randolphr

I seem to be in the clear ..... yet, yesterday my Avira Guard suddenly turned off while I was online .... ran an ESET scan which found 3 instances of Win32/opencandy ..... ran ESET again last night (this time, i ran it while off line. The first time I've done that) and it found nothing. In the interim I have cleaned up my C drive so that it is 122 gigs free space out of 149 gigs total. I still have my suspicions .... Lastly, when I boot up, a screen quickly shows a Windows De-Bug mode (non highlighted) listed above my usual Windows start up listing which is highlighted. That's probably as a result of some option I clicked out of desperation last week. Your help was absolutely invaluable and I cannot thank you enough. I hope your summer is going great Randolph

Results of screen317's Security Check version 0.99.18 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Avira AntiVir Personal - Free Antivirus ESET Online Scanner v3 Avira successfully updated! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 23 Out of date Java installed! Adobe Flash Player 10.3.181.14 Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe ESET ESET Online Scanner OnlineCmdLineScanner.exe Windows Defender MsMpEng.exe ``````````End of Log````````````

ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=c3c8021022e2dc47adf4d1130cf85839 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-08-06 10:03:22 # local_time=2011-08-06 03:03:22 (-0800, Pacific Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 3883092 3883092 0 0 # compatibility_mode=768 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775125 100 94 0 77969411 46729 0 # compatibility_mode=6143 16777215 0 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=129695 # found=29 # cleaned=29 # scan_time=18591 C:\Program Files\eac-0.99pb5.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{01c6f898-b7d5-4538-a0eb-79dcef9b6808}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{0eaa6927-3e0f-48bd-8620-6c494ed5867e}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{2ab85742-1be7-45f7-ba5d-e68c8433cbc1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5d0cb010-3d28-4214-8cab-d382f8b9809e}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5e5588c2-bd55-4f28-883c-313af9983a4d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{6d904bd4-0609-4a20-aed4-8af927d7f2c1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{821f432c-e61f-42ed-8fab-13aa29c2c9b9}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{b8ee1795-b06b-4f45-91fd-e8b3cbd02000}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{c818c8ae-d1c2-4c9b-906e-567520e0745d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{dae608cf-93bd-43b5-b6b1-65237cb44175}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{db95c719-1f16-4e00-a235-e9f49de9878f}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP868\A0221565.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP871\A0222613.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP872\A0222657.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP874\A0222896.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223691.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223855.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223856.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223857.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223858.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223859.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223860.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223861.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223862.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223863.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223864.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP875\A0223865.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A11BAFE4-9F27-45AA-81F5-1790A25D9171}\RP877\A0224128.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

