unwanted iexplorer.exe process, sound issues, pop-ups

F

Fuzz18500

New member
In the past week, my computer has begun running 2-4 iexplorer.exe processes without my opening Internet Explorer and without it appearing to be open. Occasionally, I will hear an audio ad or a full screen ad will appear in Internet Explorer. Also, every 5-10 minutes the "wave" bar in the volume control will drop to zero effectively muting all sound on my computer. I have avast! antivirus and windows defender running. I've also run Malware Bytes, SuperAntiSpyware, AdAware, and Spybot Search & Destroy which turned up nothing but tracking cookies. I've also run eSage labs Bootkit Remover. None of these actions have resulted in any change.

Here are my DDS log files. Thanks in advance for any help.



DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 21:32:28.33 on Wed 06/30/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.199 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dimension 4 5.0.350\D4.exe
C:\Documents and Settings\Fray\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Fray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fray\My Documents\Downloads\dds.scr
C:\Documents and Settings\Fray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://goat.law.upenn.edu/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [StartupDelayer] "c:\program files\r2 studios\startup delayer\Startup Launcher GUI.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9d.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} - hxxp://www.worldwinner.com/games/v45/moneylist/moneylist.cab
DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} - hxxp://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229469238812
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277864066749
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - Eudora's Shell Extension
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\fray\applic~1\mozilla\firefox\profiles\mgf86utj.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxps://goat.law.upenn.edu/
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\fray\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\fray\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\fray\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-25 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-2 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-2 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-5-28 14896]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-12 24652]

=============== Created Last 30 ================

2010-06-29 12:13:04 0 d-----w- c:\program files\Secunia
2010-06-29 04:22:40 38848 ----a-w- c:\windows\avastSS.scr
2010-06-29 04:11:58 0 d-----w- c:\docume~1\fray\applic~1\SUPERAntiSpyware.com
2010-06-29 04:11:58 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-06-29 04:11:28 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-29 02:31:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-25 06:32:13 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-25 04:13:28 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-25 01:10:57 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-19 17:02:12 0 d-----w- c:\program files\iTunes
2010-06-19 16:50:51 0 d-----w- c:\program files\Bonjour
2010-06-16 12:07:19 3278 ----a-w- c:\windows\system32\wbem\Outlook_01cb0d4c7806b654.mof
2010-06-09 03:35:49 285696 -c----w- c:\windows\system32\dllcache\atmfd.dll
2010-06-09 03:35:09 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-04 01:31:07 0 d-----w- c:\program files\DellSupport
2010-06-03 02:37:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-02 23:15:12 0 d-----w- c:\docume~1\fray\applic~1\Malwarebytes
2010-06-02 23:14:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-02 23:14:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-02 23:14:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-02 23:14:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-02 19:24:37 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-06-02 04:06:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-06-02 03:35:11 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-06-02 02:38:17 416 ----a-w- c:\windows\system32\vcredist_x86.bat
2010-06-02 02:38:17 33664 ----a-w- c:\windows\system32\drivers\BCMWLNPF.SYS
2010-06-02 02:38:15 278528 ----a-w- c:\windows\system32\bcmwlu00.exe
2010-06-02 02:38:15 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2010-06-02 02:38:15 139264 ----a-w- c:\windows\system32\preflib.dll
2010-06-02 02:38:14 65536 ----a-w- c:\windows\system32\wltrynt.dll
2010-06-02 02:38:13 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll
2010-06-02 02:38:11 4743168 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2010-06-02 02:38:10 2183168 ----a-w- c:\windows\system32\WLTRAY.EXE
2010-06-02 02:38:09 1921024 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2010-06-02 02:38:08 24064 ----a-w- c:\windows\system32\WLTRYSVC.EXE
2010-06-02 02:37:08 22729 ----a-w- C:\newkey
2010-06-02 02:37:08 22729 ----a-w- C:\newfile.enc
2010-06-02 02:35:32 0 dc-h--w- c:\windows\ie8
2010-06-02 02:24:04 936960 ----a-w- c:\windows\system32\drivers\HSX_DPV.sys
2010-06-02 02:24:04 669696 ----a-w- c:\windows\system32\drivers\HSX_CNXT.sys
2010-06-02 02:24:04 192512 ----a-w- c:\windows\system32\drivers\HSXHWAZL.sys
2010-06-02 02:24:04 114688 ----a-w- c:\windows\system32\Uci32103.dll
2010-06-02 02:23:23 0 d-----w- c:\program files\Digital Line Detect
2010-06-02 02:13:10 146944 ----a-w- c:\windows\system32\st325602.dll
2010-06-02 02:08:28 0 d-----w- c:\docume~1\alluse~1\applic~1\PCDr
2010-06-02 02:08:28 0 d-----w- c:\docume~1\alluse~1\applic~1\PC-Doctor

==================== Find3M ====================

2010-06-25 04:13:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-28 11:04:52 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-05-27 00:16:25 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-05-27 00:16:25 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-05-26 02:06:33 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-22 21:41:33 109056 --sha-r- c:\windows\system32\spupdsvc6.dll
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 18:40:40 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-27 18:40:40 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-04-27 18:40:40 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2007-08-11 01:43:20 88 --sh--r- c:\windows\system32\5DF5FFAAF7.sys
2007-09-16 20:36:36 56 --sh--r- c:\windows\system32\F7AAFFF55D.sys
2007-09-16 20:36:36 4548 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 21:33:41.96 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/20/2006 11:03:18 PM
System Uptime: 6/29/2010 10:39:06 PM (23 hours ago)

Motherboard: Dell Inc. | | 0KD882
Processor: Genuine Intel(R) CPU T1350 @ 1.86GHz | Microprocessor | 1861/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 39 GiB total, 6.389 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 3.667 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\221F2941444FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\221F2941444FC000
Service: NIC1394

==== System Restore Points ===================

RP21: 6/4/2010 11:15:36 PM - System Checkpoint
RP22: 6/6/2010 1:34:32 AM - System Checkpoint
RP23: 6/7/2010 2:52:14 AM - System Checkpoint
RP24: 6/7/2010 3:53:15 PM - Software Distribution Service 3.0
RP25: 6/9/2010 12:03:34 AM - System Checkpoint
RP26: 6/9/2010 8:00:55 PM - Software Distribution Service 3.0
RP27: 6/10/2010 6:30:07 PM - Software Distribution Service 3.0
RP28: 6/11/2010 9:23:40 PM - System Checkpoint
RP29: 6/12/2010 11:09:04 PM - System Checkpoint
RP30: 6/14/2010 1:06:45 AM - System Checkpoint
RP31: 6/14/2010 11:40:32 PM - Software Distribution Service 3.0
RP32: 6/17/2010 12:53:34 AM - System Checkpoint
RP33: 6/17/2010 7:14:58 PM - Software Distribution Service 3.0
RP34: 6/19/2010 1:54:25 PM - System Checkpoint
RP35: 6/20/2010 4:27:14 PM - System Checkpoint
RP36: 6/21/2010 6:50:27 PM - Software Distribution Service 3.0
RP37: 6/24/2010 1:28:56 AM - System Checkpoint
RP38: 6/24/2010 2:45:55 PM - Software Distribution Service 3.0
RP39: 6/28/2010 5:01:46 PM - Software Distribution Service 3.0
RP40: 6/28/2010 10:28:40 PM - Installed Java(TM) 6 Update 20
RP41: 6/29/2010 9:43:41 PM - Removed FileZilla 2.2.26
RP42: 6/29/2010 10:15:39 PM - Removed SecureCRT 5.1.3
RP43: 6/29/2010 10:25:08 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Digital Editions
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
Amazon Kindle For PC v1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
Canon MP530 User Registration
Choice Guard
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Download Manager
Dell Support Center (Support Software)
Dell System Restore
Dell Wireless WLAN Card
DellSupport
Digital Content Portal
Digital Line Detect
Dimension 4 v5.0
DivX Plus DirectShow Filters
DivX Setup
DriveSpacio 0.1.2 Build 5
ERUNT 1.1j
FileNET Panagon Web Controls 3.2
Google Chrome
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 20
LexisNexis® CD on Folio® 4
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Helper
Move Media Player
Mozilla Firefox (3.6.4)
MozyHome Remote Backup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netflix Movie Viewer
Network Stumbler 0.4.0 (remove only)
OGA Notifier 2.0.0048.0
oggcodecs 0.71.0946
PC Inspector smart recovery
PrimoPDF
PrimoPDF Redistribution Package
Python 2.5.1
QuickSet
QuickTime
RealPlayer
RealUpgrade 1.0
Search Assist
Secunia PSI
SecureW2 Client 3.1.2
SecureW2 TTLS Client 3.2.0 for Windows 2K/XP
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SigmaTel Audio
Sony USB Driver
Spybot - Search & Destroy
Startup Delayer v2.5 (build 138)
StuffIt Expander 8.5
SUPERAntiSpyware
Synaptics Pointing Device Driver
System Requirements Lab
TELL ME MORE
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB PC Camera 301P 1.02 QC
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Automatic Update Service (WAUS)
Windows Defender
Windows Defender Signatures
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows Presentation Foundation
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

6/29/2010 12:22:52 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
6/29/2010 12:20:03 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/29/2010 12:10:10 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD APPDRV aswSP aswTdi Fips intelppm IPSec mozyFilter MRxSmb NetBIOS NetBT RasAcd Rdbss sptd Tcpip WS2IFSL
6/28/2010 10:27:28 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/28/2010 10:27:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
6/28/2010 10:27:24 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
6/24/2010 9:22:18 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
6/24/2010 9:14:21 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
6/24/2010 9:14:21 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/24/2010 9:13:39 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/24/2010 9:13:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
6/24/2010 9:10:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
6/24/2010 9:04:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/24/2010 9:04:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD APPDRV aswSP aswTdi Fips intelppm IPSec Lbd mozyFilter MRxSmb NetBIOS NetBT RasAcd Rdbss sptd Tcpip WS2IFSL
6/24/2010 9:04:18 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/24/2010 9:04:18 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/24/2010 9:04:18 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/24/2010 9:04:18 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/24/2010 9:04:18 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/24/2010 9:04:18 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/24/2010 9:04:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/24/2010 9:03:34 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
6/23/2010 8:10:59 PM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly. It has done this 1 time(s).
6/23/2010 8:08:59 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
6/23/2010 8:08:22 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/23/2010 8:08:00 PM, error: Service Control Manager [7034] - The BrSplService service terminated unexpectedly. It has done this 1 time(s).
6/23/2010 7:00:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
6/23/2010 6:19:57 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.

==== End Of File ===========================
 
Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
Here's the Combofix log.


ComboFix 10-07-04.04 - Owner 07/05/2010 22:29:32.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.622 [GMT -4:00]
Running from: c:\documents and settings\Fray\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system\oeminfo.ini
c:\windows\system32\st325602.dll

----- BITS: Possible infected sites -----

hxxp://sus.isc.upenn.edu
.
((((((((((((((((((((((((( Files Created from 2010-06-06 to 2010-07-06 )))))))))))))))))))))))))))))))
.

