Possible infection with multipal worms/virus

jamper · May 19, 2010

No I set my start page as Firefox speed dial

Shaba · May 20, 2010

So then we remove it.

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Code:
```
Firefox::
uStart Page = hxxp://Bing.zugo.com/?cfg=2-71-0-13GZu
```
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

jamper · May 20, 2010

ComboFix 10-05-16.01 - Dell 05/20/2010 13:43:08.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.504 [GMT -7:00]
Running from: c:\documents and settings\Dell\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dell\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dell\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2010-04-20 to 2010-05-20 )))))))))))))))))))))))))))))))
.

2010-05-18 23:17 . 2010-05-18 23:19 -------- d-----w- c:\documents and settings\Dell\Application Data\Audio2VCD
2010-05-18 23:16 . 2010-05-18 23:16 -------- d-----w- c:\program files\Audio2VCD
2010-05-18 23:14 . 2010-05-18 23:14 -------- d-----w- c:\documents and settings\Dell\Application Data\VCDEasy
2010-05-18 23:14 . 2010-05-18 23:14 -------- d-----w- c:\program files\VCDEasy
2010-05-18 09:55 . 2010-05-18 09:55 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Help
2010-05-18 05:51 . 2010-05-18 09:55 -------- d-----w- c:\program files\VCDwizard
2010-05-18 05:51 . 2010-05-18 05:51 -------- d-----w- c:\program files\lkCDRtools
2010-05-18 05:51 . 2010-05-18 05:51 -------- d-----w- c:\program files\Common Files\DirectX
2010-05-18 05:47 . 2010-05-18 05:58 -------- d-----w- c:\program files\XVideoConverter
2010-05-17 18:49 . 2010-03-14 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-05-17 08:18 . 2010-05-17 08:18 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Yahoo
2010-05-17 00:07 . 2010-05-17 00:07 -------- d-----w- c:\program files\W3i
2010-05-15 03:33 . 2010-05-15 03:33 -------- d-----w- c:\program files\Joboshare
2010-05-15 00:10 . 2010-05-15 00:10 -------- d-----w- c:\program files\AviSynth 2.5
2010-05-15 00:09 . 2010-05-15 01:18 -------- d-----w- c:\program files\Avi2Dvd
2010-05-14 06:13 . 2010-05-14 06:13 -------- d-----w- c:\documents and settings\Dell\Application Data\AVS4YOU
2010-05-14 06:11 . 2010-05-15 00:08 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-05-14 06:10 . 2010-05-15 00:08 -------- d-----w- c:\program files\AVS4YOU
2010-05-14 06:10 . 2010-05-14 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-05-14 06:10 . 2008-08-13 18:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-13 02:05 . 2010-05-13 02:14 -------- d-----w- C:\9d7e71432518b0ecc414879b92bd
2010-05-13 01:06 . 2008-04-14 02:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-05-13 01:06 . 2008-04-14 02:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-05-13 01:05 . 2008-04-13 20:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-05-13 01:05 . 2008-04-13 20:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-05-09 07:02 . 2010-05-09 07:02 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Real
2010-05-09 07:00 . 2010-05-19 04:41 -------- d-----w- c:\program files\Sonne Video Converter
2010-05-09 06:57 . 2010-05-09 06:57 737280 ----a-w- c:\windows\iun6002.exe
2010-05-09 06:57 . 2010-05-09 06:57 -------- d-----w- c:\program files\The Extractor
2010-05-09 06:54 . 2010-05-09 06:54 -------- d-----w- c:\documents and settings\Dell\Application Data\DriverCure
2010-05-09 06:54 . 2010-05-09 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-05-09 06:54 . 2010-05-09 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-05-08 22:40 . 2010-05-09 00:11 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Ashampoo Movie Shrink & Burn 3
2010-05-08 22:37 . 2010-05-08 22:37 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\ashampoo
2010-05-08 22:37 . 2010-05-08 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2010-05-08 22:37 . 2010-05-08 22:37 -------- d-----w- c:\program files\Ashampoo
2010-05-08 17:46 . 2010-05-09 00:33 -------- d-----w- c:\documents and settings\Dell\Application Data\ImgBurn
2010-05-08 16:48 . 2010-05-20 01:54 -------- d-----w- c:\documents and settings\Dell\Application Data\PCF-VLC
2010-05-08 16:37 . 2010-05-09 04:57 -------- d-----w- c:\program files\ImgBurn
2010-05-08 08:58 . 2010-05-17 08:11 -------- d-----w- c:\documents and settings\Dell\Application Data\gtk-2.0
2010-05-08 08:48 . 2010-05-08 08:48 -------- d-----w- c:\documents and settings\Dell\Application Data\Participatory Culture Foundation
2010-05-08 08:40 . 2010-05-08 08:40 -------- d-----w- c:\program files\Participatory Culture Foundation
2010-05-06 07:29 . 2010-05-06 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-05-06 05:17 . 2010-05-17 18:12 -------- d-----w- c:\program files\VSO
2010-05-06 05:06 . 2010-05-06 05:07 -------- d-----w- c:\documents and settings\Dell\Application Data\vlc
2010-05-06 04:54 . 2010-05-17 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-06 04:54 . 2010-05-06 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\W3i
2010-05-06 04:54 . 2010-05-06 04:54 -------- d-----w- c:\documents and settings\Dell\Application Data\Yahoo!
2010-05-06 04:53 . 2010-05-17 08:16 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-05-06 04:53 . 2010-05-17 16:11 -------- d-----w- c:\program files\Yahoo!
2010-05-06 04:29 . 2010-05-17 18:12 -------- d-----w- c:\documents and settings\Dell\Application Data\Vso
2010-05-06 04:29 . 2010-05-17 18:12 47360 ----a-w- c:\documents and settings\Dell\Application Data\pcouffin.sys
2010-05-06 04:29 . 2010-05-17 17:53 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-06 04:24 . 2010-05-08 08:38 -------- d-----w- c:\program files\Satsuki Decoder Pack
2010-05-05 19:26 . 2010-05-05 19:26 -------- d-----w- c:\program files\Trend Micro
2010-05-05 02:56 . 2010-05-04 14:26 650240 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2010-05-03 20:25 . 2010-05-03 21:05 -------- d-----w- c:\documents and settings\Dell\Application Data\ScanSpyware
2010-05-02 07:19 . 2004-08-04 10:00 6656 ----a-w- c:\windows\system32\dllcache\c_is2022.dll
2010-05-02 07:19 . 2004-08-04 10:00 6656 ----a-w- c:\windows\system32\c_is2022.dll
2010-05-02 07:19 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-05-02 07:19 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-05-02 07:19 . 2001-08-18 05:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-05-02 07:19 . 2001-08-18 05:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-05-02 07:19 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-05-02 07:19 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-05-02 07:19 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-05-02 07:19 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2010-05-02 07:18 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-05-02 07:18 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-05-02 07:18 . 2008-04-14 02:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-05-02 07:18 . 2008-04-14 02:09 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2010-05-02 06:07 . 2010-05-11 09:47 -------- d-----w- c:\program files\Anewsoft Video Converter
2010-05-01 06:07 . 2010-05-01 06:07 -------- d-----w- c:\documents and settings\Dell\Application Data\Nero
2010-05-01 05:42 . 2010-05-01 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-05-01 05:31 . 2010-05-01 05:31 -------- d-----w- c:\program files\Microsoft.NET
2010-05-01 05:28 . 2009-09-05 00:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-05-01 05:28 . 2009-09-05 00:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-01 05:27 . 2008-10-15 13:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-05-01 05:27 . 2007-07-20 01:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-05-01 05:27 . 2007-05-16 23:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-05-01 05:26 . 2010-05-01 05:26 -------- d-----w- c:\windows\Logs
2010-04-23 15:31 . 2010-01-20 19:24 52224 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\{56ad905d-0e2d-469f-a492-c751ed7192fc}\components\FFExternalAlert.dll
2010-04-23 15:31 . 2010-01-20 19:24 101376 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\{56ad905d-0e2d-469f-a492-c751ed7192fc}\components\RadioWMPCore.dll
2010-04-21 15:38 . 2010-05-03 18:26 -------- d-----w- c:\program files\Memory ++

