010-09-01 11:07:43 0 d-----w- c:\program files\Windows Live SkyDrive
2010-09-01 11:06:19 0 d-----w- c:\program files\common files\Windows Live
2010-09-01 11:06:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Uninstall
2010-09-01 11:06:11 0 d-----w- c:\program files\common files\SureThing Shared
2010-09-01 11:05:54 0 d-----w- c:\program files\common files\Sonic Shared
2010-09-01 11:05:41 0 d-----w- c:\program files\Roxio
2010-09-01 11:01:19 0 d-----w- c:\program files\Wave Systems Corp
2010-09-01 11:01:12 0 d-----w- c:\windows\system32\Test
2010-09-01 11:01:11 0 d-----w- c:\windows\Downloaded Installations
2010-09-01 11:01:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Wave Systems Corp
2010-09-01 11:00:54 0 d-----w- c:\program files\NTRU Cryptosystems
2010-09-01 11:00:54 0 d-----w- c:\docume~1\alluse~1\applic~1\NTRU Cryptosystems
2010-09-01 10:59:57 911400 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2010-09-01 10:59:53 0 d-----w- c:\program files\WIDCOMM
2010-09-01 10:55:06 42672 ----a-w- c:\windows\system32\drivers\Accelern.sys
2010-09-01 10:55:06 17072 ----a-w- c:\windows\system32\drivers\stdfltn.sys
2010-09-01 10:55:06 0 d-----w- c:\program files\STMicroelectronics
2010-09-01 10:51:41 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-09-01 10:51:20 0 d-----w- c:\program files\Digital Line Detect
2010-09-01 10:51:16 0 d-----w- c:\program files\Netwaiting
2010-09-01 10:50:43 0 d-----w- c:\program files\Modem Diagnostic Tool
2010-09-01 10:48:34 206216 ----a-w- c:\windows\system32\bipbsp.dll
2010-09-01 10:48:33 308624 ----a-w- c:\windows\system32\brcmbsp.dll
2010-09-01 10:46:28 0 d-----w- c:\program files\Broadcom Corporation
2010-09-01 10:46:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Broadcom
2010-09-01 10:45:55 80368 ----a-w- c:\windows\system32\pbadrvdll.dll
2010-09-01 10:45:55 26608 ----a-w- c:\windows\system32\drivers\PBADRV.sys
2010-09-01 10:45:22 29184 -c----w- c:\windows\system32\dllcache\usbccid.sys
2010-09-01 10:43:06 0 d-----w- c:\windows\system32\BioAPIFFDB
2010-09-01 10:42:33 0 d-----w- c:\program files\Dell
2010-09-01 10:42:28 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2010-09-01 10:42:28 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2010-09-01 10:42:28 465920 ------w- c:\windows\system32\imapi2fs.dll
2010-09-01 10:42:28 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2010-09-01 10:42:28 317952 ------w- c:\windows\system32\imapi2.dll
2010-09-01 10:42:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-01 10:42:06 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-01 10:39:13 0 d-----w- c:\windows\system32\DRM
2010-09-01 10:38:24 0 d-----w- c:\program files\Windows Desktop Search
2010-09-01 10:38:09 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2010-09-01 10:38:09 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2010-09-01 10:38:09 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2010-09-01 10:34:06 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2010-09-01 10:34:02 28672 -c----w- c:\windows\system32\dllcache\msvidc32.dll
2010-09-01 10:34:02 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2010-09-01 10:33:03 474112 -c----w- c:\windows\system32\dllcache\shlwapi.dll
2010-09-01 10:32:49 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-09-01 10:32:42 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2010-09-01 10:32:35 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
2010-09-01 10:32:27 86016 -c----w- c:\windows\system32\dllcache\cabview.dll
2010-09-01 10:32:01 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2010-09-01 10:32:01 265728 -c----w- c:\windows\system32\dllcache\http.sys
2010-09-01 10:32:01 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2010-09-01 10:31:39 65536 -c----w- c:\windows\system32\dllcache\asycfilt.dll
2010-09-01 10:31:25 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2010-09-01 10:31:23 0 d-----w- c:\program files\MSXML 4.0
2010-09-01 10:31:01 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-09-01 10:30:51 0 d-----w- c:\windows\$968930Uinstall_KB968930$
2010-09-01 10:30:49 0 d-----w- c:\windows\system32\winrm
2010-09-01 10:30:49 0 d-----w- c:\windows\system32\GroupPolicy
2010-09-01 10:30:41 285696 -c----w- c:\windows\system32\dllcache\atmfd.dll
2010-09-01 10:30:34 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2010-09-01 10:30:34 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2010-09-01 10:30:22 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-09-01 10:30:08 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll
2010-09-01 10:29:52 184320 -c----w- c:\windows\system32\dllcache\iepeers.dll
2010-09-01 10:29:51 66560 -c--a-w- c:\windows\system32\dllcache\tdc.ocx
2010-09-01 10:29:51 1025024 -c----w- c:\windows\system32\dllcache\browseui.dll
2010-09-01 10:29:41 1435648 -c----w- c:\windows\system32\dllcache\query.dll
==================== Find3M ====================
2010-09-22 09:20:41 24576 ----a-w- c:\windows\OA015Mon.exe
2010-09-22 09:01:56 737280 ----a-w- c:\windows\system32\AESTFltr.exe
2010-09-02 06:22:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01009.Wdf
2010-09-02 06:22:04 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-09-02 02:15:24 5489 ----a-w- c:\windows\system32\drivers\1028_Dell_LAT_E6410.mrk
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-19 08:31:56 1556480 ----a-w- c:\windows\system32\wvauth.dll
2010-07-19 08:31:46 823296 ----a-w- c:\windows\system32\waveGina.dll
2010-07-19 08:24:10 622592 ----a-w- c:\windows\system32\AmRes_de.dll
2010-07-19 08:24:10 593920 ----a-w- c:\windows\system32\AmRes_en.dll
2010-07-19 08:24:08 618496 ----a-w- c:\windows\system32\AmRes_fr.dll
2010-07-19 08:24:08 618496 ----a-w- c:\windows\system32\AmRes_es.dll
2010-07-19 08:24:08 614400 ----a-w- c:\windows\system32\AmRes_it.dll
2010-07-19 08:24:04 602112 ----a-w- c:\windows\system32\AmRes_pt-BR.dll
2010-07-19 08:24:04 598016 ----a-w- c:\windows\system32\AmRes_ja.dll
2010-07-19 08:24:04 581632 ----a-w- c:\windows\system32\AmRes_ko.dll
2010-07-19 08:24:02 647168 ----a-w- c:\windows\system32\AmRes_ru.dll
2010-07-19 08:24:00 552960 ----a-w- c:\windows\system32\AmRes_zh-CHT.dll
2010-07-19 08:24:00 552960 ----a-w- c:\windows\system32\AmRes_zh-CHS.dll
2010-07-19 08:23:14 593920 ----a-w- c:\windows\system32\AmRes_da.dll
2010-07-19 08:23:12 618496 ----a-w- c:\windows\system32\AmRes_nl.dll
2010-07-19 08:23:12 589824 ----a-w- c:\windows\system32\AmRes_no.dll
2010-07-19 08:23:10 606208 ----a-w- c:\windows\system32\AmRes_pl.dll
2010-07-19 08:23:10 593920 ----a-w- c:\windows\system32\AmRes_sv.dll
2010-07-19 08:22:52 589824 ----a-w- c:\windows\system32\AmRes_ar.dll
2010-07-19 08:22:50 606208 ----a-w- c:\windows\system32\AmRes_cs.dll
2010-07-19 08:22:48 618496 ----a-w- c:\windows\system32\AmRes_el.dll
2010-07-19 08:22:46 598016 ----a-w- c:\windows\system32\AmRes_fi.dll
2010-07-19 08:22:44 581632 ----a-w- c:\windows\system32\AmRes_he.dll
2010-07-19 08:22:42 610304 ----a-w- c:\windows\system32\AmRes_hu.dll
2010-07-19 08:22:40 610304 ----a-w- c:\windows\system32\AmRes_pt-PT.dll
2010-07-19 08:22:38 614400 ----a-w- c:\windows\system32\AmRes_ro.dll
2010-07-19 08:22:34 602112 ----a-w- c:\windows\system32\AmRes_tr.dll
2010-07-19 08:22:26 552960 ----a-w- c:\windows\system32\AmRes_zh-HK.dll
2010-07-19 08:22:24 585728 ----a-w- c:\windows\system32\AmRes_th.dll
2010-07-19 08:21:48 593920 ----a-w- c:\windows\system32\AmRes_sl.dll
2010-07-19 08:21:46 598016 ----a-w- c:\windows\system32\AmRes_hr.dll
2010-07-19 07:51:52 360448 ----a-w- c:\windows\system32\OEM_Resources.dll
2010-07-19 07:47:40 598016 ----a-w- c:\windows\system32\AmRes_sk.dll
2010-07-09 19:43:04 65536 ----a-w- c:\windows\system32\wltrynt.dll
2010-07-09 19:43:04 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2010-07-09 19:43:04 2670592 ----a-w- c:\windows\system32\WLTRAY.EXE
2010-07-09 19:43:04 2670592 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL
2010-07-09 19:43:04 25088 ----a-w- c:\windows\system32\WLTRYSVC.EXE
2010-07-09 19:43:04 143360 ----a-w- c:\windows\system32\preflib.dll
2010-07-09 19:43:00 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll
2010-07-09 19:43:00 311296 ----a-w- c:\windows\system32\bcmwlu00.exe
2010-07-09 19:43:00 2404352 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2010-07-09 19:42:52 835584 ----a-w- c:\windows\system32\BCMLogon.dll
2010-07-09 19:42:52 757760 ----a-w- c:\windows\system32\bcm1xsup.dll
2010-07-09 19:42:52 155648 ----a-w- c:\windows\system32\bcmwlapi.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
============= FINISH: 16:29:02.92 ===============
just to add that sometimes I am redirected to the web page http://67.201.62.122/nolink.htm
and there is white page with "Sorry this link is not longer available"
Thank you
Hello,
I did scan online with bitdefender and it found
Trojan.Heur.TP.Fm0@bmXFnhb in winlogon.exe
and
Trojan.Heur.TP.@qo@b5B5ord in explorer.exe
Thank you for your help
First of all I caught My security shield.