2010-07-06 02:32 . 2010-07-06 02:32 4 ----a-w- c:\program files\1038578.dat
2010-06-29 12:13 . 2010-06-29 12:13 -------- d-----w- c:\program files\Secunia
2010-06-29 04:22 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-29 04:12 . 2010-06-30 23:21 63488 ----a-w- c:\documents and settings\Fray\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-29 04:12 . 2010-06-29 04:12 52224 ----a-w- c:\documents and settings\Fray\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-29 04:12 . 2010-06-30 23:21 117760 ----a-w- c:\documents and settings\Fray\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-29 04:11 . 2010-06-29 04:11 -------- d-----w- c:\documents and settings\Fray\Application Data\SUPERAntiSpyware.com
2010-06-29 04:11 . 2010-06-29 04:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-29 04:11 . 2010-06-29 04:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-29 02:31 . 2010-06-29 02:31 503808 ----a-w- c:\documents and settings\Fray\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-68e41b87-n\msvcp71.dll
2010-06-29 02:31 . 2010-06-29 02:31 499712 ----a-w- c:\documents and settings\Fray\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-68e41b87-n\jmc.dll
2010-06-29 02:31 . 2010-06-29 02:31 12800 ----a-w- c:\documents and settings\Fray\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7ceb4792-n\decora-d3d.dll
2010-06-29 02:31 . 2010-06-29 02:31 61440 ----a-w- c:\documents and settings\Fray\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7ceb4792-n\decora-sse.dll
2010-06-29 02:31 . 2010-06-29 02:31 348160 ----a-w- c:\documents and settings\Fray\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-68e41b87-n\msvcr71.dll
2010-06-29 02:31 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-29 02:23 . 2010-06-29 02:21 921376 ----a-w- c:\documents and settings\Fray\Application Data\Sun\Java\JRERunOnce.exe
2010-06-29 02:23 . 2010-06-29 02:23 -------- d-----w- c:\program files\Common Files\Java
2010-06-28 22:35 . 2010-06-28 22:35 -------- d-----w- c:\program files\ERUNT
2010-06-25 06:32 . 2010-06-25 04:13 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-25 04:13 . 2010-06-25 04:12 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-25 04:09 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-06-25 01:17 . 2010-06-25 01:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-06-25 01:10 . 2010-06-25 04:10 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-25 01:04 . 2010-06-25 01:04 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-06-23 23:06 . 2010-06-23 23:06 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-23 23:06 . 2010-06-23 23:06 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-23 23:06 . 2010-06-23 23:06 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-23 23:06 . 2010-06-23 23:06 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-23 23:04 . 2010-06-23 23:04 84062 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-06-23 23:04 . 2010-06-23 23:04 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-23 23:03 . 2010-06-23 23:03 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-23 23:03 . 2010-06-23 23:03 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-23 23:03 . 2010-06-23 23:03 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-23 23:01 . 2010-06-23 23:01 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-06-19 17:02 . 2010-06-19 17:04 -------- d-----w- c:\program files\iTunes
2010-06-19 16:50 . 2010-06-19 16:50 -------- d-----w- c:\program files\Bonjour
2010-06-19 16:46 . 2010-06-19 16:46 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-09 03:35 . 2010-04-20 05:30 285696 -c----w- c:\windows\system32\dllcache\atmfd.dll
2010-06-09 03:35 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-30 02:22 . 2006-07-14 17:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-30 02:22 . 2006-07-14 17:44 -------- d-----w- c:\program files\CyberLink
2010-06-30 02:16 . 2006-07-14 17:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-30 01:43 . 2006-09-14 06:57 -------- d-----w- c:\program files\FileZilla
2010-06-29 02:30 . 2006-07-14 17:37 -------- d-----w- c:\program files\Java
2010-06-28 22:52 . 2006-12-09 05:15 -------- d-----w- c:\program files\BitTorrent
2010-06-28 22:52 . 2006-12-09 05:16 -------- d-----w- c:\documents and settings\Fray\Application Data\BitTorrent
2010-06-28 20:57 . 2010-06-02 04:06 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-06-02 04:07 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-06-02 04:07 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-06-02 04:07 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-06-02 04:07 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-06-02 04:07 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-06-02 04:07 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-06-02 04:07 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-25 04:13 . 2009-10-27 21:17 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-25 04:10 . 2008-01-05 07:18 -------- d-----w- c:\program files\Lavasoft
2010-06-25 04:09 . 2008-01-05 07:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-25 04:06 . 2009-06-30 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-25 01:17 . 2009-06-30 19:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-23 23:14 . 2010-06-02 03:41 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-23 23:14 . 2010-06-02 03:35 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-23 23:06 . 2006-12-20 18:28 -------- d-----w- c:\program files\DivX
2010-06-23 23:06 . 2007-01-26 17:29 -------- d-----w- c:\documents and settings\Fray\Application Data\DivX
2010-06-23 23:03 . 2010-04-27 01:07 -------- d-----w- c:\program files\Auralog
2010-06-23 23:01 . 2010-06-02 03:37 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-23 23:01 . 2010-06-02 03:37 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-23 22:59 . 2009-02-03 05:40 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-19 17:03 . 2006-07-22 00:58 -------- d-----w- c:\program files\iPod
2010-06-19 17:03 . 2007-07-05 21:29 -------- d-----w- c:\program files\Common Files\Apple
2010-06-04 01:31 . 2010-06-04 01:31 -------- d-----w- c:\program files\DellSupport
2010-06-04 01:30 . 2006-07-21 02:02 -------- d--h--w- c:\documents and settings\Fray\Application Data\Gtek
2010-06-02 23:16 . 2010-06-02 23:16 -------- d-----w- c:\program files\Windows Defender
2010-06-02 23:15 . 2010-06-02 23:15 -------- d-----w- c:\documents and settings\Fray\Application Data\Malwarebytes
2010-06-02 23:15 . 2010-06-02 23:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-02 23:14 . 2010-06-02 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-02 04:06 . 2010-06-02 04:06 -------- d-----w- c:\program files\Alwil Software
2010-06-02 04:06 . 2010-06-02 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-02 03:41 . 2006-09-21 06:11 -------- d-----w- c:\program files\LimeWire
2010-06-02 03:37 . 2009-06-10 03:13 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-02 03:37 . 2010-06-02 03:37 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-02 03:37 . 2010-06-02 03:37 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-02 03:37 . 2010-06-02 03:37 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-02 03:37 . 2010-06-02 03:37 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-02 03:37 . 2010-06-02 03:37 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-02 03:37 . 2010-06-02 03:37 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-02 03:37 . 2010-06-02 03:37 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-02 03:36 . 2010-06-02 03:36 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-02 03:36 . 2010-06-02 03:36 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-02 03:09 . 2006-07-14 17:48 -------- d-----w- c:\program files\Common Files\AOL
2010-06-02 02:31 . 2006-07-14 17:43 -------- d-----w- c:\program files\Broadcom
2010-06-02 02:23 . 2010-06-02 02:23 -------- d-----w- c:\program files\Digital Line Detect
2010-06-02 02:19 . 2010-06-02 02:19 -------- d-----w- c:\program files\DIFX
2010-06-02 02:14 . 2010-06-02 02:14 304 ----a-w- c:\windows\system32\drivers\sthdae.log
2010-06-02 02:08 . 2010-06-02 02:08 69120 ----a-w- c:\documents and settings\All Users\Application Data\SupportSoft\DellSupportCenter\_default\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE
2010-06-02 02:08 . 2007-11-27 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2010-06-02 02:08 . 2010-06-02 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2010-06-02 02:08 . 2010-06-02 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC-Doctor
2010-06-02 02:07 . 2007-11-27 06:20 -------- d-----w- c:\program files\Dell Support Center
2010-06-02 02:06 . 2007-09-01 19:01 -------- d-----w- c:\program files\Common Files\SupportSoft
2010-06-02 02:06 . 2007-11-27 06:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-05-28 11:04 . 2010-05-28 11:04 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-05-27 00:16 . 2010-05-27 00:16 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-05-27 00:16 . 2010-05-27 00:16 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-05-26 03:35 . 2010-05-22 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-26 02:16 . 2010-05-26 02:16 -------- d-----w- c:\program files\Alcohol Soft
2010-05-26 02:06 . 2007-02-11 17:58 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-22 21:41 . 2010-05-22 21:41 109056 --sha-r- c:\windows\system32\spupdsvc6.dll
2010-05-22 21:34 . 2008-08-05 05:14 -------- d-----w- c:\program files\AVG
2010-05-21 18:14 . 2010-06-03 02:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-06-02 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-06-02 23:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 18:40 . 2007-02-01 07:54 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-27 18:40 . 2006-07-14 17:55 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-04-27 18:40 . 2006-07-14 17:55 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-27 18:40 . 2005-04-25 07:03 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-04-22 02:14 . 2010-04-22 02:14 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-22 02:14 . 2010-04-22 02:14 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-22 02:14 . 2010-04-22 02:14 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-22 02:14 . 2010-04-22 02:14 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-22 02:14 . 2010-04-22 02:14 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-22 02:14 . 2010-04-22 02:14 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-22 02:14 . 2010-04-22 02:14 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-22 02:14 . 2010-04-22 02:14 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-22 02:14 . 2010-04-22 02:14 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2007-08-11 01:43 . 2006-09-08 02:54 88 --sh--r- c:\windows\system32\5DF5FFAAF7.sys
2007-09-16 20:36 . 2007-09-16 20:36 56 --sh--r- c:\windows\system32\F7AAFFF55D.sys
2007-09-16 20:36 . 2006-09-08 02:54 4548 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-06-24 19:03 2835256 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-06-24 19:03 2835256 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9l.exe" [2010-06-07 221432]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk]
backup=c:\windows\pss\MozyHome Status.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-06-25 04:12 864112 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-10-09 23:17 2183168 ----a-w- c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-19 23:35 133104 ----atw- c:\documents and settings\Fray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-05-10 14:22 405504 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-08 16:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-22 02:13 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dimension 4 5.0.350\\D4.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/25/2010 12:13 AM 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/2/2010 12:07 AM 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/2/2010 12:07 AM 17744]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [5/28/2010 7:04 AM 14896]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/11/2007 1:58 PM 691696]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/12/2009 1:30 AM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-07-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 04:12]

2010-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826268918-2413449167-3315875096-1006Core.job
- c:\documents and settings\Fray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-19 23:35]

2010-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826268918-2413449167-3315875096-1006UA.job
- c:\documents and settings\Fray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-19 23:35]

2010-07-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-07-06 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

2010-07-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-826268918-2413449167-3315875096-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-07-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-826268918-2413449167-3315875096-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://goat.law.upenn.edu/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Fray\Application Data\Mozilla\Firefox\Profiles\mgf86utj.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxps://goat.law.upenn.edu/
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Fray\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\Fray\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Fray\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)
Notify-NavLogon - (no file)
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-05 22:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,7c,58,0d,8d,20,13,49,aa,3c,92,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,7c,58,0d,8d,20,13,49,aa,3c,92,\