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-19 05:35 . 2009-08-05 04:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-17 18:50 . 2010-03-22 07:41 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-05-12 18:21 . 2010-03-11 23:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-03 21:36 . 2005-09-01 07:17 -------- d-----w- c:\program files\QuickTime
2010-05-03 18:49 . 2009-08-05 12:57 -------- d-----w- c:\documents and settings\Dell\Application Data\Move Networks
2010-05-03 03:05 . 2009-07-20 19:32 31792 ----a-w- c:\documents and settings\Dell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-02 04:42 . 2009-08-02 09:51 -------- d-----w- c:\program files\Graboid
2010-05-01 03:05 . 2005-09-01 07:12 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-05-01 03:03 . 2005-09-01 07:12 -------- d-----w- c:\program files\Sonic
2010-04-23 14:58 . 2005-09-01 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2010-04-17 06:33 . 2010-04-17 06:33 -------- d-----w- c:\documents and settings\Dell\Application Data\Media Player Classic
2010-03-30 22:28 . 2005-09-01 07:01 -------- d-----w- c:\program files\Common Files\Java
2010-03-30 22:27 . 2010-03-30 22:27 503808 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25fb02c6-n\msvcp71.dll
2010-03-30 22:27 . 2010-03-30 22:27 499712 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25fb02c6-n\jmc.dll
2010-03-30 22:27 . 2010-03-30 22:27 348160 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25fb02c6-n\msvcr71.dll
2010-03-30 22:27 . 2010-03-30 22:27 61440 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4da605e8-n\decora-sse.dll
2010-03-30 22:27 . 2010-03-30 22:27 12800 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4da605e8-n\decora-d3d.dll
2010-03-30 22:26 . 2005-09-01 07:01 -------- d-----w- c:\program files\Java
2010-03-27 23:55 . 2010-03-27 23:55 -------- d-----w- c:\program files\Safer Networking
2010-03-27 04:08 . 2009-07-20 19:42 -------- d-----w- c:\program files\Google
2010-03-22 05:54 . 2010-03-22 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-03-22 05:51 . 2010-03-22 05:51 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:49 -------- d-----w- c:\program files\DivX
2010-03-22 05:51 . 2010-03-22 05:51 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:51 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:51 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:51 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:50 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-22 05:51 . 2010-03-22 05:51 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-03-22 05:49 . 2010-03-22 05:51 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-03-22 05:47 . 2010-03-22 05:51 986392 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-03-12 21:57 . 2010-03-12 21:57 152576 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-12 21:57 . 2010-03-12 21:57 79488 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-10 06:35 . 2010-03-10 06:35 216 ----a-w- c:\windows\PowerReg.dat
2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:28 . 2009-07-20 19:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-25 06:24 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2005-09-01 06:41 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-05-17_05.58.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-20 20:26 . 2010-05-20 20:26 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
+ 2010-05-20 15:06 . 2010-05-20 15:06 16384 c:\windows\Temp\Perflib_Perfdata_778.dat
- 2004-08-10 17:51 . 2010-05-17 04:27 79610 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2010-05-20 10:36 79610 c:\windows\system32\perfc009.dat
- 2010-04-09 21:34 . 2010-05-17 03:30 65536 c:\windows\system\vdsvrlnk.dll
+ 2010-04-09 21:34 . 2010-04-09 21:34 65536 c:\windows\system\vdsvrlnk.dll
+ 2010-04-09 21:35 . 2010-04-09 21:35 73728 c:\windows\system\vdremote.dll
- 2010-04-09 21:35 . 2010-05-17 03:30 73728 c:\windows\system\vdremote.dll
+ 2010-05-18 05:51 . 2010-05-18 05:51 28672 c:\windows\Installer\{E78D6337-8E3C-11D8-A0A8-0050BF61B407}\_1D81EE058E3F_11D8_A0A8_0050BF61B470.exe
- 2010-05-17 04:25 . 2010-05-17 04:25 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-05-20 10:24 . 2010-05-20 10:24 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-05-20 10:24 . 2010-05-20 10:24 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-05-20 10:29 . 2010-05-20 10:29 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-05-20 10:28 . 2010-05-20 10:28 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-05-20 10:30 . 2010-05-20 10:30 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-05-20 10:30 . 2010-05-20 10:30 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-05-20 10:30 . 2010-05-20 10:30 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-05-20 10:31 . 2010-05-20 10:31 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-05-17 04:26 . 2010-05-17 04:26 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-05-20 10:30 . 2010-05-20 10:30 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-05-20 10:28 . 2010-05-20 10:28 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-05-20 10:27 . 2010-05-20 10:27 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-05-20 10:30 . 2010-05-20 10:30 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-05-20 10:28 . 2010-05-20 10:28 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-05-20 10:30 . 2010-05-20 10:30 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-05-20 10:27 . 2010-05-20 10:27 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-05-20 10:28 . 2010-05-20 10:28 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-05-17 04:25 . 2010-05-17 04:25 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-05-17 04:25 . 2010-05-17 04:25 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-05-20 10:30 . 2010-05-20 10:30 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-05-20 10:30 . 2010-05-20 10:30 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-05-20 10:26 . 2010-05-20 10:26 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-05-20 10:26 . 2010-05-20 10:26 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2004-08-10 17:51 . 2010-05-17 04:27 464500 c:\windows\system32\perfh009.dat
+ 2004-08-10 17:51 . 2010-05-20 10:36 464500 c:\windows\system32\perfh009.dat
+ 2003-11-22 02:42 . 2003-11-22 02:42 397312 c:\windows\system32\mjpgTools.dll
+ 2003-07-23 18:27 . 2003-07-23 18:27 491520 c:\windows\system32\lkVCDimager.dll
+ 2010-05-18 05:51 . 2010-05-18 05:51 337920 c:\windows\Installer\f8c0eb.msi
+ 2010-05-18 05:50 . 2004-04-15 03:14 337896 c:\windows\Downloaded Installations\VCDwizard.msi
+ 2010-05-19 10:07 . 2010-05-19 10:07 113664 c:\windows\assembly\tmp\2CKRZ7FM\System.EnterpriseServices.Wrapper.dll
+ 2010-05-19 10:07 . 2010-05-19 10:07 258048 c:\windows\assembly\tmp\2CKRZ7FM\System.EnterpriseServices.dll
+ 2010-05-20 10:23 . 2010-05-20 10:23 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-05-20 10:23 . 2010-05-20 10:23 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-05-17 04:26 . 2010-05-17 04:26 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-05-20 10:33 . 2010-05-20 10:33 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-05-17 04:26 . 2010-05-17 04:26 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-05-20 10:32 . 2010-05-20 10:32 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-05-20 10:26 . 2010-05-20 10:26 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-05-20 10:26 . 2010-05-20 10:26 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-05-20 10:26 . 2010-05-20 10:26 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-05-20 10:26 . 2010-05-20 10:26 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-05-20 10:31 . 2010-05-20 10:31 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-05-17 04:26 . 2010-05-17 04:26 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-05-20 10:27 . 2010-05-20 10:27 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-05-20 10:27 . 2010-05-20 10:27 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-05-17 04:26 . 2010-05-17 04:26 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-05-20 10:32 . 2010-05-20 10:32 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-05-17 04:26 . 2010-05-17 04:26 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-05-20 10:32 . 2010-05-20 10:32 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-05-20 10:32 . 2010-05-20 10:32 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-05-17 04:26 . 2010-05-17 04:26 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-05-20 10:29 . 2010-05-20 10:29 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-05-20 10:28 . 2010-05-20 10:28 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-05-20 10:28 . 2010-05-20 10:28 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-05-20 10:25 . 2010-05-20 10:25 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-05-20 10:25 . 2010-05-20 10:25 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-05-20 10:24 . 2010-05-20 10:24 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-05-20 10:30 . 2010-05-20 10:30 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-05-20 10:24 . 2010-05-20 10:24 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-05-20 10:25 . 2010-05-20 10:25 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-05-20 10:26 . 2010-05-20 10:26 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-05-20 10:26 . 2010-05-20 10:26 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-05-17 04:26 . 2010-05-17 04:26 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-05-20 10:31 . 2010-05-20 10:31 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-05-20 10:24 . 2010-05-20 10:24 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-05-20 10:24 . 2010-05-20 10:24 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-05-17 04:25 . 2010-05-17 04:25 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-05-20 10:32 . 2010-05-20 10:32 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-05-17 04:26 . 2010-05-17 04:26 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2010-05-05 1000960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"Clearwire Connection Manager"="c:\program files\Clearwire\Connection Manager\ClearwireCM.exe" [2009-12-01 54608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-1 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Memory"=c:\program files\Memory ++\Memory ++