Hi screen317, thank you for helping me out with. I very much appreciate your expertise. Here is my ComboFix text & my new DDS log. ComboFix 11-08-03.03 - Randolph 08/03/2011 15:06:12.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.427 [GMT -7:00] Running from: c:\program files\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{01c6f898-b7d5-4538-a0eb-79dcef9b6808} c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{01c6f898-b7d5-4538-a0eb-79dcef9b6808}\chrome.manifest c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{01c6f898-b7d5-4538-a0eb-79dcef9b6808}\chrome\xulcache.jar c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{01c6f898-b7d5-4538-a0eb-79dcef9b6808}\defaults\preferences\xulcache.js c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{01c6f898-b7d5-4538-a0eb-79dcef9b6808}\install.rdf c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{0eaa6927-3e0f-48bd-8620-6c494ed5867e} c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{0eaa6927-3e0f-48bd-8620-6c494ed5867e}\chrome.manifest c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{0eaa6927-3e0f-48bd-8620-6c494ed5867e}\chrome\xulcache.jar c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{0eaa6927-3e0f-48bd-8620-6c494ed5867e}\defaults\preferences\xulcache.js c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{0eaa6927-3e0f-48bd-8620-6c494ed5867e}\install.rdf c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{2ab85742-1be7-45f7-ba5d-e68c8433cbc1} c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{2ab85742-1be7-45f7-ba5d-e68c8433cbc1}\chrome.manifest c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{2ab85742-1be7-45f7-ba5d-e68c8433cbc1}\chrome\xulcache.jar c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{2ab85742-1be7-45f7-ba5d-e68c8433cbc1}\defaults\preferences\xulcache.js c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{2ab85742-1be7-45f7-ba5d-e68c8433cbc1}\install.rdf c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5d0cb010-3d28-4214-8cab-d382f8b9809e} c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5d0cb010-3d28-4214-8cab-d382f8b9809e}\chrome.manifest c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5d0cb010-3d28-4214-8cab-d382f8b9809e}\chrome\xulcache.jar c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5d0cb010-3d28-4214-8cab-d382f8b9809e}\defaults\preferences\xulcache.js c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5d0cb010-3d28-4214-8cab-d382f8b9809e}\install.rdf c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5e5588c2-bd55-4f28-883c-313af9983a4d} c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5e5588c2-bd55-4f28-883c-313af9983a4d}\chrome.manifest c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5e5588c2-bd55-4f28-883c-313af9983a4d}\chrome\xulcache.jar c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5e5588c2-bd55-4f28-883c-313af9983a4d}\defaults\preferences\xulcache.js c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{5e5588c2-bd55-4f28-883c-313af9983a4d}\install.rdf c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{6d904bd4-0609-4a20-aed4-8af927d7f2c1} c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{6d904bd4-0609-4a20-aed4-8af927d7f2c1}\chrome.manifest c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{6d904bd4-0609-4a20-aed4-8af927d7f2c1}\chrome\xulcache.jar c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{6d904bd4-0609-4a20-aed4-8af927d7f2c1}\defaults\preferences\xulcache.js c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{6d904bd4-0609-4a20-aed4-8af927d7f2c1}\install.rdf c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{821f432c-e61f-42ed-8fab-13aa29c2c9b9} c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{821f432c-e61f-42ed-8fab-13aa29c2c9b9}\chrome.manifest c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{821f432c-e61f-42ed-8fab-13aa29c2c9b9}\chrome\xulcache.jar c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{821f432c-e61f-42ed-8fab-13aa29c2c9b9}\defaults\preferences\xulcache.js c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{821f432c-e61f-42ed-8fab-13aa29c2c9b9}\install.rdf