[HKEY_USERS\S-1-5-21-826268918-2413449167-3315875096-1006\Software\Local AppWizard-Generated Applications\MMDiag]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-826268918-2413449167-3315875096-1006\Software\Local AppWizard-Generated Applications\MMDiag\Recent File List]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-826268918-2413449167-3315875096-1006\Software\MusicMatch, Inc.\Musicmatch for WMP]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Borland\Database Engine\Settings]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\BVRP Software\Modem Helper]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\BVRP Software, Inc\Digital Line Detect]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\BVRP Software, Inc\NetWaiting]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9l.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9l.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Creative Tech\Installation]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Player\Schemes]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
"NoServices"=dword:00000000
"ServiceExtra"="Partner=Dell&MachineID=DK1ZBB1\00\00????i\00Ÿ'?\06\00'??\1d\00?'\00'\00\00?\06???\06???\00?\06??\00'??\00'?'\00\00\00\00\00\00?? \00????Ÿ'\00'\00\00\00'?\06???\06?\01\04\00?\06???\06??????????\00'\00\00???????\06\00'??\03\00?'\00'???\06???\06??????????????\0e\00???\06?\06\00\00???????'\00'???\06?\06?\06??\08\00??????Ÿ'????????????Ÿ'???????\06\00'Ÿ'?\06\01\00???'?\06???'?????'?????"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services\MTVN]
@DACL=(02 0000)
"FriendlyName"="URGE"
"ImageLargeURL"="http://store.urge.com/sitewide/wmp/img/urge_tmp.png"
"ImageMenuURL"="http://store.urge.com/sitewide/wmp/img/wmpdms_menuicon.jpg"
"ContentPartner"="true"
"ImageSmallURL"="http://store.urge.com/sitewide/wmp/img/error_logo.png"
"Task1ButtonText"="URGE"
"Task1ButtonTip"="URGE"
"Type"=dword:00000003

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Subscriptions]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Subscriptions\MTVN]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{EC9B8ACF-09C1-4C7B-A6BA-F5CBC478CA71}]
@DACL=(02 0000)
"FriendlyName"="res://MMRadioWMPPlugin.dll/RT_STRING/#102"
"Description"="res://MMRadioWMPPlugin.dll/RT_STRING/#103"
"Capabilities"=dword:c2000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP OOB\SP10\KB835221WXP\Filelist]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS]
@DACL=(02 0000)
"ProgID"="MsScp.SCPTRANS.1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-07-05 22:38:51
ComboFix-quarantined-files.txt 2010-07-06 02:38

Pre-Run: 6,763,741,184 bytes free
Post-Run: 6,900,084,736 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /NOGUIBOOT

- - End Of File - - C252465D2696BDCB80134E09C78FD991
 
And here are the DDS logs



DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 22:41:28.95 on Mon 07/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.421 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Fray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fray\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://goat.law.upenn.edu/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [StartupDelayer] "c:\program files\r2 studios\startup delayer\Startup Launcher GUI.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9l.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} - hxxp://www.worldwinner.com/games/v45/moneylist/moneylist.cab
DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} - hxxp://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229469238812
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277864066749
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\fray\applic~1\mozilla\firefox\profiles\mgf86utj.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxps://goat.law.upenn.edu/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-25 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-2 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-2 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-5-28 14896]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-12 24652]

=============== Created Last 30 ================

2010-07-06 02:32:09 4 ----a-w- c:\program files\1038578.dat
2010-07-06 02:25:46 0 d-sha-r- C:\cmdcons
2010-07-06 02:18:04 77312 ----a-w- c:\windows\MBR.exe
2010-07-06 02:18:04 256512 ----a-w- c:\windows\PEV.exe
2010-07-06 02:18:03 98816 ----a-w- c:\windows\sed.exe
2010-07-06 02:18:03 161792 ----a-w- c:\windows\SWREG.exe
2010-06-29 12:13:04 0 d-----w- c:\program files\Secunia
2010-06-29 04:22:40 38848 ----a-w- c:\windows\avastSS.scr
2010-06-29 04:11:58 0 d-----w- c:\docume~1\fray\applic~1\SUPERAntiSpyware.com
2010-06-29 04:11:58 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-06-29 04:11:28 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-29 02:31:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-25 06:32:13 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-25 04:13:28 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-25 01:10:57 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-19 17:02:12 0 d-----w- c:\program files\iTunes
2010-06-19 16:50:51 0 d-----w- c:\program files\Bonjour
2010-06-16 12:07:19 3278 ----a-w- c:\windows\system32\wbem\Outlook_01cb0d4c7806b654.mof
2010-06-09 03:35:49 285696 -c----w- c:\windows\system32\dllcache\atmfd.dll
2010-06-09 03:35:09 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

==================== Find3M ====================

2010-06-25 04:13:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-02 02:14:50 304 ----a-w- c:\windows\system32\drivers\sthdae.log
2010-05-28 11:04:52 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-05-27 00:16:25 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-05-27 00:16:25 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-05-26 02:06:33 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-22 21:41:33 109056 --sha-r- c:\windows\system32\spupdsvc6.dll
2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 18:40:40 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-27 18:40:40 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-04-27 18:40:40 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2007-08-11 01:43:20 88 --sh--r- c:\windows\system32\5DF5FFAAF7.sys
2007-09-16 20:36:36 56 --sh--r- c:\windows\system32\F7AAFFF55D.sys
2007-09-16 20:36:36 4548 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 22:41:44.29 ===============




DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 22:41:28.95 on Mon 07/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.421 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Fray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fray\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://goat.law.upenn.edu/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [StartupDelayer] "c:\program files\r2 studios\startup delayer\Startup Launcher GUI.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9l.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} - hxxp://www.worldwinner.com/games/v45/moneylist/moneylist.cab
DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} - hxxp://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229469238812
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277864066749
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\fray\applic~1\mozilla\firefox\profiles\mgf86utj.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxps://goat.law.upenn.edu/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-25 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-2 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-2 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-5-28 14896]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-12 24652]

=============== Created Last 30 ================

2010-07-06 02:32:09 4 ----a-w- c:\program files\1038578.dat
2010-07-06 02:25:46 0 d-sha-r- C:\cmdcons
2010-07-06 02:18:04 77312 ----a-w- c:\windows\MBR.exe
2010-07-06 02:18:04 256512 ----a-w- c:\windows\PEV.exe
2010-07-06 02:18:03 98816 ----a-w- c:\windows\sed.exe
2010-07-06 02:18:03 161792 ----a-w- c:\windows\SWREG.exe
2010-06-29 12:13:04 0 d-----w- c:\program files\Secunia
2010-06-29 04:22:40 38848 ----a-w- c:\windows\avastSS.scr
2010-06-29 04:11:58 0 d-----w- c:\docume~1\fray\applic~1\SUPERAntiSpyware.com
2010-06-29 04:11:58 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-06-29 04:11:28 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-29 02:31:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-25 06:32:13 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-25 04:13:28 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-25 01:10:57 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-19 17:02:12 0 d-----w- c:\program files\iTunes
2010-06-19 16:50:51 0 d-----w- c:\program files\Bonjour
2010-06-16 12:07:19 3278 ----a-w- c:\windows\system32\wbem\Outlook_01cb0d4c7806b654.mof
2010-06-09 03:35:49 285696 -c----w- c:\windows\system32\dllcache\atmfd.dll
2010-06-09 03:35:09 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

==================== Find3M ====================

2010-06-25 04:13:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-02 02:14:50 304 ----a-w- c:\windows\system32\drivers\sthdae.log
2010-05-28 11:04:52 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-05-27 00:16:25 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-05-27 00:16:25 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-05-26 02:06:33 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-22 21:41:33 109056 --sha-r- c:\windows\system32\spupdsvc6.dll
2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 18:40:40 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-27 18:40:40 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-04-27 18:40:40 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2007-08-11 01:43:20 88 --sh--r- c:\windows\system32\5DF5FFAAF7.sys
2007-09-16 20:36:36 56 --sh--r- c:\windows\system32\F7AAFFF55D.sys
2007-09-16 20:36:36 4548 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 22:41:44.29 ===============
 
Hi,

Before further instructions I'd like to know if same problems still remain.
 
They are.
Additionally, Chrome has been acting funny as well. Where I would usually have 3-5 chrome.exe processes running, I now have about 8.
When the computer restarted to run ComboFix, an internet explorer icon had been added to my desktop and Chrome was no longer my default browser. Plus, internet explorer asked me warned me that it was not the default browser, a warning which I had selected months ago not to be shown again.
 
Hi,

1. Download Bootkit Remover (note: it's a RAR archived file so you have to install compatible program, like 7-Zip if there's not one installed).

2. Extract the contents to own folder (BRemover folder) on your desktop.

3. Click start->run->type cmd.exe and press enter.

4. In command prompt type this (I assume you extracted folder contents to BRemover folder on your desktop):
Code: 
"%userprofile%\desktop\Bremover\remover.exe" >"%userprofile%\desktop\logit.txt"

5. Press enter once more to bring cursor back visible after entering the command above. After that operation there should be logit.txt file on your desktop. Attach it to your post, please.
 
Hi,

1. Restart your computer
2. Before Windows loads, you will be prompted to choose which Operating System to start
3. Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press enter.
5. At the C:\Windows prompt, type the following bolded text, and press Enter (agree confirmation):

fixmbr

6. At the next prompt, type the following bolded text, and press Enter:

exit

Windows will now begin loading. Re-run Bootkit Remover as instructed in my previous post. Post back fresh logit.txt contents.
 
Here's my logit.txt.
It appears that iexplorer.exe is no longer opening up on my computer, and I have not seen or heard any popup ads.
I still seem to have an excess of chrome.exe processes, but I assume that's unrelated and probably not malware.
Thanks again for all your help.


Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 6def5ffcbcdbdb4082f1015625e597bd
\\.\D: -> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
54 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Press any key to quit...
 
Hi again,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent
LimeWire


I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
c:\program files\1038578.dat
Folder::
c:\program files\BitTorrent
c:\documents and settings\Fray\Application Data\BitTorrent
c:\program files\LimeWire
Firefox::
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Get update 9.3.3 for Adobe Reader here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
 
Here's the Kaspersky report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, July 8, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, July 08, 2010 17:09:46
Records in database: 4242510
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 135957
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 03:39:55


File name / Threat / Threats count
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\57\a441979-2c761ccc Infected: Trojan-Clicker.Win32.Cycler.ajtm 1
C:\Qoobox\Quarantine\C\System Volume Information\Microsoft\services.exe.vir Infected: Trojan-Clicker.Win32.Cycler.ajtp 1
C:\Qoobox\Quarantine\C\System Volume Information\Microsoft\smss.exe.vir Infected: Trojan-Clicker.Win32.Cycler.ajtp 1

Selected area has been scanned.
 