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"mmtask"=c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
"IntelWireless"=c:\program files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1008000.029\SymEFA.sys [3/11/2010 6:45 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1008000.029\BHDrvx86.sys [3/11/2010 6:45 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1008000.029\cchpx86.sys [3/11/2010 6:44 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100513.002\IDSXpx86.sys [5/17/2010 5:58 PM 329592]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [3/11/2010 6:45 PM 117640]
R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\Clearwire\Connection Manager\DeviceLaunchSvc.exe [11/9/2009 1:00 PM 107856]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 5:19 PM 13592]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [10/1/2009 4:51 PM 282112]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [10/1/2009 4:51 PM 51712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/4/2009 1:40 PM 102448]
S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\Clearwire\Connection Manager\RcAppSvc.exe [11/9/2009 1:02 PM 120144]
.
Contents of the 'Scheduled Tasks' folder

2010-05-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=w3i&type=W3i_SP,150,0_0,StartPage,20100521,6687,0,8,0
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2496572&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL -
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Sonne Video Converter\codec\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Sonne Video Converter\codec\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-20 13:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2010-05-20 13:53:16
ComboFix-quarantined-files.txt 2010-05-20 20:52
ComboFix2.txt 2010-05-17 06:25
ComboFix3.txt 2010-05-17 06:02

Pre-Run: 42,815,848,448 bytes free
Post-Run: 46,025,428,992 bytes free

- - End Of File - - 8F731B60305A8CDC658B57CEBA3A7096

Shaba · May 23, 2010

Sorry for delay.