c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{b8ee1795-b06b-4f45-91fd-e8b3cbd02000} c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{b8ee1795-b06b-4f45-91fd-e8b3cbd02000}\chrome.manifest c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{b8ee1795-b06b-4f45-91fd-e8b3cbd02000}\chrome\xulcache.jar c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{b8ee1795-b06b-4f45-91fd-e8b3cbd02000}\defaults\preferences\xulcache.js c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{b8ee1795-b06b-4f45-91fd-e8b3cbd02000}\install.rdf c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{c818c8ae-d1c2-4c9b-906e-567520e0745d} c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{c818c8ae-d1c2-4c9b-906e-567520e0745d}\chrome.manifest c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{c818c8ae-d1c2-4c9b-906e-567520e0745d}\chrome\xulcache.jar c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{c818c8ae-d1c2-4c9b-906e-567520e0745d}\defaults\preferences\xulcache.js c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{c818c8ae-d1c2-4c9b-906e-567520e0745d}\install.rdf c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{dae608cf-93bd-43b5-b6b1-65237cb44175} c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{dae608cf-93bd-43b5-b6b1-65237cb44175}\chrome.manifest c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{dae608cf-93bd-43b5-b6b1-65237cb44175}\chrome\xulcache.jar c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{dae608cf-93bd-43b5-b6b1-65237cb44175}\defaults\preferences\xulcache.js c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{dae608cf-93bd-43b5-b6b1-65237cb44175}\install.rdf c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{db95c719-1f16-4e00-a235-e9f49de9878f} c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{db95c719-1f16-4e00-a235-e9f49de9878f}\chrome.manifest c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{db95c719-1f16-4e00-a235-e9f49de9878f}\chrome\xulcache.jar c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{db95c719-1f16-4e00-a235-e9f49de9878f}\defaults\preferences\xulcache.js c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\extensions\{db95c719-1f16-4e00-a235-e9f49de9878f}\install.rdf c:\documents and settings\Randolph\tklwnvwzsp.tmp c:\documents and settings\Randolph\WINDOWS c:\program files\121495_ENU_ia64_zip.exe c:\program files\messenger\msmsgsin.exe c:\program files\Setup.exe c:\windows\SW_Win9423X24.DLL c:\windows\system32\_003544_.tmp.dll . . ((((((((((((((((((((((((( Files Created from 2011-07-03 to 2011-08-03 ))))))))))))))))))))))))))))))) . . 2011-08-03 21:54 . 2011-08-03 21:57 4163573 ------r- c:\program files\ComboFix.exe 2011-08-02 10:30 . 2011-08-02 10:31 302592 ----a-w- c:\program files\4nt2yvuo.exe 2011-08-02 10:26 . 2011-08-02 10:27 607017 ------r- c:\program files\dds.scr 2011-08-02 09:50 . 2011-08-02 09:50 50477 ----a-w- c:\program files\Defogger.exe 2011-08-02 09:21 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{1E2D8D44-89AB-4B29-B378-2E12BC1C4F02}\mpengine.dll 2011-07-28 07:32 . 2011-07-28 07:32 3081376 ----a-w- c:\program files\install_flash_player.exe 2011-07-23 13:28 . 2011-07-23 13:30 -------- d-----w- c:\program files\InfraRecorder 2011-07-23 13:27 . 2011-07-23 13:27 2526968 ----a-w- c:\program files\ir043_ansi.exe 2011-07-23 11:55 . 2011-07-23 11:55 -------- d-----w- c:\documents and settings\Randolph\Application Data\ImgBurn 2011-07-23 11:49 . 2011-07-23 11:49 -------- d-----w- c:\program files\ImgBurn 2011-07-23 11:48 . 2011-07-23 11:48 5514668 ----a-w- c:\program files\SetupImgBurn_2.5.5.0.exe 2011-07-21 23:35 . 2011-07-21 23:35 -------- d-----w- c:\program files\iPod 2011-07-21 23:35 . 2011-07-21 23:36 -------- d-----w- c:\program files\iTunes 2011-07-21 23:30 . 2011-07-21 23:30 -------- d-----w- c:\program files\Bonjour 2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\system32\dnssd.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-28 08:44 . 2011-05-20 04:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-13 03:39 . 