Hi Blade,
I wholeheartedly thank you for your continued efforts.
***
ComboFix 10-06-03.01 - Beth 06/03/2010 18:18:53.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.484 [GMT -4:00]
Running from: c:\documents and settings\Beth\Desktop\syringe.exe
Command switches used :: c:\documents and settings\Beth\Desktop\CFScript.txt
AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\LimeWire
c:\program files\LimeWire\limewire2.m3u
c:\program files\LimeWire\limewire5.m3u
c:\program files\LimeWire\limewire55.m3u
.
((((((((((((((((((((((((( Files Created from 2010-05-03 to 2010-06-03 )))))))))))))))))))))))))))))))
.
2010-06-02 23:28 . 2010-06-02 23:28 -------- d-----w- c:\documents and settings\Beth\Application Data\Panda Security
2010-06-02 23:27 . 2010-06-02 23:27 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2010-06-02 23:27 . 2010-06-02 23:27 -------- d-----w- c:\program files\Panda Security
2010-06-02 23:27 . 2010-06-02 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-06-02 14:53 . 2010-06-02 15:03 -------- d-----w- C:\syringe
2010-06-01 12:48 . 2010-06-02 23:23 -------- d-----w- C:\Medicine
2010-05-26 18:51 . 2010-05-26 18:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-26 18:49 . 2010-02-01 01:45 38784 ----a-w- c:\documents and settings\Beth\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2010-05-26 18:49 . 2010-05-26 18:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-26 18:49 . 2010-05-26 18:49 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-05-26 17:58 . 2010-05-26 18:20 -------- d-----w- c:\documents and settings\Beth\.SunDownloadManager
2010-05-26 14:27 . 2010-05-26 14:54 -------- d-----w- c:\documents and settings\All Users\Medicine
2010-05-26 14:21 . 2010-05-26 14:21 -------- d-----w- c:\program files\ERUNT
2010-05-26 12:26 . 2010-05-26 12:26 503808 ----a-w- c:\documents and settings\Beth\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5bbff612-n\msvcp71.dll
2010-05-26 12:26 . 2010-05-26 12:26 499712 ----a-w- c:\documents and settings\Beth\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5bbff612-n\jmc.dll
2010-05-26 12:26 . 2010-05-26 12:26 348160 ----a-w- c:\documents and settings\Beth\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5bbff612-n\msvcr71.dll
2010-05-26 12:26 . 2010-05-26 12:26 61440 ----a-w- c:\documents and settings\Beth\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-340cb519-n\decora-sse.dll
2010-05-26 12:26 . 2010-05-26 12:26 12800 ----a-w- c:\documents and settings\Beth\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-340cb519-n\decora-d3d.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-03 14:28 . 2008-04-14 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-06-01 22:37 . 2010-04-20 22:42 -------- d-----w- c:\documents and settings\Beth\Application Data\Catan Online World 3
2010-05-26 19:12 . 2009-08-26 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-26 18:42 . 2008-02-11 17:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-26 18:42 . 2008-02-11 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-26 18:39 . 2008-05-01 17:47 -------- d-----w- c:\program files\Common Files\Java
2010-05-26 18:39 . 2008-02-11 17:07 -------- d-----w- c:\program files\Java
2010-05-17 18:32 . 2008-02-11 17:19 -------- d-----w- c:\program files\Google
2010-05-17 13:13 . 2008-02-22 15:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-03 12:09 . 2009-09-17 22:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 19:39 . 2009-09-17 22:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-09-17 22:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 21:46 . 2010-04-27 21:46 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 22:42 . 2010-04-20 22:42 46506 ----a-w- c:\documents and settings\Beth\Application Data\Catan Online World 3\uninst.exe
2010-04-19 13:12 . 2008-12-15 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-11 12:38 . 2004-08-11 22:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-11 22:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-11 22:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 13:33 . 2010-03-09 13:33 503808 ----a-w- c:\documents and settings\Beth\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-638c1c0b-n\msvcp71.dll
2010-03-09 13:33 . 2010-03-09 13:33 499712 ----a-w- c:\documents and settings\Beth\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-638c1c0b-n\jmc.dll
2010-03-09 13:33 . 2010-03-09 13:33 348160 ----a-w- c:\documents and settings\Beth\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-638c1c0b-n\msvcr71.dll
2010-03-09 13:33 . 2010-03-09 13:33 61440 ----a-w- c:\documents and settings\Beth\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-448a4321-n\decora-sse.dll
2010-03-09 13:33 . 2010-03-09 13:33 12800 ----a-w- c:\documents and settings\Beth\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-448a4321-n\decora-d3d.dll
2010-03-09 11:09 . 2004-08-11 22:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-12-15 22:52 . 2009-12-15 22:52 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-06-02_15.01.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-13 19:50 . 2009-10-13 19:50 95880 c:\windows\system32\drivers\PSINFile.sys
+ 2009-10-13 19:50 . 2009-10-13 19:50 101512 c:\windows\system32\drivers\PSINProc.sys
+ 2009-10-13 19:50 . 2009-10-13 19:50 114312 c:\windows\system32\drivers\PSINKNC.sys
+ 2009-10-30 20:18 . 2009-10-30 20:18 146952 c:\windows\system32\drivers\PSINAflt.sys
+ 2010-06-02 23:27 . 2010-06-02 23:27 339968 c:\windows\Installer\{C98BBC25-490C-4F3F-81D8-5D12C11732DF}\Shortcuts_ProductN_A17DF807A25C4F9396D48EA53C96348F.exe