Did you copy everything from code box to CFScript?

jamper · May 23, 2010

Yes I think I did it right, but just in case I ran it again just now

ComboFix 10-05-16.01 - Dell 05/22/2010 23:20:03.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.539 [GMT -7:00]
Running from: c:\documents and settings\Dell\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dell\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((( Files Created from 2010-04-23 to 2010-05-23 )))))))))))))))))))))))))))))))
.

2010-05-22 03:25 . 2010-05-22 03:25 -------- d-----w- c:\program files\Unibrain
2010-05-22 03:20 . 2009-11-11 12:26 557056 ----a-w- c:\windows\system32\Netw2c32.dll
2010-05-22 03:20 . 2009-11-11 12:26 2732032 ----a-w- c:\windows\system32\Netw2r32.dll
2010-05-22 03:20 . 2010-05-22 03:20 -------- dc----w- c:\windows\system32\DRVSTORE
2010-05-22 03:19 . 2010-05-22 03:19 53248 ----a-r- c:\documents and settings\Dell\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-05-22 03:19 . 2010-05-22 03:19 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-05-22 03:19 . 2008-11-08 01:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-05-22 03:16 . 2010-05-22 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-05-22 03:16 . 2010-05-22 03:17 -------- d-----w- c:\program files\Logitech
2010-05-22 03:16 . 2010-05-22 03:19 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-05-22 03:16 . 2010-05-22 03:20 -------- d-----w- c:\documents and settings\Dell\Application Data\Logitech
2010-05-22 03:16 . 2010-05-22 03:16 -------- d-----w- c:\documents and settings\Dell\Application Data\Logishrd
2010-05-22 03:15 . 2007-07-26 23:15 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-05-22 03:15 . 2010-05-22 03:15 -------- d-----w- C:\Intel
2010-05-22 03:08 . 2010-05-22 03:09 12289448 ----a-w- c:\documents and settings\Dell\Application Data\Easeware\DriverEasy\drivers\o1zei444.fy2\ubCore32_033109.exe
2010-05-22 03:08 . 2010-05-22 03:08 4679665 ----a-w- c:\documents and settings\Dell\Application Data\Easeware\DriverEasy\drivers\xsrx1ohn.zja\ICS_Dx32.exe
2010-05-22 03:07 . 2010-05-22 03:07 4758792 ----a-w- c:\documents and settings\Dell\Application Data\Easeware\DriverEasy\drivers\mywstt40.uiz\R154493.EXE
2010-05-22 03:04 . 2010-05-22 03:06 24803808 ----a-w- c:\documents and settings\Dell\Application Data\Easeware\DriverEasy\drivers\25kvdgx5.kmu\setpoint600.exe
2010-05-22 03:03 . 2010-05-22 03:03 -------- d-----w- c:\documents and settings\Dell\Application Data\Easeware
2010-05-22 03:03 . 2010-05-22 03:03 -------- d-----w- c:\program files\Easeware
2010-05-22 02:45 . 2010-05-22 03:49 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Deployment
2010-05-22 02:23 . 2010-05-22 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-05-22 02:06 . 2010-05-22 02:06 -------- d-----w- c:\program files\Opti Drive Control
2010-05-21 21:24 . 2010-05-21 21:24 -------- d-----w- c:\program files\Joboshare
2010-05-18 23:17 . 2010-05-18 23:19 -------- d-----w- c:\documents and settings\Dell\Application Data\Audio2VCD
2010-05-18 23:16 . 2010-05-18 23:16 -------- d-----w- c:\program files\Audio2VCD
2010-05-18 09:55 . 2010-05-18 09:55 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Help
2010-05-18 05:51 . 2010-05-18 09:55 -------- d-----w- c:\program files\VCDwizard
2010-05-18 05:51 . 2010-05-18 05:51 -------- d-----w- c:\program files\lkCDRtools
2010-05-18 05:51 . 2010-05-18 05:51 -------- d-----w- c:\program files\Common Files\DirectX
2010-05-18 05:47 . 2010-05-18 05:58 -------- d-----w- c:\program files\XVideoConverter
2010-05-17 18:49 . 2010-03-14 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-05-17 08:18 . 2010-05-17 08:18 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Yahoo
2010-05-17 00:07 . 2010-05-17 00:07 -------- d-----w- c:\program files\W3i
2010-05-15 00:10 . 2010-05-15 00:10 -------- d-----w- c:\program files\AviSynth 2.5
2010-05-15 00:09 . 2010-05-21 21:20 -------- d-----w- c:\program files\Avi2Dvd
2010-05-14 06:13 . 2010-05-14 06:13 -------- d-----w- c:\documents and settings\Dell\Application Data\AVS4YOU
2010-05-14 06:11 . 2010-05-15 00:08 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-05-14 06:10 . 2010-05-15 00:08 -------- d-----w- c:\program files\AVS4YOU
2010-05-14 06:10 . 2010-05-14 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-05-14 06:10 . 2008-08-13 18:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-13 02:05 . 2010-05-13 02:14 -------- d-----w- C:\9d7e71432518b0ecc414879b92bd
2010-05-13 01:06 . 2008-04-14 02:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-05-13 01:06 . 2008-04-14 02:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-05-13 01:05 . 2008-04-13 20:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-05-13 01:05 . 2008-04-13 20:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-05-09 07:02 . 2010-05-09 07:02 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Real
2010-05-09 07:00 . 2010-05-21 14:27 -------- d-----w- c:\program files\Sonne Video Converter
2010-05-09 06:57 . 2010-05-09 06:57 737280 ----a-w- c:\windows\iun6002.exe
2010-05-09 06:57 . 2010-05-09 06:57 -------- d-----w- c:\program files\The Extractor
2010-05-09 06:54 . 2010-05-09 06:54 -------- d-----w- c:\documents and settings\Dell\Application Data\DriverCure
2010-05-09 06:54 . 2010-05-09 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-05-09 06:54 . 2010-05-09 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-05-08 22:40 . 2010-05-09 00:11 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Ashampoo Movie Shrink & Burn 3
2010-05-08 22:37 . 2010-05-08 22:37 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\ashampoo
2010-05-08 22:37 . 2010-05-08 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2010-05-08 22:37 . 2010-05-08 22:37 -------- d-----w- c:\program files\Ashampoo
2010-05-08 17:46 . 2010-05-09 00:33 -------- d-----w- c:\documents and settings\Dell\Application Data\ImgBurn
2010-05-08 16:48 . 2010-05-20 01:54 -------- d-----w- c:\documents and settings\Dell\Application Data\PCF-VLC
2010-05-08 16:37 . 2010-05-09 04:57 -------- d-----w- c:\program files\ImgBurn
2010-05-08 08:58 . 2010-05-17 08:11 -------- d-----w- c:\documents and settings\Dell\Application Data\gtk-2.0
2010-05-08 08:48 . 2010-05-08 08:48 -------- d-----w- c:\documents and settings\Dell\Application Data\Participatory Culture Foundation
2010-05-08 08:40 . 2010-05-08 08:40 -------- d-----w- c:\program files\Participatory Culture Foundation
2010-05-06 07:29 . 2010-05-06 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-05-06 05:17 . 2010-05-17 18:12 -------- d-----w- c:\program files\VSO
2010-05-06 05:06 . 2010-05-06 05:07 -------- d-----w- c:\documents and settings\Dell\Application Data\vlc
2010-05-06 04:54 . 2010-05-17 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-06 04:54 . 2010-05-06 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\W3i
2010-05-06 04:54 . 2010-05-06 04:54 -------- d-----w- c:\documents and settings\Dell\Application Data\Yahoo!
2010-05-06 04:53 . 2010-05-17 08:16 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-05-06 04:53 . 2010-05-17 16:11 -------- d-----w- c:\program files\Yahoo!
2010-05-06 04:29 . 2010-05-17 18:12 -------- d-----w- c:\documents and settings\Dell\Application Data\Vso
2010-05-06 04:29 . 2010-05-17 18:12 47360 ----a-w- c:\documents and settings\Dell\Application Data\pcouffin.sys
2010-05-06 04:29 . 2010-05-17 17:53 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-06 04:24 . 2010-05-08 08:38 -------- d-----w- c:\program files\Satsuki Decoder Pack
2010-05-05 19:26 . 2010-05-05 19:26 -------- d-----w- c:\program files\Trend Micro
2010-05-05 02:56 . 2010-05-04 14:26 650240 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2010-05-03 20:25 . 2010-05-03 21:05 -------- d-----w- c:\documents and settings\Dell\Application Data\ScanSpyware
2010-05-02 07:19 . 2004-08-04 10:00 6656 ----a-w- c:\windows\system32\dllcache\c_is2022.dll
2010-05-02 07:19 . 2004-08-04 10:00 6656 ----a-w- c:\windows\system32\c_is2022.dll
2010-05-02 07:19 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-05-02 07:19 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-05-02 07:19 . 2001-08-18 05:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-05-02 07:19 . 2001-08-18 05:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-05-02 07:19 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-05-02 07:19 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-05-02 07:19 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-05-02 07:19 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2010-05-02 07:18 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-05-02 07:18 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-05-02 07:18 . 2008-04-14 02:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-05-02 07:18 . 2008-04-14 02:09 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2010-05-02 06:07 . 2010-05-11 09:47 -------- d-----w- c:\program files\Anewsoft Video Converter