I tried to remove it using Malwarebytes' Anti-Malware and OTM from old timer to change the host file.
I believed it was sufficient.
I used spy search & delete to delete some tracking cookies.
then, nothing was found in Malwarebytes' Anti-Malware.
Unfortunately, i think that i have another spyware, i am redirected in internet to pages similar to the my security shield, something like "your computer is infected" and you can see a kind of scan at the screen in the browser.
Then, I decided to delete the following key
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.jp.msn.com/USREL/19
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/sphome.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
And now, I am pretty sure that the computer is not safe yet.
Can you please have a look at the DDS log and tell me what you think ?
Thank you in advance
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 16:28:04.17 on Thu 23/09/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3510.2453 [GMT 10:00]
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {68825CCE-CE96-4E56-9AAA-F11EF6BCD0CA}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
svchost.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OA015Mon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\stickies\stickies.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Download\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://mxintra/
uSearch Page = hxxp://www.bing.com
uSearch Bar = hxxp://www.bing.com/sphome.aspx
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OA015Mon] c:\windows\OA015Mon.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DellBtrEvent] d:\program files\dell\reader 2.1\DellBtrEvent.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SearchSettings] c:\program files\pdfforge toolbar\SearchSettings.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{b49673f8-7ab6-4a14-8213-c8a7be370010}\IcoUltraMon.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://au-dc1:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://au-dc1:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://au-dc1:4343/officescan/console/html/root/AtxEnc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
LSA: Authentication Packages = msv1_0 wvauth
IFEO: image file execution options - svchost.exe
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\pbourely\applic~1\mozilla\firefox\profiles\21tz9hvo.default\
FF - prefs.js: browser.search.selectedEngine - search
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\pdfforge toolbar\ff\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge toolbar\ssff\components\SearchSettingsFF.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-9-1 17072]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-16 65584]
R1 DVMIO;DVMIO;d:\program files\dell\reader 2.1\dvmio.sys [2010-5-4 18320]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-24 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-24 27040]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2010-2-8 376688]
R2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\dell\reader 2.1\DVMExportService.exe [2010-5-4 327680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-9-1 13336]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-9-1 60928]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-9-2 59904]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-9-6 51792]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXpflt.sys [2009-12-4 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\TmPreflt.sys [2009-12-4 36368]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-9-1 42672]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-9-2 113664]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-9-1 134144]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-9-1 144576]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-9-2 33832]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-9-2 168616]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-9-2 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-9-2 235520]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-9-17 38224]