2009-11-12 13:47 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-07-07 21:24 . 2009-11-14 08:56 23126064 ----a-w- c:\program files\avc-free.exe 2011-07-07 02:52 . 2009-11-12 11:44 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 02:52 . 2009-11-12 11:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-30 12:21 . 2009-11-12 09:13 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe 2011-06-29 00:01 . 2010-02-13 08:23 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-06-29 00:01 . 2009-11-12 12:11 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-06-19 04:13 . 2010-04-23 01:47 3331742 ----a-w- c:\program files\streamtransport_setup.exe 2011-06-11 14:15 . 2011-06-11 14:15 388096 ----a-r- c:\documents and settings\Randolph\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-11 14:15 . 2011-06-11 14:15 1402880 ----a-w- c:\program files\HijackThis.msi 2011-06-04 04:15 . 2010-02-13 08:16 52676424 ----a-w- c:\program files\avira_antivir_personal_en.exe 2011-06-02 14:02 . 2002-09-03 17:11 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-31 15:09 . 2011-05-31 15:09 38808920 ----a-w- c:\program files\FileFormatConverters.exe 2011-05-31 15:06 . 2011-05-31 15:06 25685128 ----a-w- c:\program files\wordview_en-us.exe 2011-05-25 02:14 . 2009-11-12 13:47 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-22 01:30 . 2011-05-22 01:30 16215744 ----a-w- c:\program files\Dropbox 1.1.34.exe 2011-05-20 04:56 . 2010-06-29 02:05 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-05-20 04:56 . 2010-06-29 02:05 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-05-04 03:14 . 2011-05-04 03:14 565893 ----a-w- c:\program files\PerfectScreenRulerSetup.exe 2011-05-04 03:11 . 2011-05-04 03:11 907264 ----a-w- c:\program files\cruler2.exe 2011-04-24 08:46 . 2011-04-24 08:46 33789712 ----a-w- c:\program files\93.81_forceware_winxp2k_english.exe 2011-04-23 21:53 . 2011-04-23 21:53 870464 ----a-w- c:\program files\Font_Xplorer_122_Free.exe 2011-04-16 10:06 . 2009-12-25 03:37 4349192 ----a-w- c:\program files\DefragSetup.exe 2011-04-12 19:32 . 2011-04-12 19:31 4770672 ----a-w- c:\program files\BitTorrent-7.2.1.exe 2011-04-10 01:44 . 2011-04-10 01:43 13719264 ----a-w- c:\program files\aTube_Catcher.exe 2011-04-04 00:55 . 2011-04-04 00:55 772904 ----a-w- c:\program files\Mats_Run.winfilefolder.exe 2011-03-31 04:04 . 2011-03-31 04:04 11978408 ----a-w- c:\program files\winamp561_full_emusic-7plus_en-us.exe 2011-03-22 20:25 . 2011-03-22 20:25 12580112 ----a-w- c:\program files\Firefox Setup 4.0.exe 2011-03-21 14:58 . 2011-03-21 14:58 3436936 ----a-w- c:\program files\sd2setup.exe 2011-02-20 01:17 . 2011-02-20 01:17 292184 ----a-w- c:\program files\dxwebsetup.exe 2011-02-06 18:40 . 2011-02-06 18:40 883488 ----a-w- c:\program files\JavaSetup6u23.exe 2010-12-27 01:31 . 2010-12-27 01:30 20739420 ----a-w- c:\program files\imedia-converter-win_full669.exe 2010-12-23 12:14 . 2011-01-12 18:48 59325912 ----a-w- c:\program files\avira_antivir_personal_en(1).exe 2010-12-19 02:22 . 2010-12-19 02:22 4734152 ----a-w- c:\program files\CITP.EXE 2010-12-09 21:22 . 2010-12-09 19:06 31261760 ----a-w- c:\program files\GraboidVideoSetup-1.73-complete.exe 2010-12-09 21:06 . 2010-12-09 21:06 36507944 ----a-w- c:\program files\GraboidVideoSetup-2.01a-Complete.exe 2010-12-09 08:54 . 2011-01-02 04:44 11708760 ----a-w- c:\program files\winamp5601_full_emusic-7plus_en-us.exe 2010-12-02 16:44 . 2010-12-02 16:44 5489976 ----a-w- c:\program files\fey-converter-setup.exe 2010-12-02 16:32 . 2010-12-02 16:32 2546984 ----a-w- c:\program files\megamind-converter-setup.exe 2010-11-30 07:03 . 2010-10-08 05:23 568648 ----a-w- c:\program files\GoogleEarthSetup.exe 2010-11-24 09:48 . 2010-11-24 09:47 907010 ----a-w- c:\program files\vidmex.exe 2010-11-23 04:45 . 2010-11-23 04:45 1391616 ----a-w- c:\program files\iview427_setup.exe 2010-11-13 15:59 . 2011-01-04 09:18 19985265 ----a-w- c:\program files\vlc-1.1.5-win32.exe 2010-11-01 20:44 . 2010-11-01 20:42 407240 ----a-w- c:\program files\nwc1upd_1754_175c.exe 2010-10-15 18:51 . 