Here's the new DDS


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 22:58:18.79 on Thu 07/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.530 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://goat.law.upenn.edu/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Google Update] "c:\documents and settings\fray\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [StartupDelayer] "c:\program files\r2 studios\startup delayer\Startup Launcher GUI.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SnoopFreeUI] SnoopFreeUI.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9l.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} - hxxp://www.worldwinner.com/games/v45/moneylist/moneylist.cab
DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} - hxxp://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229469238812
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277864066749
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\fray\applic~1\mozilla\firefox\profiles\mgf86utj.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxps://goat.law.upenn.edu/
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\fray\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\fray\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\fray\application data\mozilla\firefox\profiles\mgf86utj.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\fray\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-25 64288]
R0 SnoopFree;SnoopFree Driver;c:\windows\system32\drivers\SnopFree.sys [2010-7-7 9472]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-2 165456]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 25240]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-2 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-6-1 1778480]
R2 SnoopFreeSvc;Snoop Free Service;System32\SnoopFreeSvc.exe --> System32\SnoopFreeSvc.exe [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-5-28 14896]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-12 24652]

=============== Created Last 30 ================

2010-07-08 03:00:39 0 d-----w- c:\program files\SpywareBlaster
2010-07-08 02:56:32 0 d-----w- c:\docume~1\alluse~1\applic~1\COMODO
2010-07-08 02:08:25 0 d-----w- c:\program files\COMODO
2010-07-08 02:06:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader
2010-07-08 02:04:04 9472 ----a-w- c:\windows\system32\drivers\SnopFree.sys
2010-07-08 02:04:04 90112 ----a-w- c:\windows\system32\SnoopFreeSvc.exe
2010-07-08 02:04:04 45056 ----a-w- c:\windows\SnoopFreeDll.dll
2010-07-08 02:04:04 221184 ----a-w- c:\windows\SnoopFreeUI.exe
2010-07-06 02:25:46 0 d-sha-r- C:\cmdcons
2010-07-06 02:18:04 77312 ----a-w- c:\windows\MBR.exe
2010-07-06 02:18:04 256512 ----a-w- c:\windows\PEV.exe
2010-07-06 02:18:03 98816 ----a-w- c:\windows\sed.exe
2010-07-06 02:18:03 161792 ----a-w- c:\windows\SWREG.exe
2010-06-29 12:13:04 0 d-----w- c:\program files\Secunia
2010-06-29 04:22:40 38848 ----a-w- c:\windows\avastSS.scr
2010-06-29 04:11:58 0 d-----w- c:\docume~1\fray\applic~1\SUPERAntiSpyware.com
2010-06-29 04:11:58 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-06-29 04:11:28 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-29 02:31:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-25 06:32:13 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-25 04:13:28 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-25 01:10:57 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-19 17:02:12 0 d-----w- c:\program files\iTunes
2010-06-19 16:50:51 0 d-----w- c:\program files\Bonjour
2010-06-16 12:07:19 3278 ----a-w- c:\windows\system32\wbem\Outlook_01cb0d4c7806b654.mof
2010-06-09 03:35:49 285696 -c----w- c:\windows\system32\dllcache\atmfd.dll
2010-06-09 03:35:09 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

==================== Find3M ====================

2010-06-25 04:13:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-04 15:55:58 229312 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-02 02:14:50 304 ----a-w- c:\windows\system32\drivers\sthdae.log
2010-06-01 23:00:52 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-01 23:00:22 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-01 23:00:20 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-05-28 11:04:52 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-05-27 00:16:25 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-05-27 00:16:25 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-05-26 02:06:33 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-22 21:41:33 109056 --sha-r- c:\windows\system32\spupdsvc6.dll
2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 18:40:40 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-27 18:40:40 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-04-27 18:40:40 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2007-08-11 01:43:20 88 --sh--r- c:\windows\system32\5DF5FFAAF7.sys
2007-09-16 20:36:36 56 --sh--r- c:\windows\system32\F7AAFFF55D.sys
2007-09-16 20:36:36 4548 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 23:00:20.43 ===============
 
Here's Part 1 of the ComboFix report:

ComboFix 10-07-07.02 - Owner 07/08/2010 18:06:37.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.589 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FILE ::
"c:\program files\1038578.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\BitTorrent
c:\documents and settings\Owner\Application Data\BitTorrent\[NewTorrents.info]_The_Rolling_Stones-Exile_On_Main_Street-(Remastered)-2005-MTD.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\009_Bob_Dylan_-_Blonde_on_Blonde-1966-FAF_INT.rar.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\1966 - Blonde on Blonde.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\All The King's Men (1949) Robert Rossen Dual(Eng-Span).avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\bittorrent.lng
c:\documents and settings\Owner\Application Data\BitTorrent\bittorrent.log.1
c:\documents and settings\Owner\Application Data\BitTorrent\Bob Dylan - Blonde on Blonde.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\camp.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Cradle of Rome.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\001f8941718814420fd014f4b14667310ca92e83
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\013c7008e2e854259703c6b8afcc2ccbcdbab88b
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\045c46ea175fc84db4f5fcc3c556afefb6c33d07
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\077298fc0e4594fbc6dad3dc26590958cbda8488
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\07a300ce19984c4e68cc220139c4063d1ec9dcba
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\08193886f9255d5327e9c134031b648ad1b052a3
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\09b777ccf8444ce96d0243a39a7dfb266cffe735
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\0a6953724e8fd7bbca45b6e690a9e376d87cd800
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\0f7624eff899ff52ea20346e0649d8e2f732fac8
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\105e4ca0a8d31b1ec58cbc6f52a2c52db2b1f639
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\112dacdbb54acaaf43a2e7d61d25ef16587afad3
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\11a7b92910b4267a73d65303f3acc256b5e7bdbc
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\1285758555ab830b81abfa52b1b44a5dcde82564
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\1501f6ebccc6202e892392237977434bbe33557a
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\18fffaf3f00da67b0359cc63ac343b82715be9eb
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\1b6cc497de4a08e6f3295e2d8618a45b24c6fdd0
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\1d99c93ed9b151e747d4a9b2291aec615360898e
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\20039e286d1695f3c9600bbbd177376c63817360
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\2270c675bad4ee321c7f1be48d5d06217e967640
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\22f35ad26070a29f1c32eb7098db2765e95cc340
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\2642552871c85af480cc54a895604f917d424052
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\2abc8436d2782a0eb5091bff60ecbc8b23d3ce97
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\2da864746d295f0ec6ff277f6ffd3b5408d55cc8
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\2f036786f8a36fb23029e20f3637d07078114548
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\3052f5eb88bc31d71533c1a28c0b0aa53b22e6b7
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\325849f4dca50c95dac2838158cee5b8fa4c83aa
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\326153a05de19f8dae1cd886439446f267f7dfc5
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\33403fcf393bf69ad727f300ffd2e86ac044b248
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\35e90fbab98f935bfe9cd9c127612493c4ca3eaf
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\3dc6f43d1ba8056c7787046e8234a1c4542bdc54
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\3e3ced57eb87a36a1f4e411f011e1b58d3918832
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\3eb9196c6e3cb4b038421440190b8fc539759569
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\4082a23e5c184bde2bfdffe9157c272b83471ea2
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\45767d3bf06b1b44f1603c1962b52ebd700700d2
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\465795e784a0f9acefd28b96f1878c02fca83765
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\46af237a33b9636903f61137086f7d861a2278a7
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\48ce6ad92e87dd50217561ebd82668712554876f
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\4c4ed8a748218d5e08cb46f1a94c6c4c0521e1bd
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\4f7cbd4da862b5726201cea45e3a93344481c90f
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\512eb3c5cecd2b34efcaf5fb882a93ca9f6abd43
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\51725d12810de15bb0c315445e9f60ae2be46fa9
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\5478e1a984c296c1e62dc0df6faead6b5a25044d
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\55b21dcdfc4cb7f6e30173b1009bc741d32e982e
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\57c7a16a5177d38808df23305f16f86a0766a47c
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\5c304065a984d1f74a84c015e3320f8d125ecad2
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\5f573e42e83a4f73a4e541dbb697b74865c12a70
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\6293cf2bcab26a6e85fb2e9bc70d7f6abc57b05e
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\66746331612d7eac0608488c9b701a874773d3c2
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\6b00d9c54531eae5f644bad7193d647f38df2993
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\6d860d7a1a2f85d894b99f4f4b6cca0698109c7c
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\75ebed3108142177c4773c7b369a99547929aff6
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\7abe52064f5d0747a0f26604693b4c205ce49467
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\7dd43d57e3ef744176e787e8cceb4d6e65dbcd33
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\7fa8ad9a9fe474f3685cd9c7929c5479329660c4
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\8088cfa2adc219012ffe3132d4a95bc9d0b5a688
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\81e22025470ec7dbeca3b084f1f1d11a1d6c0410
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\820d50104e3d16d96b6bd57db94ab3d2ddaa34fb
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\83b35117aec44eb4f411a6a90e1af88c4ccfbd7f
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\88e247cca72f3c45cb17aabaffd55cbf81494117
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\8c9dd0cf99dafb0791cae614c36e560b3f657545
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\9053bc73b487f0b76fc55a25bd9a51d9fcd80722
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\925b0a85b57ffa03f4d84af129c9a4619d81979a
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\93a317ff6dee77dd6db0d6cf397692e8141cfc79
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\93bca5525fb12006a3a64aeac9bf9bbd2b05e3c5
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\95771626f7a44c5e965cac696d5ed8a323769767
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\95cece16cf9aff77b0c929f4c6966eab3e8c841c
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\95fad212cfa29f2055ab5d8cb260ccad590cd128
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\9645ff95ba5f8fbfd493a9e821f91513dfbe6c2d
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\9998174ceeca9a7a27c5919f96f0434ce070e8ba
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\9dfebbfc6d757daa489e499850baca773c752833
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\a081f294e7868f567a977d38635dc5fe23fa263c
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\a0dbf8e91073f30d9a9c7ac6cd58bf6905144576
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\a1b4da1d5c3b6ed48c6db1239578116dd53de1c8
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\a36afc863ec190b3881471f819a6b2e8a29c8bc1
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\a6b5d5e51f6469f4d65317620705fa43e4cea95e
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\aa65301568d43c0f1787bc10a374cd38e2c8d186
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\aab7e805659fe54e35a94fff72ecde05031a2283
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\ae5f65532a364a0bb8d8c6ea0cbaefe625e1dfaf
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\aebcf5f6a8a04c76e3981c0274a2ca57fd2015ff
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\b0a1284fa94d365fd4a4cc126f81a915f295df30
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\b16ef723b53ec8f0113a87896c851d17ea4de870
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\b4ae08cc61cb09ce6f750072e7b1d230f1c86a4a
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\b8d191b7677a310a4ed8c1fba4c4026dcf54f49d
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\bb465c652225a91cdb7886327cb82f712a1b4113
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\c6078577714a2ec45fb1265b0485cefe53c4c631
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\c67106d3fffb83ff22bf72a58b64a9fbe9d606c7
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\c6abf903afbef0643b908850499c6c2c88d36f23
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\c709a23739f39eefb563e33bf3ae30272d27de1d
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\c7717e5a23dc030ab1480647ea226980113b90cc
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\caa7bead1e4bacb4cab2611fad42f263c7ccc418
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\cc7a99a4a6562bcfcd7a707119ff5e09888df29a
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\cd4290f2ecfe8a19016778cb7929a71c7ce4217e
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\cdc88447d05b6c3ac8bec50e1b0e91f6f95971e1
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\cf3e23bbe98a22a4baa2be7cac996176e01adad9
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\d4a10bbf342a61a31200ea789fe52e1126469ac2
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\d6260e2b69f9c7d0dd5d87a6aebdd9662f79c040
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\d973d636f3476d0f7f50cafa032971cc615368a4
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\dd0f96b116a0d8b2f2594daeab992f6facb41120
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\de642c5283059b3ef344920cdc164b64e1c94d5b
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\dffa6627e012fe783d49743afabbec525c108284
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\e2283433093e6d9d529ea9b401b013233e19d3ce
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\e262a294399cd91ae65ad9a0da9887490a41e4ba
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\e769761a92e3f0a859ed6a3a737ff33957ee07ec
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\ea29199723c4b894fb76b3639e2016983d5cbf73
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\eddd44437e77cc35b04c6a64ba2442446a274ac8
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\efa5446e585b9b7fa5e91550144e1f0394d2eee5
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\efc27d1b9717a9e2e24eea31444d5899d0be894f
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\f0fa4304158cd4ae37681e6b00428b937635f9f0
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\f31e722a89a1cde35ac2d391da388bf75eef09e9
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\f33d82f5ee2dc996721242e0844d8eee52709a17
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\f375392ff94532727fa8d40f4f238274422cd15a
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\f5b07133667490068bd06182eef7dda3407bf79f
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\f5db8297a53672b4157189f6a19c958edce8330b
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\fc0c001f188c293376fba307d7bf476463c202ec
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\fd09c5db44469dbebb8c3dac0a512c009b793be0
c:\documents and settings\Owner\Application Data\BitTorrent\data\metainfo\fe712698921cff7b1147e7130f35b7605bedbf27
c:\documents and settings\Owner\Application Data\BitTorrent\data\resume\a0dbf8e91073f30d9a9c7ac6cd58bf6905144576
c:\documents and settings\Owner\Application Data\BitTorrent\data\resume\efa5446e585b9b7fa5e91550144e1f0394d2eee5
c:\documents and settings\Owner\Application Data\BitTorrent\data\routing_table
c:\documents and settings\Owner\Application Data\BitTorrent\data\torrents\a0dbf8e91073f30d9a9c7ac6cd58bf6905144576
c:\documents and settings\Owner\Application Data\BitTorrent\data\torrents\efa5446e585b9b7fa5e91550144e1f0394d2eee5
c:\documents and settings\Owner\Application Data\BitTorrent\data\ui_config
c:\documents and settings\Owner\Application Data\BitTorrent\data\ui_state
c:\documents and settings\Owner\Application Data\BitTorrent\Dexter.S03E05.HDTV.XviD-0TV.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Dexter.S03E06.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Dexter.S03E07.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Dexter.S03E11.HDTV.XviD-aAF.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Dexter.S04E10.Lost.Boys.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\dht.dat
c:\documents and settings\Owner\Application Data\BitTorrent\dht.dat.old
c:\documents and settings\Owner\Application Data\BitTorrent\House.S05E06.Joy.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\In.The.Heat.Of.The.Night.1967.25fps.592.848kbps.V7.WunSeeDee.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Marlon Brando - On The Waterfront (1954) DVDRip (SiRiUs sHaRe).torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Marty.1955.CLASSiC.DVDRip.Xvid-P2P.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Marvin Gaye - What's Going On [EAC-CUE-FLAC] [RePoPo].torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Precious Based on the Novel Push by Sapphire[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Precious.2009.BDRip.XviD-MegaPlay.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Precious.Based.On.The.Novel.Push.By.Sapphire.2009.Cam.TA.NoRar.www.crazy-torrent.com.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\resume.dat
c:\documents and settings\Owner\Application Data\BitTorrent\resume.dat.old
c:\documents and settings\Owner\Application Data\BitTorrent\rss.dat
c:\documents and settings\Owner\Application Data\BitTorrent\rss.dat.old
c:\documents and settings\Owner\Application Data\BitTorrent\settings.dat
c:\documents and settings\Owner\Application Data\BitTorrent\settings.dat.old
c:\documents and settings\Owner\Application Data\BitTorrent\So.You.Think.You.Can.Dance.S05E05.WS.PDTV.XviD-FQM.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\The Beach Boys - Pet Sounds LP.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\The Clash - London Calling (1979).torrent
c:\documents and settings\Owner\Application Data\BitTorrent\The Class Room.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\The Rolling Stones - Exile On Main Street.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\The Venture Brothers - 403 - Perchance to Dean [A-T].mkv.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Venture Brothers, The - S04E01 - Blood of the Father, Heart of Steel.avi.torrent
c:\documents and settings\Owner\Application Data\BitTorrent\Venture Brothers, The - S04E02 - Handsome Ransome [A-T].avi.torrent
c:\program files\1038578.dat
c:\program files\BitTorrent
c:\program files\BitTorrent\addrmap.dat
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\LimeWire
c:\program files\LimeWire\AlbumArtSmall.jpg
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\Folder.jpg
c:\program files\LimeWire\Incomplete\AlbumArt_{F3838509-61D1-428D-BA05-22B26DF4B0C3}_Large.jpg
c:\program files\LimeWire\Incomplete\AlbumArt_{F3838509-61D1-428D-BA05-22B26DF4B0C3}_Small.jpg
c:\program files\LimeWire\Incomplete\AlbumArtSmall.jpg
c:\program files\LimeWire\Incomplete\desktop.ini
c:\program files\LimeWire\Incomplete\downloads.bak
c:\program files\LimeWire\Incomplete\downloads.dat
c:\program files\LimeWire\Incomplete\Folder.jpg
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-httpclient.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-net.jar
c:\program files\LimeWire\lib\commons-pool.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\forms.jar
c:\program files\LimeWire\lib\foxtrot.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\guice-1.0.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\httpcore-nio.jar
c:\program files\LimeWire\lib\httpcore.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\id3v2.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\looks.jar
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\ProgressTabs.jar
c:\program files\LimeWire\lib\swt.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\themes.jar
c:\program files\LimeWire\lib\tray.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\Music\AlbumArt_{05280AB1-6E24-4A87-8F8B-07820A7FE78A}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{05280AB1-6E24-4A87-8F8B-07820A7FE78A}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{0AEEAA9B-7B33-45FD-9B82-C65C167272BD}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{0AEEAA9B-7B33-45FD-9B82-C65C167272BD}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{0CB8710B-C65E-4F4F-9603-26CAB3E10B3D}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{0CB8710B-C65E-4F4F-9603-26CAB3E10B3D}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{0FDE8556-A32A-4F40-99CD-4E11CED97DF0}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{0FDE8556-A32A-4F40-99CD-4E11CED97DF0}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{118A7E8F-F374-4018-8963-9833CE8C09BF}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{118A7E8F-F374-4018-8963-9833CE8C09BF}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{127E4420-BA5E-4387-AD83-856578587E1A}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{127E4420-BA5E-4387-AD83-856578587E1A}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{19AF6696-9F64-4D41-850F-61A27AA7637F}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{19AF6696-9F64-4D41-850F-61A27AA7637F}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{1A3A1B3E-5EE2-4F60-9F0A-9B408C9D51D1}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{1A3A1B3E-5EE2-4F60-9F0A-9B408C9D51D1}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{26612B8C-EBFB-4D9A-B2A9-D7916AEE7766}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{26612B8C-EBFB-4D9A-B2A9-D7916AEE7766}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{28E45BA2-68C4-4CAD-BA68-82F2AB55529E}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{28E45BA2-68C4-4CAD-BA68-82F2AB55529E}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{2A472501-1499-4215-82F3-4034C95BD82E}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{2A472501-1499-4215-82F3-4034C95BD82E}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{381DABEF-E240-441C-9E8B-05173BF9650C}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{381DABEF-E240-441C-9E8B-05173BF9650C}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{39AA2289-0AA0-4770-84AF-864C90442A9F}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{39AA2289-0AA0-4770-84AF-864C90442A9F}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{3CE3C11A-56E1-458A-AB58-D0F6D69DFE83}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{3CE3C11A-56E1-458A-AB58-D0F6D69DFE83}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{3F2B0869-1A05-47B8-89AA-5A0BBFBD1F46}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{3F2B0869-1A05-47B8-89AA-5A0BBFBD1F46}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{4158BB5A-5E5B-45FF-9F49-F3543513F3DB}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{4158BB5A-5E5B-45FF-9F49-F3543513F3DB}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{43BB9AFF-6B2F-4C7B-B566-A650D959FDDB}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{43BB9AFF-6B2F-4C7B-B566-A650D959FDDB}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{4E5518BA-2746-4A88-9A25-7F4A38514D5A}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{4E5518BA-2746-4A88-9A25-7F4A38514D5A}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{5529407E-960C-4C78-BA93-78BE309200BE}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{5529407E-960C-4C78-BA93-78BE309200BE}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{5F539604-02E3-4AD8-8376-D968B05A6B5C}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{5F539604-02E3-4AD8-8376-D968B05A6B5C}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{62B69233-32A5-486B-8127-EFB663D19376}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{62B69233-32A5-486B-8127-EFB663D19376}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{65D7680B-ADAE-451C-A5E2-F0A1AE5974FB}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{65D7680B-ADAE-451C-A5E2-F0A1AE5974FB}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{67290E0E-300F-442E-B05A-6611E767F52D}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{67290E0E-300F-442E-B05A-6611E767F52D}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{69AA7C01-7467-47D3-8D18-194DDEC754E8}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{69AA7C01-7467-47D3-8D18-194DDEC754E8}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{6A812DBF-1F55-4DA6-A85C-A1382D039615}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{6A812DBF-1F55-4DA6-A85C-A1382D039615}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{6C3B9FFF-2194-405B-8C38-E7FB2981EA1F}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{6C3B9FFF-2194-405B-8C38-E7FB2981EA1F}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{7A9EE721-BBD6-44E5-B2E1-412FF335543D}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{7A9EE721-BBD6-44E5-B2E1-412FF335543D}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{86BCFFB5-07F1-4D4C-9FB0-0B314FB0A062}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{86BCFFB5-07F1-4D4C-9FB0-0B314FB0A062}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{87D4E489-3AB8-4CD6-863F-47B9CCD6EADF}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{87D4E489-3AB8-4CD6-863F-47B9CCD6EADF}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{91627033-C532-4D09-8E3F-AF13BF6B7059}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{91627033-C532-4D09-8E3F-AF13BF6B7059}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{953B0960-73D2-4F4E-A16E-0941C1FFF000}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{953B0960-73D2-4F4E-A16E-0941C1FFF000}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{98E41011-3556-46D3-BCEC-66BA92241275}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{98E41011-3556-46D3-BCEC-66BA92241275}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{99583BF3-5EFA-4B14-8658-6F3202CCA0D0}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{99583BF3-5EFA-4B14-8658-6F3202CCA0D0}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{A63DD695-BD38-46CF-8CE2-CEA029652C3E}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{A63DD695-BD38-46CF-8CE2-CEA029652C3E}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{AA1EE25E-0C58-47FA-AD36-8FE7450AC6C6}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{AA1EE25E-0C58-47FA-AD36-8FE7450AC6C6}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{AA312C0C-561B-4F48-82D7-B42FCBAA6351}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{AA312C0C-561B-4F48-82D7-B42FCBAA6351}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{AB17E10F-3C12-4F0D-881F-0B9D6E810B09}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{AB17E10F-3C12-4F0D-881F-0B9D6E810B09}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{B1065323-FB36-4A2E-A2C7-639071B2ADF8}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{B1065323-FB36-4A2E-A2C7-639071B2ADF8}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{B17E9214-5DAE-422D-BEB3-162AA360B527}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{B17E9214-5DAE-422D-BEB3-162AA360B527}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{B2BDF5A1-2108-429B-A5D9-7BB561F1FE56}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{B2BDF5A1-2108-429B-A5D9-7BB561F1FE56}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{B4269CB1-ABE3-4962-87E8-66E203D6D4FF}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{B4269CB1-ABE3-4962-87E8-66E203D6D4FF}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{B6629345-46D7-451C-B474-FC0CE475BBDB}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{B6629345-46D7-451C-B474-FC0CE475BBDB}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{BA3FF567-3D79-4545-ABD8-3FEAEA856CC3}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{BA3FF567-3D79-4545-ABD8-3FEAEA856CC3}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{BC5BB3BA-78FF-429A-9F8F-B33C501BD5AE}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{BC5BB3BA-78FF-429A-9F8F-B33C501BD5AE}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{BE6F8B2B-D899-44C6-9F9D-C645B9471D5D}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{BE6F8B2B-D899-44C6-9F9D-C645B9471D5D}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{C0DD84DD-E3EA-4A83-A2A9-E4C690732C98}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{C0DD84DD-E3EA-4A83-A2A9-E4C690732C98}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{C396AD83-FBC5-474C-BC95-70F5A0504E2C}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{C396AD83-FBC5-474C-BC95-70F5A0504E2C}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{C5A2DF4A-2F0B-4723-9961-66523A2F0E6A}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{C5A2DF4A-2F0B-4723-9961-66523A2F0E6A}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{C75E0659-B0CC-4719-89C7-F76B4C562354}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{C75E0659-B0CC-4719-89C7-F76B4C562354}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{CB41246A-ECB1-4F58-86A7-BF0D57CF219D}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{CB41246A-ECB1-4F58-86A7-BF0D57CF219D}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{D33B69E8-72C9-4C7C-ADCE-F8B0F33BAC81}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{D33B69E8-72C9-4C7C-ADCE-F8B0F33BAC81}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{D9B891F9-9195-408F-87D4-70D13F648FCB}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{D9B891F9-9195-408F-87D4-70D13F648FCB}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{DD6EDFC3-4154-422E-9B3C-B4C79A2B0F3B}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{DD6EDFC3-4154-422E-9B3C-B4C79A2B0F3B}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{DE72FA6B-E46C-460D-A39F-62EB229DACA1}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{DE72FA6B-E46C-460D-A39F-62EB229DACA1}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{E0EE5810-2B23-4A7C-B7FD-4862301E1BF8}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{E0EE5810-2B23-4A7C-B7FD-4862301E1BF8}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{E168CC23-0DBF-499F-B409-DDA7744EC1BB}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{E168CC23-0DBF-499F-B409-DDA7744EC1BB}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{E60C6BF4-9DEF-4239-A7C9-8C5607ADC00D}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{E60C6BF4-9DEF-4239-A7C9-8C5607ADC00D}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{E837B963-2898-4EDA-A67D-16C593A1A52F}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{E837B963-2898-4EDA-A67D-16C593A1A52F}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{E9C477E6-4D4D-4BD1-B995-306056495D99}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{E9C477E6-4D4D-4BD1-B995-306056495D99}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{F7E2BE66-9402-4D07-9227-22BE4B94DEFC}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{F7E2BE66-9402-4D07-9227-22BE4B94DEFC}_Small.jpg
c:\program files\LimeWire\Music\AlbumArt_{FA677D6D-43CE-4746-85CD-787DE83BA90C}_Large.jpg
c:\program files\LimeWire\Music\AlbumArt_{FA677D6D-43CE-4746-85CD-787DE83BA90C}_Small.jpg
c:\program files\LimeWire\Music\AlbumArtSmall.jpg
c:\program files\LimeWire\Music\desktop.ini
c:\program files\LimeWire\Music\Folder.jpg
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\system volume information\Microsoft
c:\system volume information\Microsoft\services.exe
c:\system volume information\Microsoft\smss.exe
 