R3 OA015Afx;Provides a software interface to control audio effects of OA015 camera.;c:\windows\system32\drivers\OA015Afx.sys [2010-9-2 134144]
R3 OA015Vid;Creative Camera OA015 Function Driver;c:\windows\system32\drivers\OA015Vid.sys [2010-9-2 273568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 r_server;Remote Administrator Service;c:\windows\system32\r_server.exe [2010-9-6 241664]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-9-8 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-9-8 8456]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2009-2-23 652552]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-26 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-09-23 06:22:43 754 ----a-w- c:\windows\WORDPAD.INI
2010-09-22 07:07:29 0 d-----w- c:\docume~1\pbourely\applic~1\Search Settings
2010-09-22 07:07:27 0 d-----w- c:\docume~1\pbourely\applic~1\pdfforge
2010-09-22 07:02:45 0 d-----w- c:\program files\Application Updater
2010-09-22 07:02:43 0 d-----w- c:\program files\pdfforge Toolbar
2010-09-22 07:02:10 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-09-22 07:02:09 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-09-22 07:02:09 0 d-----w- c:\program files\PDFCreator
2010-09-17 08:49:44 5204 ----a-w- c:\windows\system32\tmp.reg
2010-09-17 08:49:09 79360 ----a-w- c:\windows\system32\swxcacls.exe
2010-09-17 08:49:09 75776 ----a-w- c:\windows\system32\WS2Fix.exe
2010-09-17 08:49:09 51200 ----a-w- c:\windows\system32\dumphive.exe
2010-09-17 08:49:09 289144 ----a-w- c:\windows\system32\VCCLSID.exe
2010-09-17 08:49:09 135168 ----a-w- c:\windows\system32\swreg.exe
2010-09-17 07:16:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-17 07:16:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-17 07:16:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-17 05:26:39 0 d-----w- c:\docume~1\pbourely\applic~1\stickies
2010-09-17 05:26:37 592 ----a-w- c:\windows\uninstallstickies.bat
2010-09-17 05:26:37 0 d-----w- c:\program files\stickies
2010-09-17 05:15:28 0 d-----w- c:\program files\Defraggler
2010-09-17 01:28:25 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-09-17 01:04:25 467928 ----a-w- c:\windows\system32\sqlite3.dll
2010-09-17 00:45:15 0 d-----w- c:\program files\CCleaner
2010-09-16 08:41:58 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-09-16 08:41:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-09-16 07:13:16 0 d-----w- c:\program files\common files\PC Tools
2010-09-16 07:09:12 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-09-16 06:46:31 0 d-----w- c:\docume~1\pbourely\applic~1\Malwarebytes
2010-09-16 06:46:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-16 04:31:57 0 d-----w- c:\docume~1\pbourely\applic~1\Realtime Soft
2010-09-16 04:31:55 0 d-----w- c:\program files\common files\Realtime Soft
2010-09-16 04:31:53 0 d-----w- c:\program files\UltraMon
2010-09-16 04:31:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Realtime Soft
2010-09-16 04:18:16 0 d-----w- C:\cygwin
2010-09-16 04:01:33 0 d-----w- c:\program files\MMTaskbar
2010-09-13 09:35:06 0 d-----w- c:\windows\system32\appmgmt
2010-09-13 09:25:49 0 d-----w- c:\docume~1\pbourely\applic~1\eclipse_workspace
2010-09-13 06:22:56 0 d-----w- c:\program files\TMbot
2010-09-13 05:49:00 0 d-----w- c:\documents and settings\pbourely\RichClient
2010-09-13 01:50:23 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-09-13 01:47:37 0 d-----r- c:\program files\Skype
2010-09-13 01:46:57 0 d-----w- c:\program files\Xming
2010-09-10 07:07:27 0 d-----w- C:\15.0-ebf16074
2010-09-10 06:21:23 35602 ----a-w- c:\windows\vpd.properties
2010-09-10 06:01:45 0 d--h--w- c:\windows\PIF
2010-09-10 04:32:07 94208 -c--a-w- c:\windows\system32\dllcache\fpencode.dll
2010-09-10 04:32:07 876653 -c--a-w- c:\windows\system32\dllcache\fp4awel.dll
2010-09-10 02:23:45 0 d-----w- c:\documents and settings\pbourely\.p4scc
2010-09-10 02:21:34 256 ---h--w- c:\windows\uedit32.cfg
2010-09-10 02:17:29 4677 ----a-w- c:\windows\UEDIT32.INI
2010-09-10 02:17:29 0 d-----w- c:\program files\ULTRAEDT
2010-09-10 00:34:56 0 d-----w- c:\program files\Aqua Data Studio 4.7