2010-10-15 18:50 6274424 ----a-w- c:\program files\Silverlight.exe 2010-09-17 02:14 . 2010-09-17 02:14 554256 ----a-w- c:\program files\Mats_Run.dvd.exe 2010-09-01 11:08 . 2010-09-01 11:08 19657194 ----a-w- c:\program files\vlc-1.1.4-win32.exe 2010-08-31 12:21 . 2009-11-13 08:07 43594664 ----a-w- c:\program files\DivXInstaller.exe 2010-07-24 06:54 . 2010-07-24 06:54 11285608 ----a-w- c:\program files\winamp5581_full_emusic-7plus_en-us.exe 2010-06-02 08:05 . 2010-06-02 08:05 33850672 ----a-w- c:\program files\QuickTimeInstaller.exe 2010-05-22 09:11 . 2010-05-22 09:11 10196424 ----a-w- c:\program files\windows-kb890830-v3.7.exe 2010-05-18 07:06 . 2010-05-18 07:06 368112 ----a-w- c:\program files\X16-69453_DLM.exe 2010-05-17 06:23 . 2010-05-17 06:23 3170832 ----a-w- c:\program files\YouTubeDownloaderSetup255.exe 2010-05-07 03:43 . 2010-03-26 03:20 833003 ----a-w- c:\program files\youtubesetup.exe 2010-04-23 01:49 . 2010-04-23 01:49 142981 ----a-w- c:\program files\VTUploader2.0Setup.exe 2010-04-05 03:27 . 2010-04-05 03:27 783515 ----a-w- c:\program files\AltarsoftVideoCapture.exe 2010-04-02 06:15 . 2010-04-02 06:13 10327518 ----a-w- c:\program files\avidemux_2.5.2_win32.exe 2010-03-26 02:42 . 2010-03-26 02:42 3105415 ----a-w- c:\program files\YouTubeDownloaderSetup254.exe 2010-03-24 04:24 . 2010-03-24 04:23 916858 ----a-w- c:\program files\simpopdf2text.exe 2010-03-22 21:30 . 2010-03-22 21:29 3315704 ----a-w- c:\program files\YouSendItExpressSetup2_5_0.exe 2010-03-09 00:03 . 2010-03-09 00:03 24902766 ----a-w- c:\program files\K-Lite_Codec_Pack_570_Mega.exe 2010-03-08 23:54 . 2009-11-15 09:04 818200 ----a-w- c:\program files\RealPlayerSPGold.exe 2010-03-08 23:21 . 2010-03-08 23:20 1486161 ----a-w- c:\program files\tralih250164.exe 2010-03-07 19:59 . 2010-03-07 19:58 647728 ----a-w- c:\program files\R92578.EXE 2010-03-03 22:55 . 2010-03-03 22:55 1288264 ----a-w- c:\program files\Setup117_uk.exe 2010-02-22 07:50 . 2010-02-22 07:49 741331 ----a-w- c:\program files\End Task 1.0 setup.exe 2010-02-19 05:45 . 2010-02-19 05:45 12417842 ----a-w- c:\program files\klcodec520f.exe 2010-02-19 05:43 . 2010-02-19 05:43 8666733 ----a-w- c:\program files\vdm_free.exe 2010-02-12 03:59 . 2010-02-12 03:59 939956 ----a-w- c:\program files\7z465.exe 2010-02-08 06:44 . 2010-02-08 06:44 10798496 ----a-w- c:\program files\winamp5572_full_emusic-7plus_en-us.exe 2010-01-26 18:11 . 2010-12-05 14:14 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe 2010-01-15 02:14 . 2009-11-13 08:09 289584 ----a-w- c:\program files\utorrent.exe 2010-01-14 23:36 . 2010-01-14 23:35 769120 ----a-w- c:\program files\avira_antivir_premium.exe 2010-01-12 18:23 . 2010-01-12 18:23 6767744 ----a-w- c:\program files\Comcast Assisted Support Controls Setup.exe 2009-12-20 00:23 . 2009-12-20 00:23 2549024 ----a-w- c:\program files\eac-0.99pb5.exe 2009-12-18 19:24 . 2009-12-18 19:24 2125249 ----a-w- c:\program files\burrrn_package.exe 2009-12-16 23:32 . 2009-12-16 23:31 2069319 ----a-w- c:\program files\ecdc_v402_dlx.exe 2009-12-16 23:23 . 2009-12-16 23:22 623920 ----a-w- c:\program files\LADSPA_plugins-win-0.4.15.exe 2009-12-16 23:21 . 2009-12-16 23:20 10898354 ----a-w- c:\program files\audacity-win-unicode-1.3.10.exe 2009-11-24 03:23 . 2009-11-24 03:22 6973056 ----a-w- c:\program files\antispyware.exe 2009-11-14 13:56 . 2009-11-14 13:50 13042504 ----a-w- c:\program files\WMEncoder64.exe 2009-11-14 13:50 . 2009-11-14 13:50 9918872 ----a-w- c:\program files\WMEncoder.exe 2009-11-14 12:43 . 2009-11-14 12:42 7405568 ----a-w- c:\program files\xVST_2_3-static.msi 2009-11-14 12:32 . 2009-11-14 12:32 18539090 ----a-w- c:\program files\agree-free-avi-mpeg-mov-mp4-converter.exe 2009-11-14 11:31 . 2009-11-14 11:30 10044064 ----a-w- c:\program files\cinemaforge.exe 2009-11-13 21:14 . 2009-11-13 21:14 17259504 ----a-w- c:\program files\IE8-Setup-Full.exe 2009-11-13 06:33 . 2009-11-13 06:33 1374154 ----a-w- c:\program files\wrar390.exe 2009-11-13 03:57 . 2009-11-13 03:57 339257 ----a-w- c:\program files\CleanUp452.exe 2009-11-12 11:54 . 