Here's Part 2 of the ComboFix report:

.
((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
.

2010-07-08 03:00 . 2010-07-08 03:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-08 03:00 . 2010-07-08 03:06 -------- d-----w- c:\program files\SpywareBlaster
2010-07-08 02:56 . 2010-07-08 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2010-07-08 02:08 . 2010-07-08 02:08 -------- d-----w- c:\program files\COMODO
2010-07-08 02:06 . 2010-07-08 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-07-08 02:04 . 2010-07-08 02:04 9472 ----a-w- c:\windows\system32\drivers\SnopFree.sys
2010-07-08 02:04 . 2010-07-08 02:04 90112 ----a-w- c:\windows\system32\SnoopFreeSvc.exe
2010-07-08 02:04 . 2010-07-08 02:04 45056 ----a-w- c:\windows\SnoopFreeDll.dll
2010-07-08 02:04 . 2010-07-08 02:04 221184 ----a-w- c:\windows\SnoopFreeUI.exe
2010-06-29 12:13 . 2010-06-29 12:13 -------- d-----w- c:\program files\Secunia
2010-06-29 04:22 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-29 04:12 . 2010-06-30 23:21 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-29 04:12 . 2010-06-29 04:12 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-29 04:12 . 2010-06-30 23:21 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-29 04:11 . 2010-06-29 04:11 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-06-29 04:11 . 2010-06-29 04:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-29 04:11 . 2010-06-29 04:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-29 02:31 . 2010-06-29 02:31 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-68e41b87-n\msvcp71.dll
2010-06-29 02:31 . 2010-06-29 02:31 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-68e41b87-n\jmc.dll
2010-06-29 02:31 . 2010-06-29 02:31 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7ceb4792-n\decora-d3d.dll
2010-06-29 02:31 . 2010-06-29 02:31 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7ceb4792-n\decora-sse.dll
2010-06-29 02:31 . 2010-06-29 02:31 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-68e41b87-n\msvcr71.dll
2010-06-29 02:31 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-29 02:23 . 2010-06-29 02:21 921376 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\JRERunOnce.exe
2010-06-29 02:23 . 2010-06-29 02:23 -------- d-----w- c:\program files\Common Files\Java
2010-06-28 22:35 . 2010-06-28 22:35 -------- d-----w- c:\program files\ERUNT
2010-06-25 06:32 . 2010-06-25 04:13 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-25 04:13 . 2010-06-25 04:12 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-25 04:09 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-06-25 01:17 . 2010-06-25 01:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-06-25 01:10 . 2010-06-25 04:10 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-25 01:04 . 2010-06-25 01:04 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-06-23 23:06 . 2010-06-23 23:06 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-23 23:06 . 2010-06-23 23:06 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-23 23:06 . 2010-06-23 23:06 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-23 23:06 . 2010-06-23 23:06 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-23 23:04 . 2010-06-23 23:04 84062 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-06-23 23:04 . 2010-06-23 23:04 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-23 23:03 . 2010-06-23 23:03 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-23 23:03 . 2010-06-23 23:03 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-23 23:03 . 2010-06-23 23:03 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-23 23:01 . 2010-06-23 23:01 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-06-19 17:02 . 2010-06-19 17:04 -------- d-----w- c:\program files\iTunes
2010-06-19 16:50 . 2010-06-19 16:50 -------- d-----w- c:\program files\Bonjour
2010-06-19 16:46 . 2010-06-19 16:46 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\2806\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\2806\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\2806\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\2806\AcrobatUpdater.exe
2010-06-09 03:35 . 2010-04-20 05:30 285696 -c----w- c:\windows\system32\dllcache\atmfd.dll
2010-06-09 03:35 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-30 02:22 . 2006-07-14 17:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-30 02:22 . 2006-07-14 17:44 -------- d-----w- c:\program files\CyberLink
2010-06-30 02:16 . 2006-07-14 17:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-30 01:43 . 2006-09-14 06:57 -------- d-----w- c:\program files\FileZilla
2010-06-29 02:30 . 2006-07-14 17:37 -------- d-----w- c:\program files\Java
2010-06-28 20:57 . 2010-06-02 04:06 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-06-02 04:07 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-06-02 04:07 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-06-02 04:07 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-06-02 04:07 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-06-02 04:07 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-06-02 04:07 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-06-02 04:07 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-25 04:13 . 2009-10-27 21:17 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-25 04:10 . 2008-01-05 07:18 -------- d-----w- c:\program files\Lavasoft
2010-06-25 04:09 . 2008-01-05 07:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-25 04:06 . 2009-06-30 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-25 01:17 . 2009-06-30 19:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-23 23:14 . 2010-06-02 03:41 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-23 23:14 . 2010-06-02 03:35 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-23 23:06 . 2006-12-20 18:28 -------- d-----w- c:\program files\DivX
2010-06-23 23:06 . 2007-01-26 17:29 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2010-06-23 23:03 . 2010-04-27 01:07 -------- d-----w- c:\program files\Auralog
2010-06-23 23:01 . 2010-06-02 03:37 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-23 23:01 . 2010-06-02 03:37 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-23 22:59 . 2009-02-03 05:40 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-19 17:03 . 2006-07-22 00:58 -------- d-----w- c:\program files\iPod
2010-06-19 17:03 . 2007-07-05 21:29 -------- d-----w- c:\program files\Common Files\Apple
2010-06-04 15:55 . 2010-06-04 15:55 229312 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-04 01:31 . 2010-06-04 01:31 -------- d-----w- c:\program files\DellSupport
2010-06-04 01:30 . 2006-07-21 02:02 -------- d--h--w- c:\documents and settings\Owner\Application Data\Gtek
2010-06-02 23:15 . 2010-06-02 23:15 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-06-02 23:15 . 2010-06-02 23:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-02 23:14 . 2010-06-02 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-02 04:06 . 2010-06-02 04:06 -------- d-----w- c:\program files\Alwil Software
2010-06-02 04:06 . 2010-06-02 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-02 03:37 . 2009-06-10 03:13 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-02 03:37 . 2010-06-02 03:37 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-02 03:37 . 2010-06-02 03:37 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-02 03:37 . 2010-06-02 03:37 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-02 03:37 . 2010-06-02 03:37 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-02 03:37 . 2010-06-02 03:37 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-02 03:37 . 2010-06-02 03:37 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-02 03:37 . 2010-06-02 03:37 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-02 03:36 . 2010-06-02 03:36 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-02 03:36 . 2010-06-02 03:36 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-02 03:09 . 2006-07-14 17:48 -------- d-----w- c:\program files\Common Files\AOL
2010-06-02 02:31 . 2006-07-14 17:43 -------- d-----w- c:\program files\Broadcom
2010-06-02 02:23 . 2010-06-02 02:23 -------- d-----w- c:\program files\Digital Line Detect
2010-06-02 02:19 . 2010-06-02 02:19 -------- d-----w- c:\program files\DIFX
2010-06-02 02:14 . 2010-06-02 02:14 304 ----a-w- c:\windows\system32\drivers\sthdae.log
2010-06-02 02:08 . 2010-06-02 02:08 69120 ----a-w- c:\documents and settings\All Users\Application Data\SupportSoft\DellSupportCenter\_default\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE
2010-06-02 02:08 . 2007-11-27 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2010-06-02 02:08 . 2010-06-02 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2010-06-02 02:08 . 2010-06-02 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC-Doctor
2010-06-02 02:07 . 2007-11-27 06:20 -------- d-----w- c:\program files\Dell Support Center
2010-06-02 02:06 . 2007-09-01 19:01 -------- d-----w- c:\program files\Common Files\SupportSoft
2010-06-02 02:06 . 2007-11-27 06:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-06-01 23:00 . 2010-06-01 23:00 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-01 23:00 . 2010-06-01 23:00 87824 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-06-01 23:00 . 2010-06-01 23:00 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-01 23:00 . 2010-06-01 23:00 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-05-28 11:04 . 2010-05-28 11:04 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-05-27 00:16 . 2010-05-27 00:16 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-05-27 00:16 . 2010-05-27 00:16 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-05-26 03:35 . 2010-05-22 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-26 02:16 . 2010-05-26 02:16 -------- d-----w- c:\program files\Alcohol Soft
2010-05-26 02:06 . 2007-02-11 17:58 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-22 21:41 . 2010-05-22 21:41 109056 --sha-r- c:\windows\system32\spupdsvc6.dll
2010-05-22 21:34 . 2008-08-05 05:14 -------- d-----w- c:\program files\AVG
2010-05-21 18:14 . 2010-06-03 02:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-06-02 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-06-02 23:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 18:40 . 2007-02-01 07:54 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-27 18:40 . 2006-07-14 17:55 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-04-27 18:40 . 2006-07-14 17:55 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-27 18:40 . 2005-04-25 07:03 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-04-22 02:14 . 2010-04-22 02:14 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-22 02:14 . 2010-04-22 02:14 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-22 02:14 . 2010-04-22 02:14 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-22 02:14 . 2010-04-22 02:14 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-22 02:14 . 2010-04-22 02:14 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-22 02:14 . 2010-04-22 02:14 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-22 02:14 . 2010-04-22 02:14 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-22 02:14 . 2010-04-22 02:14 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-22 02:14 . 2010-04-22 02:14 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2007-08-11 01:43 . 2006-09-08 02:54 88 --sh--r- c:\windows\system32\5DF5FFAAF7.sys
2007-09-16 20:36 . 2007-09-16 20:36 56 --sh--r- c:\windows\system32\F7AAFFF55D.sys
2007-09-16 20:36 . 2006-09-08 02:54 4548 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-07-06_02.35.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-08 21:58 . 2010-07-08 21:58 16384 c:\windows\Temp\Perflib_Perfdata_6b8.dat
+ 2010-07-08 21:58 . 2010-07-08 21:58 16384 c:\windows\Temp\Perflib_Perfdata_690.dat
+ 2010-07-07 01:35 . 2010-07-07 12:07 57344 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{F112FA19-8967-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 07:12 . 2010-07-07 07:16 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FF3CEF8C-8996-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 11:30 . 2010-07-07 11:34 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FE417CD2-89BA-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 11:44 . 2010-07-07 11:48 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FDAC482D-89BC-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 01:50 . 2010-07-07 01:54 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FC8AE85C-8969-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 03:51 . 2010-07-07 03:56 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FAAF66BE-897A-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 03:37 . 2010-07-07 03:41 31744 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F9BD99BC-8978-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 08:09 . 2010-07-07 08:13 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F96A0B1E-899E-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 07:55 . 2010-07-07 07:59 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F6CB16D4-899C-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 05:39 . 2010-07-07 05:43 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F417BB08-8989-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 09:56 . 2010-07-07 10:01 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F3D8A214-89AD-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 11:58 . 2010-07-07 12:02 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F1B33790-89BE-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 01:35 . 2010-07-07 01:40 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F112FA1A-8967-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 02:04 . 2010-07-07 02:08 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EC065C30-896B-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 08:23 . 2010-07-07 08:27 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E9A8FFC6-89A0-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 04:05 . 2010-07-07 04:09 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E76B84DD-897C-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 10:24 . 2010-07-07 10:29 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E432D01A-89B1-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 06:07 . 2010-07-07 06:11 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E41E76C0-898D-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 10:10 . 2010-07-07 10:15 17408 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E33052A2-89AF-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 05:52 . 2010-07-07 05:57 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E2FA985C-898B-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 02:32 . 2010-07-07 02:36 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DC99C2A6-896F-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 02:17 . 2010-07-07 02:22 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DB606F18-896D-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 04:33 . 2010-07-07 04:38 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DA745822-8980-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 08:51 . 2010-07-07 08:56 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DA6C1544-89A4-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 04:19 . 2010-07-07 04:23 31744 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D8968252-897E-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 08:37 . 2010-07-07 08:41 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D85C2E12-89A2-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 10:38 . 2010-07-07 10:43 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D3C61B72-89B3-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 06:21 . 2010-07-07 06:25 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D3AF5FBE-898F-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 02:46 . 2010-07-07 02:50 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CBF89A42-8971-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 04:47 . 2010-07-07 04:52 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C9DA56CC-8982-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 09:05 . 2010-07-07 09:09 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C9CD4F3A-89A6-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 11:07 . 2010-07-07 11:11 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C3960115-89B7-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 06:49 . 2010-07-07 06:53 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C3676DDC-8993-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 10:52 . 2010-07-07 10:56 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C35E2B7E-89B5-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 06:34 . 2010-07-07 06:39 17408 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C2AED94A-8991-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 03:14 . 2010-07-07 03:18 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BE6B3962-8975-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 07:32 . 2010-07-07 07:36 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BCB10A88-8999-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 05:16 . 2010-07-07 05:20 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BAEE7C3E-8986-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 03:00 . 2010-07-07 03:04 18944 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BAEC280C-8973-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 09:33 . 2010-07-07 09:37 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BA1B917E-89AA-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 05:01 . 2010-07-07 05:05 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B968DD70-8984-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 09:19 . 2010-07-07 09:23 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B9144F52-89A8-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 11:20 . 2010-07-07 11:25 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B3DE7F24-89B9-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 07:03 . 2010-07-07 07:07 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B2CB0A2C-8995-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 01:40 . 2010-07-07 01:45 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B0012B78-8968-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 03:28 . 2010-07-07 03:32 36864 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AD4BB45C-8977-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 07:45 . 2010-07-07 07:50 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{ACB9291A-899B-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 05:29 . 2010-07-07 05:34 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AA0F56B6-8988-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 09:47 . 2010-07-07 09:51 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A97F2DCE-89AC-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 11:49 . 2010-07-07 11:53 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A6E02B5C-89BD-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 07:17 . 2010-07-07 07:21 17920 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A5784496-8997-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 11:34 . 2010-07-07 11:39 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A4AEE33E-89BB-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 01:54 . 2010-07-07 01:59 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A1951066-896A-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 03:56 . 2010-07-07 04:00 28672 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9F936928-897B-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 03:42 . 