2010-09-10 00:19:28 0 d-----w- C:\j2sdk1.4.2_08
2010-09-10 00:17:33 0 d-----w- C:\jdk1.6.0_07
2010-09-09 23:48:48 0 d-----w- c:\windows\SQLTools9_KB970892_ENU
2010-09-09 23:46:57 0 d-----w- c:\windows\SQL9_KB970892_ENU
2010-09-09 07:45:05 0 d-----w- c:\program files\Gadwin Systems
2010-09-09 04:49:23 0 d-----w- c:\docume~1\pbourely\applic~1\Capturino
2010-09-09 00:35:55 0 d-----w- c:\documents and settings\pbourely\.datastudio
2010-09-08 08:35:06 0 d-----w- c:\documents and settings\pbourely\.p4qt
2010-09-08 08:33:04 0 d-----w- c:\program files\Perforce
2010-09-08 08:13:20 0 d-----w- c:\temp\p4.install
2010-09-08 08:05:15 0 d-----w- C:\temp
2010-09-08 05:55:24 0 d-----w- c:\program files\MSDN
2010-09-08 05:47:52 172 ----a-w- c:\windows\ODBC.INI
2010-09-08 05:47:01 0 d-----w- c:\windows\system32\js
2010-09-08 05:47:01 0 d-----w- c:\windows\system32\images
2010-09-08 05:47:01 0 d-----w- c:\windows\system32\html
2010-09-08 05:47:01 0 d-----w- c:\windows\system32\css
2010-09-08 05:47:01 0 d-----w- c:\program files\Business Objects
2010-09-08 05:42:48 0 d-----w- c:\program files\MSXML 6.0
2010-09-08 05:40:55 0 d-----w- c:\program files\Microsoft SQL Server
2010-09-08 05:40:28 0 d-----w- c:\program files\Microsoft Device Emulator
2010-09-08 05:39:08 0 d-----w- c:\program files\Windows Mobile 5.0 SDK R2
2010-09-08 05:38:22 0 d-----w- c:\program files\Microsoft Synchronization Services
2010-09-08 05:32:29 0 d-----w- c:\docume~1\alluse~1\applic~1\PreEmptive Solutions
2010-09-08 05:25:42 0 d-----w- c:\program files\HTML Help Workshop
2010-09-08 05:25:42 0 d-----w- c:\program files\common files\Merge Modules
2010-09-08 05:25:42 0 d-----w- c:\program files\CE Remote Tools
2010-09-08 05:24:42 0 d-----w- c:\program files\Microsoft Web Designer Tools
2010-09-08 04:56:46 945 ---ha-w- c:\windows\EPMBatch.ept
2010-09-08 04:53:02 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-09-08 04:53:01 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-09-08 04:53:01 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-09-08 04:53:01 1774720 ----a-w- c:\windows\system32\BootMan.exe
2010-09-08 04:53:01 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-09-08 04:52:53 0 d-----w- c:\program files\EASEUS
2010-09-07 23:51:42 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-09-07 01:55:35 0 d-----w- c:\program files\Windows Media Connect 2
2010-09-07 01:54:12 0 d-----w- c:\windows\system32\LogFiles
2010-09-07 00:58:14 0 d-----w- c:\docume~1\pbourely\applic~1\Windows Search
2010-09-07 00:57:18 0 d-sh--w- c:\documents and settings\pbourely\PrivacIE
2010-09-06 09:17:56 0 d-----w- C:\email
2010-09-06 08:30:44 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-09-06 08:30:44 215920 ----a-w- c:\windows\system32\muweb.dll
2010-09-06 08:30:44 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-09-06 08:19:08 3249 ----a-w- c:\windows\system32\wbem\Outlook_01cb4d9c2dc89b9c.mof
2010-09-06 08:17:20 0 d-----w- c:\docume~1\pbourely\applic~1\ICAClient
2010-09-06 08:16:09 0 d-----w- c:\docume~1\pbourely\applic~1\Windows Desktop Search
2010-09-06 08:16:09 0 d-----w- c:\docume~1\pbourely\applic~1\Wave Systems Corp
2010-09-06 08:16:09 0 d-----w- c:\docume~1\pbourely\applic~1\Roxio Log Files
2010-09-06 08:16:09 0 d-----w- c:\docume~1\pbourely\applic~1\Intel Corporation
2010-09-06 08:16:09 0 d-----w- c:\docume~1\pbourely\applic~1\Broadcom
2010-09-06 07:49:08 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2010-09-06 07:49:02 0 d-----w- c:\windows\PrimoPDF4
2010-09-06 07:45:06 0 d-----w- c:\program files\Acro Software
2010-09-06 07:09:30 15279 ----a-w- c:\windows\cfgall.ini
2010-09-06 07:09:12 59472 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-09-06 07:09:12 51792 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-09-06 07:09:12 163408 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-09-06 07:09:10 0 d-----w- c:\windows\system32\log
2010-09-06 07:08:37 0 d-----w- c:\program files\Trend Micro
2010-09-06 07:08:36 21 ----a-w- C:\tmuninst.ini
2010-09-06 06:54:23 0 d-----w- C:\MurexApp
2010-09-06 06:51:37 0 d-----w- c:\program files\Enterprise Vault