2009-11-12 11:54 9429952 ----a-w- c:\program files\windows-kb890830-v3.1.exe 2009-11-12 11:52 . 2009-11-12 11:52 5154304 ----a-w- c:\program files\WindowsDefender.msi 2009-11-12 11:50 . 2009-11-12 11:50 7966432 ----a-w- c:\program files\runalyz-1.6.1.24.exe 2009-11-12 11:48 . 2009-11-12 11:47 16409960 ----a-w- c:\program files\spybotsd162.exe 2009-11-12 11:43 . 2009-11-12 11:43 4045528 ----a-w- c:\program files\mbam-setup.exe 2006-12-02 17:26 . 2006-12-02 17:26 2572288 ----a-w- c:\program files\DCEz.exe 2006-10-01 18:00 . 2006-10-01 18:00 155648 ----a-w- c:\program files\DCAux2.dll 2006-09-14 11:39 . 2006-09-14 11:39 658944 ----a-w- c:\program files\WININET.dll 2006-07-12 16:01 . 2006-07-12 16:01 5732096 ----a-w- c:\program files\wmfdist95.exe 2005-10-16 17:22 . 2005-10-16 17:22 27136 ----a-w- c:\program files\AkRipDLL.dll 2003-07-09 00:46 . 2003-07-09 00:46 1718576 ----a-w- c:\program files\gdiplus.dll 2011-03-18 17:53 . 2011-03-22 20:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Randolph\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Randolph\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Randolph\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Randolph\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-13 39408] "cdloader"="c:\documents and settings\Randolph\Application Data\mjusbsp\cdloader2.exe" [2011-05-16 50592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-20 273544] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-02-23 111208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-02-23 13880424] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-12-16 21:18 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\real\\realplayer\\realplay.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Documents and Settings\\Randolph\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\BitTorrent\\BitTorrent.exe"= "c:\\Documents and Settings\\Randolph\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Randolph\\Application Data\\mjusbsp\\magicJack.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [4/16/2011 3:06 AM 13496] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/13/2010 1:23 AM 136360] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/12/2009 4:44 AM 366640] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/26/2010 7:09 PM 50704] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/12/2009 4:44 AM 22712] R3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys [12/16/2009 4:44 PM 110752] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 9:51 PM 135664] S2 NVSvc32;NVIDIA Display Driver Service ;c:\windows\system32\psnppagn32.exe --> c:\windows\system32\psnppagn32.exe [?] S2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providerComcast\bin\tgsrvc.exe /p providercomcast --> c:\program files\providerComcast\bin\tgsrvc.exe [?] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2/17/2010 10:16 PM 16512] S3 BCASPROT;Advanced System Protector;\??\c:\program files\Systweak\Advanced System Protector\sasprot32.sys --> c:\program files\Systweak\Advanced System Protector\sasprot32.sys [?] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 9:51 PM 135664] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/12/2009 4:44 AM 41272] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/22/2008 12:49 AM 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/22/2008 12:49 AM 8320] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 9:18 PM 23680] S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [9/3/2002 10:05 AM 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [11/14/2009 1:56 AM 25704] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [11/14/2009 2:02 AM 25704] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [11/14/2009 2:02 AM 25704] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [11/14/2009 2:02 AM 25704] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [11/14/2009 2:02 AM 25704] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Contents of the 'Scheduled Tasks' folder . 