+ 2010-06-02 23:27 . 2010-06-02 23:27 4902912 c:\windows\Installer\1cff94c.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2009-11-02 13:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Pending Delete Icon]
@="{0847B599-9191-4A27-BD61-DE11598D3B1B}"
[HKEY_CLASSES_ROOT\CLSID\{0847B599-9191-4A27-BD61-DE11598D3B1B}]
2009-11-02 13:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2009-11-02 13:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-28 8429568]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-22 16132608]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-15 30192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2009-10-30 361728]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk.disabled [2010-1-20 2333]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [10/13/2009 3:50 PM 114312]
R2 NanoServiceMain;NanoServiceMain;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [10/30/2009 5:29 PM 136448]
R2 PSINAFLT;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [10/30/2009 4:18 PM 146952]
R2 PSINFILE;PSINFile;c:\windows\system32\drivers\PSINFile.sys [10/13/2009 3:50 PM 95880]
R2 PSINPROC;PSINProc;c:\windows\system32\drivers\PSINProc.sys [10/13/2009 3:50 PM 101512]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2009 11:15 AM 135664]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/11/2008 1:19 PM 30192]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - NANOSERVICEMAIN
*NewlyCreated* - PSINAFLT
*NewlyCreated* - PSINFILE
*NewlyCreated* - PSINKNC
*NewlyCreated* - PSINPROC
.
Contents of the 'Scheduled Tasks' folder
2009-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
2010-06-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-11 14:06]
2010-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 15:15]
2010-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 15:15]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=tjc0HaB9bqXdq5SkVEsilomdlOI
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
TCP: {3B785F8F-F158-4F75-898C-2A27F43DD058} = 4.2.2.2
FF - ProfilePath - c:\documents and settings\Beth\Application Data\Mozilla\Firefox\Profiles\y8568s7n.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-03 18:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3361271000-3595603026-2878554568-1005\Software\Microsoft\Windows\CurrentVersion*Qlinifigocixaf]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2010-06-03 18:24:08
ComboFix-quarantined-files.txt 2010-06-03 22:24
Pre-Run: 295,797,227,520 bytes free
Post-Run: 295,793,750,016 bytes free
- - End Of File - - 6E764A3CCFEA13BC207916E18E26DDC2
***
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, June 4, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, June 03, 2010 20:07:03
Records in database: 4197620
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
Scan statistics:
Objects scanned: 61188
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:27:16
No threats found. Scanned area is clean.
Selected area has been scanned.
***
DDS (Ver_10-03-17.01) - NTFSx86
Run by Beth at 8:37:15.64 on Fri 06/04/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.538 [GMT -4:00]
AV: Panda Cloud Antivirus *On-access scanning enabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Beth\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=tjc0HaB9bqXdq5SkVEsilomdlOI
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Dell Network Assistant.lnk.disabled
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259966654328
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://zylan.webex.com/client/T26L/support/ieatgpc.cab
TCP: {3B785F8F-F158-4F75-898C-2A27F43DD058} = 4.2.2.2
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\beth\applic~1\mozilla\firefox\profiles\y8568s7n.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2009-10-13 114312]
R2 NanoServiceMain;NanoServiceMain;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2009-10-30 136448]
R2 PSINAFLT;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2009-10-30 146952]
R2 PSINFILE;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2009-10-13 95880]
R2 PSINPROC;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2009-10-13 101512]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-22 135664]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-11 30192]
=============== Created Last 30 ================
2010-06-04 12:27:33 369 ----a-w- C:\Shortcut to Medicine.lnk
2010-06-02 23:28:27 0 d-----w- c:\docume~1\beth\applic~1\Panda Security
2010-06-02 23:27:34 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2010-06-02 23:27:21 0 d-----w- c:\program files\Panda Security
2010-06-02 23:27:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Panda Security
2010-06-02 14:56:16 0 d-sha-r- C:\cmdcons
2010-06-02 14:53:32 0 d-----w- C:\syringe
2010-06-02 13:55:20 98816 ----a-w- c:\windows\sed.exe
2010-06-02 13:55:20 77312 ----a-w- c:\windows\MBR.exe
2010-06-02 13:55:20 256512 ----a-w- c:\windows\PEV.exe
2010-06-02 13:55:20 161792 ----a-w- c:\windows\SWREG.exe
2010-06-01 12:48:59 0 d-----w- C:\Medicine
2010-05-26 17:58:22 0 d-----w- c:\documents and settings\beth\.SunDownloadManager
2010-05-26 14:27:33 0 d-----w- c:\documents and settings\all users\Medicine
==================== Find3M ====================
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 21:46:33 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-19 22:05:50 4874240 ------w- c:\windows\system32\dllcache\wmp.dll
2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-10 13:18:20 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:09:18 430080 ------w- c:\windows\system32\dllcache\vbscript.dll
2009-09-17 13:18:26 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009091720090918\index.dat
============= FINISH: 8:37:47.07 ===============
***
How am I doing, coach?
the dumb old boy