2010-07-07 03:46 18432 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9EBE385E-8979-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 08:14 . 2010-07-07 08:18 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9EB6F500-899F-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 07:59 . 2010-07-07 08:04 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9BC22C0E-899D-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 10:15 . 2010-07-07 10:19 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9A2344BA-89B0-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 05:58 . 2010-07-07 06:02 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9A0C8906-898C-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 05:43 . 2010-07-07 05:47 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{990C6DE8-898A-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 10:01 . 2010-07-07 10:05 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{98F5DCEE-89AE-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 12:03 . 2010-07-07 12:07 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{96593CD6-89BF-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 02:23 . 2010-07-07 02:27 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{92BC48A8-896E-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 02:08 . 2010-07-07 02:13 17920 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{90F185A8-896C-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 08:28 . 2010-07-07 08:32 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8EB0C576-89A1-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 04:10 . 2010-07-07 04:14 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8E659606-897D-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 10:29 . 2010-07-07 10:33 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{89205BEC-89B2-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 06:11 . 2010-07-07 06:16 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{89073DDE-898E-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 02:36 . 2010-07-07 02:41 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{81FC21B2-8970-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 08:56 . 2010-07-07 09:00 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{80290DAC-89A5-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 04:38 . 2010-07-07 04:42 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7FCACB6C-8981-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 04:24 . 2010-07-07 04:28 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7DAC961E-897F-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 08:41 . 2010-07-07 08:46 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7D63F3C2-89A3-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 06:40 . 2010-07-07 06:44 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{79747EB4-8992-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 06:25 . 2010-07-07 06:29 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{78AB39AC-8990-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 10:43 . 2010-07-07 10:47 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{76EC461F-89B4-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 03:05 . 2010-07-07 03:09 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{71C742A0-8974-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 02:50 . 2010-07-07 02:55 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{70E8886E-8972-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 09:10 . 2010-07-07 09:14 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6EF4137C-89A7-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 04:52 . 2010-07-07 04:56 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6ED3CE60-8983-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 11:11 . 2010-07-07 11:16 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{69CEF3C4-89B8-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 10:57 . 2010-07-07 11:02 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6890DB82-89B6-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 06:53 . 2010-07-07 06:58 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{687D81A8-8994-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 03:19 . 2010-07-07 03:23 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6372FF12-8976-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 07:36 . 2010-07-07 07:41 17920 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{629DB1F8-899A-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 05:20 . 2010-07-07 05:24 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{600954BE-8987-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 09:38 . 2010-07-07 09:42 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5F50A3DC-89AB-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 05:06 . 2010-07-07 05:10 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5EB1029E-8985-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 09:23 . 2010-07-07 09:28 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5E090232-89A9-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 11:25 . 2010-07-07 11:29 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{58EFCE3C-89BA-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 03:32 . 2010-07-07 03:37 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{53B6B86E-8978-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 07:21 . 2010-07-07 07:27 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{523160AA-8998-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 07:50 . 2010-07-07 07:54 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{51B9C7BC-899C-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 05:34 . 2010-07-07 05:38 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4F066BF0-8989-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 09:52 . 2010-07-07 09:56 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4EAD191E-89AD-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 11:53 . 2010-07-07 11:58 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4C44ECC2-89BE-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 11:39 . 2010-07-07 11:44 18944 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4A6716F2-89BC-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 01:59 . 2010-07-07 02:03 16896 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{46B70FF4-896B-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 08:18 . 2010-07-07 08:23 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{44849DDE-89A0-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 04:01 . 2010-07-07 04:05 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4440957C-897C-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 03:46 . 2010-07-07 03:51 19968 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{43BED700-897A-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 08:04 . 2010-07-07 08:09 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{40CEB672-899E-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 10:20 . 2010-07-07 10:24 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3F3BBAE0-89B1-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 06:02 . 2010-07-07 06:06 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3F276186-898D-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 10:06 . 2010-07-07 10:10 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3E288CF2-89AF-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 05:48 . 2010-07-07 05:52 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3E0D0C8A-898B-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 02:27 . 2010-07-07 02:32 14848 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{37A9D47A-896F-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 02:13 . 2010-07-07 02:17 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{367A0A54-896D-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 08:32 . 2010-07-07 08:36 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{33BD4FDA-89A2-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 04:14 . 2010-07-07 04:19 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3389F7EE-897E-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 10:34 . 2010-07-07 10:38 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2E9A927C-89B3-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 06:16 . 2010-07-07 06:20 14848 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2E6E619E-898F-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 02:41 . 2010-07-07 02:45 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{26E74B2A-8971-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 09:00 . 2010-07-07 09:05 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2537FA6A-89A6-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 04:43 . 2010-07-07 04:47 17920 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{24AC6B7C-8982-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 04:28 . 2010-07-07 04:33 14848 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{22D5BCBA-8980-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 08:46 . 2010-07-07 08:51 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{225B08FC-89A4-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 11:02 . 2010-07-07 11:06 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1F9942C4-89B7-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 06:44 . 2010-07-07 06:49 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1E810918-8993-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 10:48 . 2010-07-07 10:52 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1DEB1BFC-89B5-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 06:30 . 2010-07-07 06:34 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1DB561B6-8991-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 03:09 . 2010-07-07 03:14 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{16F0693C-8975-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 02:55 . 2010-07-07 02:59 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{15DD3B4E-8973-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 04:57 . 2010-07-07 05:01 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{146117C0-8984-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 09:14 . 2010-07-07 09:18 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{140C89A2-89A8-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 07:27 . 2010-07-07 07:31 18432 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0FE016F0-8999-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 11:16 . 2010-07-07 11:20 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0EE2A536-89B9-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 06:58 . 2010-07-07 07:02 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0D7E204A-8995-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 03:23 . 2010-07-07 03:27 13824 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{085E288A-8977-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 05:25 . 2010-07-07 05:29 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{05079106-8988-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 09:42 . 2010-07-07 09:47 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{045D2E40-89AC-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 05:10 . 2010-07-07 05:15 23552 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{03DC8B94-8986-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 09:28 . 2010-07-07 09:33 14848 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0300176C-89AA-11DF-B964-0015C52421D5}.dat
+ 2010-06-25 04:31 . 2010-07-07 04:10 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
- 2010-06-25 04:31 . 2010-07-06 02:24 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
- 2010-06-25 01:04 . 2010-07-06 02:27 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2010-06-25 01:04 . 2010-07-07 01:38 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
- 2010-06-25 01:17 . 2010-07-06 02:05 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-06-25 01:17 . 2010-07-07 11:25 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2010-06-29 12:40 . 2010-07-06 02:24 16384 c:\windows\system32\config\systemprofile\Desktop\%USERPROFILE%\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2010-06-29 12:40 . 2010-07-07 01:35 16384 c:\windows\system32\config\systemprofile\Desktop\%USERPROFILE%\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
- 2006-07-21 01:58 . 2010-07-06 02:34 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-07-21 01:58 . 2010-07-07 01:38 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-07-07 11:44 . 2010-07-07 11:44 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FDAC482C-89BC-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 11:37 . 2010-07-07 11:37 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F7948680-89BB-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 09:42 . 2010-07-07 09:42 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F263B3BC-89AB-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 09:06 . 2010-07-07 09:06 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F23B0F5C-89A6-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 07:40 . 2010-07-07 07:40 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EE08F4DC-899A-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 06:36 . 2010-07-07 06:36 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EC86FEDC-8991-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 04:05 . 2010-07-07 04:05 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E76B84DC-897C-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 03:36 . 2010-07-07 03:36 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E4E36896-8978-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 05:38 . 2010-07-07 05:38 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E20406A6-8989-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 11:07 . 2010-07-07 11:07 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C3960114-89B7-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 08:36 . 2010-07-07 08:36 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BDAD7CD8-89A2-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 11:13 . 2010-07-07 11:13 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BA608B22-89B8-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 06:06 . 2010-07-07 06:06 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B82DE014-898D-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 03:35 . 2010-07-07 03:35 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B2E77BC0-8978-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 09:11 . 2010-07-07 09:11 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AE24C6D6-89A7-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 07:10 . 2010-07-07 07:10 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AA296606-8996-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 03:06 . 2010-07-07 03:06 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A20EE120-8974-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 05:08 . 2010-07-07 05:08 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9FD8C626-8985-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 10:36 . 2010-07-07 10:36 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8F656A46-89B3-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 08:06 . 2010-07-07 08:06 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{89B3BC20-899E-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 05:35 . 2010-07-07 05:35 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{83CFFC98-8989-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 03:05 . 2010-07-07 03:05 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7E1BEC18-8974-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 10:43 . 2010-07-07 10:43 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{76EC461E-89B4-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 08:41 . 2010-07-07 08:41 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6CA06AF2-89A3-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 06:39 . 2010-07-07 06:39 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{67632CAC-8992-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 02:35 . 2010-07-07 02:35 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5EDFC04E-8970-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 04:37 . 2010-07-07 04:37 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5C432036-8981-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 10:06 . 2010-07-07 10:06 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5AFB9B08-89AF-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 07:07 . 2010-07-07 07:09 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{59255DC8-8996-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 07:36 . 2010-07-07 07:36 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{55B9FB68-899A-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 05:05 . 2010-07-07 05:05 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4FCCB278-8985-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 01:38 . 2010-07-07 01:38 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4A03F382-8968-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 02:35 . 2010-07-07 02:35 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{49A89372-8970-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 10:12 . 2010-07-07 10:12 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{35088C2A-89B0-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 12:07 . 2010-07-07 12:07 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2EEAF822-89C0-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 08:10 . 2010-07-07 08:10 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{27C8E78C-899F-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 09:36 . 2010-07-07 09:36 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{26942E24-89AB-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 06:09 . 2010-07-07 06:09 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{24A8DF14-898E-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 07:06 . 2010-07-07 07:06 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{20FCB9DC-8996-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 02:05 . 2010-07-07 02:05 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1B79C966-896C-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 04:35 . 2010-07-07 04:35 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1B7393B0-8981-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 04:07 . 2010-07-07 04:07 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{19C46D68-897D-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 02:05 . 2010-07-07 02:05 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1551D704-896C-11DF-B964-0015C52421D5}.dat
+ 2010-07-07 07:41 . 2010-07-07 07:45 9216 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{07A577A8-899B-11DF-B964-0015C52421D5}.dat
+ 2006-07-21 01:58 . 2010-07-07 12:03 573440 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-07-07 01:45 . 2010-07-07 01:50 130560 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{56C4668C-8969-11DF-B964-0015C52421D5}.dat
+ 2006-07-21 01:58 . 2010-07-07 01:38 9011200 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-07-21 01:58 . 2010-07-06 02:34 9011200 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\46df104.msp
+ 2010-07-08 02:09 . 2010-07-08 02:09 3648000 c:\windows\Installer\11c999.msi
+ 2010-06-25 01:04 . 2010-07-07 01:38 16187392 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
- 2010-06-25 01:04 . 2010-07-06 02:27 16187392 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
.
-- Snapshot reset to current date --
 