2010-09-06 06:50:47 0 d-----w- c:\program files\Murex Systems
2010-09-06 06:45:29 241664 ----a-w- c:\windows\system32\r_server.exe
2010-09-06 06:45:28 0 d-----w- c:\program files\Radmin
2010-09-06 06:44:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Citrix
2010-09-06 06:44:35 0 d-----w- c:\program files\Citrix
2010-09-06 06:37:55 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-09-06 06:33:25 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-09-06 06:32:56 0 d-----w- c:\windows\SHELLNEW
2010-09-06 06:26:35 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-09-06 06:26:35 0 d-----w- c:\program files\MagicDisc
2010-09-06 06:24:48 0 d-----w- c:\program files\MagicISO
2010-09-06 05:44:44 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-09-06 05:44:37 0 d-----w- c:\windows\ie8updates
2010-09-06 05:44:33 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-06 05:44:33 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-09-06 05:44:33 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-09-06 05:44:33 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-06 05:44:33 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-09-06 05:44:33 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-06 05:44:33 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-09-06 05:44:15 0 dc-h--w- c:\windows\ie8
2010-09-06 05:39:26 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-06 05:34:34 0 d-----w- c:\windows\system32\PreInstall
2010-09-06 05:33:20 0 d-----w- c:\windows\SchCache
2010-09-06 04:31:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-06 04:18:41 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-09-06 04:17:05 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-09-06 04:05:44 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-09-02 06:23:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_cvusbdrv_01005.Wdf
2010-09-02 06:22:21 0 d-----w- c:\program files\CONEXANT
2010-09-02 06:22:09 0 d-----w- c:\program files\IDT
2010-09-02 06:21:57 0 d-----w- c:\program files\DellTPad
2010-09-02 06:20:59 1026819 ----a-w- c:\windows\setupapi.log.1.old
2010-09-02 02:17:46 5489 ---ha-r- C:\dell.sdr
2010-09-02 02:15:59 435736 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-09-02 02:14:52 0 d-----w- C:\Apps
2010-09-02 02:12:48 96310 ----a-w- c:\windows\system32\DELLWALL.BMP
2010-09-02 02:12:48 787356 ----a-w- c:\windows\system32\OEMBKGN1.BMP
2010-09-02 02:12:48 30056 ----a-w- c:\windows\system32\OEMLOGO.bmp
2010-09-02 02:12:48 1200 ----a-w- c:\windows\system32\OEMINFO.INI
2010-09-01 11:17:13 61 ----a-w- c:\windows\smscfg.ini
2010-09-01 11:17:07 333 ----a-w- c:\windows\system32\$ncsp$.inf
2010-09-01 11:12:17 0 d-----w- c:\windows\RegisteredPackages
2010-09-01 11:12:15 57656 ------w- c:\windows\system32\drivers\FilterPC.bmp
2010-09-01 11:12:15 24995 ------w- c:\windows\system32\drivers\FilterPC.jpg
2010-09-01 11:12:15 0 d-----w- c:\program files\Creative
2010-09-01 11:12:12 144576 ----a-w- c:\windows\system32\drivers\CtClsFlt.sys
2010-09-01 11:12:12 134144 ----a-w- c:\windows\system32\drivers\CtAudDrv.sys
2010-09-01 11:12:12 0 d-----w- c:\program files\Dell Webcam
2010-09-01 11:10:12 0 d-----w- c:\docume~1\alluse~1\applic~1\{BABCE4AB-AD57-4904-8E84-026E11C6632A}
2010-09-01 11:08:50 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-09-01 11:08:48 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-01 11:07:58 0 d-----w- c:\program files\Microsoft
2010-09-01 11:07:43 0 d-----w- c:\program files\Windows Live SkyDrive
2010-09-01 11:06:19 0 d-----w- c:\program files\common files\Windows Live
2010-09-01 11:06:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Uninstall
2010-09-01 11:06:11 0 d-----w- c:\program files\common files\SureThing Shared
2010-09-01 11:05:54 0 d-----w- c:\program files\common files\Sonic Shared
2010-09-01 11:05:41 0 d-----w- c:\program files\Roxio
2010-09-01 11:01:19 0 d-----w- c:\program files\Wave Systems Corp
2010-09-01 11:01:12 0 d-----w- c:\windows\system32\Test
2010-09-01 11:01:11 0 d-----w- c:\windows\Downloaded Installations
2010-09-01 11:01:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Wave Systems Corp