2010-05-01 06:07 . 2010-05-01 06:07 -------- d-----w- c:\documents and settings\Dell\Application Data\Nero
2010-05-01 05:42 . 2010-05-01 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-05-01 05:31 . 2010-05-01 05:31 -------- d-----w- c:\program files\Microsoft.NET
2010-05-01 05:28 . 2009-09-05 00:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-05-01 05:28 . 2009-09-05 00:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-01 05:27 . 2008-10-15 13:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-05-01 05:27 . 2007-07-20 01:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-05-01 05:27 . 2007-05-16 23:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-05-01 05:26 . 2010-05-01 05:26 -------- d-----w- c:\windows\Logs
2010-04-23 15:31 . 2010-01-20 19:24 52224 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\{56ad905d-0e2d-469f-a492-c751ed7192fc}\components\FFExternalAlert.dll
2010-04-23 15:31 . 2010-01-20 19:24 101376 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\{56ad905d-0e2d-469f-a492-c751ed7192fc}\components\RadioWMPCore.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-22 03:26 . 2005-09-01 07:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-22 03:19 . 2010-05-22 03:19 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-05-21 04:52 . 2009-08-05 04:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-17 18:50 . 2010-03-22 07:41 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-05-12 18:21 . 2010-03-11 23:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-03 21:36 . 2005-09-01 07:17 -------- d-----w- c:\program files\QuickTime
2010-05-03 18:49 . 2009-08-05 12:57 -------- d-----w- c:\documents and settings\Dell\Application Data\Move Networks
2010-05-03 18:26 . 2010-04-21 15:38 -------- d-----w- c:\program files\Memory ++
2010-05-03 03:05 . 2009-07-20 19:32 31792 ----a-w- c:\documents and settings\Dell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-02 04:42 . 2009-08-02 09:51 -------- d-----w- c:\program files\Graboid
2010-05-01 03:05 . 2005-09-01 07:12 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-05-01 03:03 . 2005-09-01 07:12 -------- d-----w- c:\program files\Sonic
2010-04-23 14:58 . 2005-09-01 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2010-04-17 06:33 . 2010-04-17 06:33 -------- d-----w- c:\documents and settings\Dell\Application Data\Media Player Classic
2010-03-30 22:28 . 2005-09-01 07:01 -------- d-----w- c:\program files\Common Files\Java
2010-03-30 22:27 . 2010-03-30 22:27 503808 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25fb02c6-n\msvcp71.dll
2010-03-30 22:27 . 2010-03-30 22:27 499712 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25fb02c6-n\jmc.dll
2010-03-30 22:27 . 2010-03-30 22:27 348160 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25fb02c6-n\msvcr71.dll
2010-03-30 22:27 . 2010-03-30 22:27 61440 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4da605e8-n\decora-sse.dll
2010-03-30 22:27 . 2010-03-30 22:27 12800 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4da605e8-n\decora-d3d.dll
2010-03-30 22:26 . 2005-09-01 07:01 -------- d-----w- c:\program files\Java
2010-03-27 23:55 . 2010-03-27 23:55 -------- d-----w- c:\program files\Safer Networking
2010-03-27 04:08 . 2009-07-20 19:42 -------- d-----w- c:\program files\Google
2010-03-22 05:51 . 2010-03-22 05:51 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:51 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:51 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:51 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:51 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-03-22 05:51 . 2010-03-22 05:51 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-03-22 05:49 . 2010-03-22 05:51 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-03-22 05:47 . 2010-03-22 05:51 986392 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-03-12 21:57 . 2010-03-12 21:57 152576 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-12 21:57 . 2010-03-12 21:57 79488 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-10 06:35 . 2010-03-10 06:35 216 ----a-w- c:\windows\PowerReg.dat
2010-03-10 06:15 . 2004-08-10 17:51 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:28 . 2009-07-20 19:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-25 06:24 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2005-09-01 06:41 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-05-20_20.49.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-22 20:34 . 2010-05-22 20:34 16384 c:\windows\Temp\Perflib_Perfdata_8c.dat
+ 2010-05-22 20:34 . 2010-05-22 20:34 16384 c:\windows\Temp\Perflib_Perfdata_7cc.dat
+ 2007-10-03 21:56 . 2007-10-03 21:56 53248 c:\windows\system32\UB1394DH.dll
- 2009-07-20 17:45 . 2009-05-12 22:12 26144 c:\windows\system32\spupdsvc.exe
+ 2009-07-20 17:45 . 2008-11-08 01:55 26144 c:\windows\system32\spupdsvc.exe
+ 2010-05-22 03:18 . 2001-08-17 18:48 12160 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\mouhid.sys
+ 2010-05-22 03:18 . 2008-04-13 18:39 23040 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\mouclass.sys
- 2004-08-10 17:51 . 2010-05-20 10:36 79610 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2010-05-22 10:29 79610 c:\windows\system32\perfc009.dat
+ 2009-11-10 11:55 . 2009-11-10 11:55 52240 c:\windows\system32\LMouFiltCoInst.dll
+ 2007-02-27 19:48 . 2007-02-27 19:48 57344 c:\windows\system32\Firei.dll
+ 2009-07-14 17:35 . 2009-07-14 17:35 37608 c:\windows\system32\drivers\wdfldr.sys
+ 2009-03-28 04:50 . 2009-03-28 04:50 46592 c:\windows\system32\drivers\UBUMAPI.sys
+ 2009-03-28 04:50 . 2009-03-28 04:50 17408 c:\windows\system32\drivers\UBSBM.sys
- 2009-07-21 17:29 . 2001-08-17 18:48 12160 c:\windows\system32\drivers\mouhid.sys
+ 2009-07-21 17:29 . 2001-08-17 20:48 12160 c:\windows\system32\drivers\mouhid.sys
- 2004-08-04 03:58 . 2008-04-13 18:39 23040 c:\windows\system32\drivers\mouclass.sys
+ 2004-08-04 03:58 . 2008-04-13 20:39 23040 c:\windows\system32\drivers\mouclass.sys
+ 2009-11-10 11:55 . 2009-11-10 11:55 37392 c:\windows\system32\drivers\LMouFilt.Sys
+ 2009-11-10 11:54 . 2009-11-10 11:54 35984 c:\windows\system32\drivers\LHidFilt.Sys
+ 2009-07-21 17:29 . 2001-08-17 20:48 12160 c:\windows\system32\dllcache\mouhid.sys
- 2009-07-21 17:29 . 2001-08-17 18:48 12160 c:\windows\system32\dllcache\mouhid.sys
+ 2004-08-04 03:58 . 2008-04-13 20:39 23040 c:\windows\system32\dllcache\mouclass.sys
+ 2010-05-22 02:22 . 2010-05-22 02:22 46392 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\ProductName.chm.de_E8BE655ADEA641369B5E012FC4DD61C6.exe
+ 2010-05-22 02:22 . 2010-05-22 02:22 75064 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.pt_6CF114D33913468CBA2AA6967939B819.exe
+ 2010-05-22 02:22 . 2010-05-22 02:22 75064 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.it_251B66F1CA924E82A1EE29E85D5EC5A1.exe
+ 2010-05-22 02:22 . 2010-05-22 02:22 75064 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.fr_E1678746353A46E3A9150D3E8B3832B1.exe
+ 2010-05-22 02:22 . 2010-05-22 02:22 75064 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.es_654C8EA5162D4D4084239A5EDD67F462.exe
+ 2010-05-22 10:14 . 2010-05-22 10:14 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-05-20 10:24 . 2010-05-20 10:24 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-05-22 10:15 . 2010-05-22 10:15 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-05-20 10:24 . 2010-05-20 10:24 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-05-22 10:19 . 2010-05-22 10:19 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-05-20 10:29 . 2010-05-20 10:29 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-05-22 10:18 . 2010-05-22 10:18 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-05-20 10:28 . 2010-05-20 10:28 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-05-20 10:30 . 2010-05-20 10:30 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-05-22 10:20 . 2010-05-22 10:20 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-05-20 10:30 . 2010-05-20 10:30 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-05-22 10:20 . 2010-05-22 10:20 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-05-20 10:30 . 2010-05-20 10:30 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-05-22 10:19 . 2010-05-22 10:19 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-05-20 10:31 . 2010-05-20 10:31 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-05-22 10:20 . 2010-05-22 10:20 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-05-20 10:30 . 2010-05-20 10:30 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-05-22 10:19 . 2010-05-22 10:19 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-05-20 10:28 . 2010-05-20 10:28 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-05-22 10:18 . 2010-05-22 10:18 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-05-20 10:27 . 2010-05-20 10:27 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-05-22 10:17 . 2010-05-22 10:17 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-05-22 10:19 . 2010-05-22 10:19 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-05-20 10:30 . 2010-05-20 10:30 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-05-22 10:18 . 2010-05-22 10:18 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-05-20 10:28 . 2010-05-20 10:28 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-05-22 10:19 . 2010-05-22 10:19 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-05-20 10:30 . 2010-05-20 10:30 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2010-05-22 03:25 . 2010-05-22 03:25 3262 c:\windows\Installer\{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}\ARPPRODUCTICON.exe