Here's Part 3 of the ComboFix report:

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-06-24 19:03 2835256 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-06-24 19:03 2835256 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-19 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SnoopFreeUI"="SnoopFreeUI.exe" [2010-07-08 221184]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9l.exe" [2010-06-07 221432]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk]
backup=c:\windows\pss\MozyHome Status.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-06-25 04:12 864112 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-10-09 23:17 2183168 ----a-w- c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-19 23:35 133104 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-05-10 14:22 405504 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-08 16:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-22 02:13 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dimension 4 5.0.350\\D4.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/25/2010 12:13 AM 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/2/2010 12:07 AM 165456]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/4/2010 11:55 AM 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/1/2010 7:00 PM 25240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/2/2010 12:07 AM 17744]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [5/28/2010 7:04 AM 14896]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/11/2007 1:58 PM 691696]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/12/2009 1:30 AM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-07-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 04:12]

2010-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826268918-2413449167-3315875096-1006Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-19 23:35]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826268918-2413449167-3315875096-1006UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-19 23:35]

2010-07-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

2010-07-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-826268918-2413449167-3315875096-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-07-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-826268918-2413449167-3315875096-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://goat.law.upenn.edu/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\mgf86utj.default\
FF - prefs.js: browser.startup.homepage - hxxps://goat.law.upenn.edu/
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-08 18:16
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,7c,58,0d,8d,20,13,49,aa,3c,92,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,7c,58,0d,8d,20,13,49,aa,3c,92,\

[HKEY_USERS\S-1-5-21-826268918-2413449167-3315875096-1006\Software\Local AppWizard-Generated Applications\MMDiag]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-826268918-2413449167-3315875096-1006\Software\Local AppWizard-Generated Applications\MMDiag\Recent File List]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-826268918-2413449167-3315875096-1006\Software\MusicMatch, Inc.\Musicmatch for WMP]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Borland\Database Engine\Settings]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\BVRP Software\Modem Helper]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\BVRP Software, Inc\Digital Line Detect]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\BVRP Software, Inc\NetWaiting]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9l.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9l.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Creative Tech\Installation]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Player\Schemes]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
"NoServices"=dword:00000000
"ServiceExtra"="Partner=Dell&MachineID=DK1ZBB1\00\00????i\00Ÿ'?\06\00'??\1d\00?'\00'\00\00?\06???\06???\00?\06??\00'??\00'?'\00\00\00\00\00\00?? \00????Ÿ'\00'\00\00\00'?\06???\06?\01\04\00?\06???\06??????????\00'\00\00???????\06\00'??\03\00?'\00'???\06???\06??????????????\0e\00???\06?\06\00\00???????'\00'???\06?\06?\06??\08\00??????Ÿ'????????????Ÿ'???????\06\00'Ÿ'?\06\01\00???'?\06???'?????'?????"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services\MTVN]
@DACL=(02 0000)
"FriendlyName"="URGE"
"ImageLargeURL"="http://store.urge.com/sitewide/wmp/img/urge_tmp.png"
"ImageMenuURL"="http://store.urge.com/sitewide/wmp/img/wmpdms_menuicon.jpg"
"ContentPartner"="true"
"ImageSmallURL"="http://store.urge.com/sitewide/wmp/img/error_logo.png"
"Task1ButtonText"="URGE"
"Task1ButtonTip"="URGE"
"Type"=dword:00000003

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Subscriptions]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Subscriptions\MTVN]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{EC9B8ACF-09C1-4C7B-A6BA-F5CBC478CA71}]
@DACL=(02 0000)
"FriendlyName"="res://MMRadioWMPPlugin.dll/RT_STRING/#102"
"Description"="res://MMRadioWMPPlugin.dll/RT_STRING/#103"
"Capabilities"=dword:c2000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP OOB\SP10\KB835221WXP\Filelist]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS]
@DACL=(02 0000)
"ProgID"="MsScp.SCPTRANS.1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-07-08 18:20:20
ComboFix-quarantined-files.txt 2010-07-08 22:20
ComboFix2.txt 2010-07-06 02:38

Pre-Run: 6,752,182,272 bytes free
Post-Run: 6,801,858,560 bytes free

- - End Of File - - DED0D856A151FF98CC9EFB359F0333F8
 
Hi,

Delete C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\57\a441979-2c761ccc file if found. How's the system running?
 
I found file a441979-2c761ccc and a441979-2c761ccc. in that folder. Should I delete both?

The computer seems to be running fine. A little slow, but I think that's because I have more security software running now. That's ok.

Thanks for all your help.
 
Hi,

Leave .idx file there.


Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis


Now lets uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK


Please download OTC and save it to desktop.
  • Double-click OTC.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok
  • Run Secunia vulnerability check here and fix its findings.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:
 
You must log in or register to reply here.
Back
Top