2010-09-01 11:00:54 0 d-----w- c:\program files\NTRU Cryptosystems
2010-09-01 11:00:54 0 d-----w- c:\docume~1\alluse~1\applic~1\NTRU Cryptosystems
2010-09-01 10:59:57 911400 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2010-09-01 10:59:53 0 d-----w- c:\program files\WIDCOMM
2010-09-01 10:55:06 42672 ----a-w- c:\windows\system32\drivers\Accelern.sys
2010-09-01 10:55:06 17072 ----a-w- c:\windows\system32\drivers\stdfltn.sys
2010-09-01 10:55:06 0 d-----w- c:\program files\STMicroelectronics
2010-09-01 10:51:41 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-09-01 10:51:20 0 d-----w- c:\program files\Digital Line Detect
2010-09-01 10:51:16 0 d-----w- c:\program files\Netwaiting
2010-09-01 10:50:43 0 d-----w- c:\program files\Modem Diagnostic Tool
2010-09-01 10:48:34 206216 ----a-w- c:\windows\system32\bipbsp.dll
2010-09-01 10:48:33 308624 ----a-w- c:\windows\system32\brcmbsp.dll
2010-09-01 10:46:28 0 d-----w- c:\program files\Broadcom Corporation
2010-09-01 10:46:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Broadcom
2010-09-01 10:45:55 80368 ----a-w- c:\windows\system32\pbadrvdll.dll
2010-09-01 10:45:55 26608 ----a-w- c:\windows\system32\drivers\PBADRV.sys
2010-09-01 10:45:22 29184 -c----w- c:\windows\system32\dllcache\usbccid.sys
2010-09-01 10:43:06 0 d-----w- c:\windows\system32\BioAPIFFDB
2010-09-01 10:42:33 0 d-----w- c:\program files\Dell
2010-09-01 10:42:28 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2010-09-01 10:42:28 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2010-09-01 10:42:28 465920 ------w- c:\windows\system32\imapi2fs.dll
2010-09-01 10:42:28 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2010-09-01 10:42:28 317952 ------w- c:\windows\system32\imapi2.dll
2010-09-01 10:42:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-01 10:42:06 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-01 10:39:13 0 d-----w- c:\windows\system32\DRM
2010-09-01 10:38:24 0 d-----w- c:\program files\Windows Desktop Search
2010-09-01 10:38:09 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2010-09-01 10:38:09 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2010-09-01 10:38:09 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2010-09-01 10:34:06 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2010-09-01 10:34:02 28672 -c----w- c:\windows\system32\dllcache\msvidc32.dll
2010-09-01 10:34:02 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2010-09-01 10:33:03 474112 -c----w- c:\windows\system32\dllcache\shlwapi.dll
2010-09-01 10:32:49 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-09-01 10:32:42 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2010-09-01 10:32:35 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
2010-09-01 10:32:27 86016 -c----w- c:\windows\system32\dllcache\cabview.dll
2010-09-01 10:32:01 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2010-09-01 10:32:01 265728 -c----w- c:\windows\system32\dllcache\http.sys
2010-09-01 10:32:01 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2010-09-01 10:31:39 65536 -c----w- c:\windows\system32\dllcache\asycfilt.dll
2010-09-01 10:31:25 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2010-09-01 10:31:23 0 d-----w- c:\program files\MSXML 4.0
2010-09-01 10:31:01 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-09-01 10:30:51 0 d-----w- c:\windows\$968930Uinstall_KB968930$
2010-09-01 10:30:49 0 d-----w- c:\windows\system32\winrm
2010-09-01 10:30:49 0 d-----w- c:\windows\system32\GroupPolicy
2010-09-01 10:30:41 285696 -c----w- c:\windows\system32\dllcache\atmfd.dll
2010-09-01 10:30:34 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2010-09-01 10:30:34 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2010-09-01 10:30:22 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-09-01 10:30:08 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll
2010-09-01 10:29:52 184320 -c----w- c:\windows\system32\dllcache\iepeers.dll
2010-09-01 10:29:51 66560 -c--a-w- c:\windows\system32\dllcache\tdc.ocx
2010-09-01 10:29:51 1025024 -c----w- c:\windows\system32\dllcache\browseui.dll