+ 2010-05-22 10:17 . 2010-05-22 10:17 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-05-20 10:27 . 2010-05-20 10:27 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-05-20 10:28 . 2010-05-20 10:28 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-05-22 10:18 . 2010-05-22 10:18 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-05-22 10:20 . 2010-05-22 10:20 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-05-20 10:30 . 2010-05-20 10:30 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-05-20 10:30 . 2010-05-20 10:30 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-05-22 10:19 . 2010-05-22 10:19 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-05-20 10:26 . 2010-05-20 10:26 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-05-22 10:17 . 2010-05-22 10:17 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-05-20 10:26 . 2010-05-20 10:26 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-05-22 10:17 . 2010-05-22 10:17 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-03-28 05:15 . 2009-03-28 05:15 237568 c:\windows\system32\ubVideo.dll
+ 2009-03-30 23:41 . 2009-03-30 23:41 692224 c:\windows\system32\ubUI.dll
- 2004-08-10 17:51 . 2010-05-20 10:36 464500 c:\windows\system32\perfh009.dat
+ 2004-08-10 17:51 . 2010-05-22 10:29 464500 c:\windows\system32\perfh009.dat
+ 2009-03-30 23:46 . 2009-03-30 23:46 647168 c:\windows\system32\FireiX.dll
+ 2009-03-30 23:28 . 2009-03-30 23:28 253952 c:\windows\system32\FiCommon.dll
+ 2010-05-22 03:20 . 2009-11-11 12:26 557056 c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\Netw2c32.dll
+ 2010-05-22 03:20 . 2008-06-20 17:32 663552 c:\windows\system32\DRVSTORE\netw5x32_82B9AE35153F0147942779E59FCCBAEDA8F5CF94\NETw5c32.dll
+ 2009-07-14 17:35 . 2009-07-14 17:35 444136 c:\windows\system32\drivers\wdf01000.sys
+ 2009-03-28 04:55 . 2009-03-28 04:55 116224 c:\windows\system32\drivers\ubohci.sys
+ 2009-03-28 04:49 . 2009-03-28 04:49 127488 c:\windows\system32\drivers\UB1394.sys
+ 2009-03-30 23:43 . 2009-03-30 23:43 393216 c:\windows\system32\CFiCamera.dll
+ 2010-05-22 03:19 . 2010-05-22 03:19 240640 c:\windows\Installer\1b045e1.msi
- 2010-05-20 10:23 . 2010-05-20 10:23 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-05-22 10:13 . 2010-05-22 10:13 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-05-20 10:23 . 2010-05-20 10:23 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-05-22 10:14 . 2010-05-22 10:14 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-05-22 10:22 . 2010-05-22 10:22 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-05-20 10:33 . 2010-05-20 10:33 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-05-20 10:32 . 2010-05-20 10:32 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-05-22 10:21 . 2010-05-22 10:21 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-05-22 10:16 . 2010-05-22 10:16 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-05-20 10:26 . 2010-05-20 10:26 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-05-20 10:26 . 2010-05-20 10:26 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-05-22 10:16 . 2010-05-22 10:16 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-05-22 10:16 . 2010-05-22 10:16 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-05-20 10:26 . 2010-05-20 10:26 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-05-22 10:16 . 2010-05-22 10:16 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-05-20 10:26 . 2010-05-20 10:26 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-05-20 10:31 . 2010-05-20 10:31 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-05-22 10:21 . 2010-05-22 10:21 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-05-22 10:17 . 2010-05-22 10:17 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-05-20 10:27 . 2010-05-20 10:27 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-05-20 10:27 . 2010-05-20 10:27 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-05-22 10:17 . 2010-05-22 10:17 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-05-20 10:32 . 2010-05-20 10:32 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-05-22 10:22 . 2010-05-22 10:22 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-05-22 10:21 . 2010-05-22 10:21 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-05-20 10:32 . 2010-05-20 10:32 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-05-20 10:32 . 2010-05-20 10:32 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-05-22 10:21 . 2010-05-22 10:21 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-05-20 10:29 . 2010-05-20 10:29 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-05-22 10:19 . 2010-05-22 10:19 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-05-22 10:18 . 2010-05-22 10:18 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-05-20 10:28 . 2010-05-20 10:28 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-05-20 10:28 . 2010-05-20 10:28 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-05-22 10:18 . 2010-05-22 10:18 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-05-22 10:15 . 2010-05-22 10:15 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-05-20 10:25 . 2010-05-20 10:25 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-05-22 10:16 . 2010-05-22 10:16 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-05-20 10:25 . 2010-05-20 10:25 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-05-20 10:24 . 2010-05-20 10:24 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-05-22 10:15 . 2010-05-22 10:15 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-05-20 10:30 . 2010-05-20 10:30 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-05-22 10:20 . 2010-05-22 10:20 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-05-20 10:24 . 2010-05-20 10:24 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-05-22 10:15 . 2010-05-22 10:15 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-05-20 10:25 . 2010-05-20 10:25 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-05-22 10:16 . 2010-05-22 10:16 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-05-20 10:26 . 2010-05-20 10:26 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-05-22 10:17 . 2010-05-22 10:17 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-05-20 10:26 . 2010-05-20 10:26 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-05-22 10:17 . 2010-05-22 10:17 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-03-30 23:22 . 2009-03-30 23:22 1540096 c:\windows\system32\ubShared.dll
+ 2009-03-30 23:25 . 2009-03-30 23:25 1138688 c:\windows\system32\UB1394.dll
+ 2009-11-10 11:55 . 2009-11-10 11:55 1581072 c:\windows\system32\LkmdfCoInst.dll
+ 2010-05-22 03:20 . 2009-11-11 12:26 2216064 c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\w29n51.sys
+ 2010-05-22 03:20 . 2009-11-11 12:26 2212352 c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\w29n50.sys
+ 2010-05-22 03:20 . 2009-11-11 12:26 2732032 c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\Netw2r32.dll
+ 2010-05-22 03:20 . 2009-10-26 13:47 4221952 c:\windows\system32\DRVSTORE\netw5x32_82B9AE35153F0147942779E59FCCBAEDA8F5CF94\NETw5x32.sys
+ 2010-05-22 03:20 . 2008-06-20 17:33 2756608 c:\windows\system32\DRVSTORE\netw5x32_82B9AE35153F0147942779E59FCCBAEDA8F5CF94\NETw5r32.dll
+ 2005-09-01 06:42 . 2009-11-11 12:26 2216064 c:\windows\system32\drivers\w29n51.sys
+ 2010-05-22 03:25 . 2010-05-22 03:25 1191424 c:\windows\Installer\1b045e5.msi
- 2010-05-20 10:31 . 2010-05-20 10:31 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-05-22 10:20 . 2010-05-22 10:20 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-05-20 10:24 . 2010-05-20 10:24 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-05-22 10:14 . 2010-05-22 10:14 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-05-20 10:24 . 2010-05-20 10:24 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-05-22 10:14 . 2010-05-22 10:14 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-05-20 10:32 . 2010-05-20 10:32 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-05-22 10:21 . 2010-05-22 10:21 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2010-05-05 1000960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"Clearwire Connection Manager"="c:\program files\Clearwire\Connection Manager\ClearwireCM.exe" [2009-12-01 54608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]

c:\documents and settings\Dell\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-1 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Memory"=c:\program files\Memory ++\Memory ++
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"mmtask"=c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
"IntelWireless"=c:\program files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1008000.029\SymEFA.sys [3/11/2010 6:45 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1008000.029\BHDrvx86.sys [3/11/2010 6:45 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1008000.029\cchpx86.sys [3/11/2010 6:44 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100513.002\IDSXpx86.sys [5/17/2010 5:58 PM 329592]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [3/11/2010 6:45 PM 117640]
R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\Clearwire\Connection Manager\DeviceLaunchSvc.exe [11/9/2009 1:00 PM 107856]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [3/27/2009 9:50 PM 17408]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [3/27/2009 9:50 PM 46592]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 5:19 PM 13592]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [10/1/2009 4:51 PM 282112]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [10/1/2009 4:51 PM 51712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/4/2009 1:40 PM 102448]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [3/27/2009 9:55 PM 116224]
S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\Clearwire\Connection Manager\RcAppSvc.exe [11/9/2009 1:02 PM 120144]
.
Contents of the 'Scheduled Tasks' folder

2010-05-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=w3i&type=W3i_SP,150,0_0,StartPage,20100521,6687,0,8,0
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2496572&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL -
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\xb9tdwg8.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Sonne Video Converter\codec\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Sonne Video Converter\codec\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-22 23:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(972)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-22 23:29:16
ComboFix-quarantined-files.txt 2010-05-23 06:28
ComboFix2.txt 2010-05-20 20:53
ComboFix3.txt 2010-05-17 06:25
ComboFix4.txt 2010-05-17 06:02