2010-09-01 10:29:41 1435648 -c----w- c:\windows\system32\dllcache\query.dll
==================== Find3M ====================
2010-09-22 09:20:41 24576 ----a-w- c:\windows\OA015Mon.exe
2010-09-22 09:01:56 737280 ----a-w- c:\windows\system32\AESTFltr.exe
2010-09-02 06:22:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01009.Wdf
2010-09-02 06:22:04 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-09-02 02:15:24 5489 ----a-w- c:\windows\system32\drivers\1028_Dell_LAT_E6410.mrk
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-19 08:31:56 1556480 ----a-w- c:\windows\system32\wvauth.dll
2010-07-19 08:31:46 823296 ----a-w- c:\windows\system32\waveGina.dll
2010-07-19 08:24:10 622592 ----a-w- c:\windows\system32\AmRes_de.dll
2010-07-19 08:24:10 593920 ----a-w- c:\windows\system32\AmRes_en.dll
2010-07-19 08:24:08 618496 ----a-w- c:\windows\system32\AmRes_fr.dll
2010-07-19 08:24:08 618496 ----a-w- c:\windows\system32\AmRes_es.dll
2010-07-19 08:24:08 614400 ----a-w- c:\windows\system32\AmRes_it.dll
2010-07-19 08:24:04 602112 ----a-w- c:\windows\system32\AmRes_pt-BR.dll
2010-07-19 08:24:04 598016 ----a-w- c:\windows\system32\AmRes_ja.dll
2010-07-19 08:24:04 581632 ----a-w- c:\windows\system32\AmRes_ko.dll
2010-07-19 08:24:02 647168 ----a-w- c:\windows\system32\AmRes_ru.dll
2010-07-19 08:24:00 552960 ----a-w- c:\windows\system32\AmRes_zh-CHT.dll
2010-07-19 08:24:00 552960 ----a-w- c:\windows\system32\AmRes_zh-CHS.dll
2010-07-19 08:23:14 593920 ----a-w- c:\windows\system32\AmRes_da.dll
2010-07-19 08:23:12 618496 ----a-w- c:\windows\system32\AmRes_nl.dll
2010-07-19 08:23:12 589824 ----a-w- c:\windows\system32\AmRes_no.dll
2010-07-19 08:23:10 606208 ----a-w- c:\windows\system32\AmRes_pl.dll
2010-07-19 08:23:10 593920 ----a-w- c:\windows\system32\AmRes_sv.dll
2010-07-19 08:22:52 589824 ----a-w- c:\windows\system32\AmRes_ar.dll
2010-07-19 08:22:50 606208 ----a-w- c:\windows\system32\AmRes_cs.dll
2010-07-19 08:22:48 618496 ----a-w- c:\windows\system32\AmRes_el.dll
2010-07-19 08:22:46 598016 ----a-w- c:\windows\system32\AmRes_fi.dll
2010-07-19 08:22:44 581632 ----a-w- c:\windows\system32\AmRes_he.dll
2010-07-19 08:22:42 610304 ----a-w- c:\windows\system32\AmRes_hu.dll
2010-07-19 08:22:40 610304 ----a-w- c:\windows\system32\AmRes_pt-PT.dll
2010-07-19 08:22:38 614400 ----a-w- c:\windows\system32\AmRes_ro.dll
2010-07-19 08:22:34 602112 ----a-w- c:\windows\system32\AmRes_tr.dll
2010-07-19 08:22:26 552960 ----a-w- c:\windows\system32\AmRes_zh-HK.dll
2010-07-19 08:22:24 585728 ----a-w- c:\windows\system32\AmRes_th.dll
2010-07-19 08:21:48 593920 ----a-w- c:\windows\system32\AmRes_sl.dll
2010-07-19 08:21:46 598016 ----a-w- c:\windows\system32\AmRes_hr.dll
2010-07-19 07:51:52 360448 ----a-w- c:\windows\system32\OEM_Resources.dll
2010-07-19 07:47:40 598016 ----a-w- c:\windows\system32\AmRes_sk.dll
2010-07-09 19:43:04 65536 ----a-w- c:\windows\system32\wltrynt.dll
2010-07-09 19:43:04 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2010-07-09 19:43:04 2670592 ----a-w- c:\windows\system32\WLTRAY.EXE
2010-07-09 19:43:04 2670592 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL
2010-07-09 19:43:04 25088 ----a-w- c:\windows\system32\WLTRYSVC.EXE
2010-07-09 19:43:04 143360 ----a-w- c:\windows\system32\preflib.dll
2010-07-09 19:43:00 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll
2010-07-09 19:43:00 311296 ----a-w- c:\windows\system32\bcmwlu00.exe
2010-07-09 19:43:00 2404352 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2010-07-09 19:42:52 835584 ----a-w- c:\windows\system32\BCMLogon.dll
2010-07-09 19:42:52 757760 ----a-w- c:\windows\system32\bcm1xsup.dll
2010-07-09 19:42:52 155648 ----a-w- c:\windows\system32\bcmwlapi.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
============= FINISH: 16:29:02.92 ===============
just to add that sometimes I am redirected to the web page http://67.201.62.122/nolink.htm
and there is white page with "Sorry this link is not longer available"
Thank you
Hello,
I did scan online with bitdefender and it found
Trojan.Heur.TP.Fm0@bmXFnhb in winlogon.exe
and
Trojan.Heur.TP.@qo@b5B5ord in explorer.exe
Thank you for your help