Pre-Run: 46,377,332,736 bytes free
Post-Run: 46,359,851,008 bytes free

- - End Of File - - 4C9453657482EB78D4831B00007E9374

Shaba · May 25, 2010

That looks OK now

Please go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

jamper · May 25, 2010

Hello,
here are the latest Kaspersky and HJT reports, Thanks.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, May 25, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, May 25, 2010 06:57:50
Records in database: 4171379
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 77552
Threats found: 1
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 02:32:07

File name / Threat / Threats count
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-67c5acb0 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\15\310e48cf-68357989 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-277351bb Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-2cf1b0ce Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\52\e649f74-5e50da35 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache\6.0\54\e0a5976-6d6176d9 Infected: Exploit.Java.Agent.f 1

Selected area has been scanned.

___________________________________________________________________________________________________________________________________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:02 AM, on 5/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
c:\program files\clearwire\connection manager\Location Finder\mylocal.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=w3i&type=W3i_SP,150,0_0,StartPage,20100521,6687,0,8,0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Clearwire Connection Manager] "C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe" -a
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Clearwire RcAppSvc (CLEARWIRERcAppSvc) - SmithMicro Inc. - C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Clearwire Device Launch Service (SMSI Device Launch Service) - Unknown owner - C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7543 bytes

Shaba · May 26, 2010

Empty this folder:

C:\Documents and Settings\Dell\Application Data\Sun\Java\Deployment\cache

Empty Recycle Bin.

Still problems?

jamper · May 27, 2010

Thank You That got rid of the problem:thanks:, and i ran Kaspersky and it was clean.
I do have another question. What about the items that spybot shows in the system start up? many of them (in the Paul Collins start up list) say they are worms/virus/Trojans etc. what do I do about them?
Thank You.

Shaba · May 29, 2010

They are false positives, you can ignore them.

Are you ready for final instructions?

jamper · May 29, 2010

that's a relief. awaiting final instructions:bigthumb:.

Shaba · May 30, 2010

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor
3) PC Tools
4) Sunbelt/Kerio
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Now lets uninstall ComboFix:

Click START then RUN
Now type Combofix /uninstall in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt and save it to desktop.

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Malwarebytes' Anti-Malware - Malwarebytes''Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide

Malwarebytes' Anti-Malware Scanning Guide
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here
Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean! :bigthumb:

jamper · May 31, 2010

Done. Thanks so much for all your help.:rockon:

Possible infection with multipal worms/virus

jamper

New member

Shaba

Security Expert: Emeritus

jamper

New member

Shaba

Security Expert: Emeritus

jamper

New member

Shaba

Security Expert: Emeritus

jamper

New member

Shaba

Security Expert: Emeritus

jamper

New member

Shaba

Security Expert: Emeritus

jamper

New member

Shaba

Security Expert: Emeritus

jamper

New member