2011-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 20:34] . 2010-03-23 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p officejet 6100 series272A572217594EBCF1CEE215E352B92AD073FDE4261532366.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-10 01:56] . 2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 04:51] . 2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 04:51] . 2011-08-03 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20] . 2011-08-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-776561741-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47] . 2011-08-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-776561741-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47] . 2011-08-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2011-02-02 02:17] . 2011-08-03 c:\windows\Tasks\SmartDefrag_Startup.job - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-03-21 00:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://news.google.com/ uInternet Settings,ProxyOverride = 127.0.0.1;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html TCP: DhcpNameServer = 68.87.69.150 68.87.85.102 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - hxxp://www.nero.com/doc/NeroVersionChecker.cab FF - ProfilePath - c:\documents and settings\Randolph\Application Data\Mozilla\Firefox\Profiles\m98uu5g8.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 50505 FF - prefs.js: network.proxy.type - 1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS AddRemove-Convert Image To PDF_is1 - c:\program files\Softinterface AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-03 15:39 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(756) c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll . Completion time: 2011-08-03 15:48:02 ComboFix-quarantined-files.txt 2011-08-03 22:47 . Pre-Run: 60,444,332,032 bytes free Post-Run: 60,804,743,168 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn [spybotsd] timeout.old=30 . - - End Of File - - E441D118B01AB6BCAE72A1FC0EACF05B . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Randolph at 16:11:41 on 2011-08-03 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.342 [GMT -7:00] . AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\program files\real\realplayer\update\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://news.google.com/ uInternet Settings,ProxyOverride = 127.0.0.1;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - No File TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [cdloader] "c:\documents and settings\randolph\application data\mjusbsp\cdloader2.exe" MAGICJACK mRun: [bCMSMMSG] BCMSMMSG.exe mRun: [updReg] c:\windows\UpdReg.EXE mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t mPolicies-explorer: <NO NAME> = IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258017400906 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258083680796 DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - hxxp://www.nero.com/doc/NeroVersionChecker.cab DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab TCP: DhcpNameServer = 68.87.69.150 68.87.85.102 TCP: Interfaces\{7E563539-5019-4530-94BC-C9E3FD5C9293} : DhcpNameServer = 68.87.69.150 68.87.85.102 Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\randolph\application data\mozilla\firefox\profiles\m98uu5g8.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 50505 FF - prefs.js: network.proxy.type - 1 . ============= SERVICES / DRIVERS =============== . R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-4-16 13496] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-13 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-2-13 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-2-13 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-12 66616] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-11-12 366640] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-26 50704] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-12 22712] R3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys [2009-12-16 110752] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664] S2 NVSvc32;NVIDIA Display Driver Service ;c:\windows\system32\psnppagn32.exe --> c:\windows\system32\psnppagn32.exe [?] S2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providercomcast\bin\tgsrvc.exe /p providercomcast --> c:\program files\providercomcast\bin\tgsrvc.exe [?] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-2-17 16512] S3 BCASPROT;Advanced System Protector;\??\c:\program files\systweak\advanced system protector\sasprot32.sys --> c:\program files\systweak\advanced system protector\sasprot32.sys [?] S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-12 41272] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-22 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-22 8320] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680] S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\mtk.sys --> c:\windows\system32\drivers\mtk.sys [?] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-9-3 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-11-14 25704] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2009-11-14 25704] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2009-11-14 25704] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2009-11-14 25704] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2009-11-14 25704] . =============== Created Last 30 ================ . 2011-08-03 22:01:47 -------- d-sha-r- C:\cmdcons 2011-08-03 21:58:43 98816 ----a-w- c:\windows\sed.exe 2011-08-03 21:58:43 518144 ----a-w- c:\windows\SWREG.exe 2011-08-03 21:58:43 256000 ----a-w- c:\windows\PEV.exe 2011-08-03 21:58:43 208896 ----a-w- c:\windows\MBR.exe 2011-08-03 21:54:13 4163573 ------r- c:\program files\ComboFix.exe 2011-08-02 10:30:58 302592 ----a-w- c:\program files\4nt2yvuo.exe 2011-08-02 10:26:57 607017 ------r- c:\program files\dds.scr 2011-08-02 09:50:24 50477 ----a-w- c:\program files\Defogger.exe 2011-08-02 09:21:32 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{1e2d8d44-89ab-4b29-b378-2e12bc1c4f02}\mpengine.dll 2011-07-28 07:32:20 3081376 ----a-w- c:\program files\install_flash_player.exe 2011-07-23 13:28:08 -------- d-----w- c:\program files\InfraRecorder 2011-07-23 13:27:46 2526968 ----a-w- c:\program files\ir043_ansi.exe 2011-07-23 11:48:50 5514668 ----a-w- c:\program files\SetupImgBurn_2.5.5.0.exe 2011-07-21 23:35:43 -------- d-----w- c:\program files\iPod 2011-07-21 23:35:37 -------- d-----w- c:\program files\iTunes 2011-07-21 23:30:31 -------- d-----w- c:\program files\Bonjour 2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll . ==================== Find3M ==================== . 2011-07-28 08:44:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-07 21:24:51 23126064 ----a-w- c:\program files\avc-free.exe 2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-30 12:21:12 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe 2011-06-29 00:01:19 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-06-19 04:13:31 3331742 ----a-w- c:\program files\streamtransport_setup.exe 2011-06-11 14:15:07 1402880 ----a-w- c:\program files\HijackThis.msi 2011-06-04 04:15:32 52676424 ----a-w- c:\program files\avira_antivir_personal_en.exe 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-31 15:09:36 38808920 ----a-w- c:\program files\FileFormatConverters.exe 2011-05-31 15:06:22 25685128 ----a-w- c:\program files\wordview_en-us.exe 2011-05-30 08:38:20 252316 ----a-w- c:\windows\system32\nvdrsdb0.bin 2011-05-30 08:38:20 1 ----a-w- c:\windows\system32\nvdrssel.bin 2011-05-30 08:36:00 252316 ----a-w- c:\windows\system32\nvdrsdb1.bin 2011-05-25 02:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-22 01:30:51 16215744 ----a-w- c:\program files\Dropbox 1.1.34.exe 2011-05-20 04:56:45 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-05-20 04:56:45 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-05-04 03:14:46 565893 ----a-w- c:\program files\PerfectScreenRulerSetup.exe 2011-05-04 03:11:39 907264 ----a-w- c:\program files\cruler2.exe 2011-04-24 08:46:27 33789712 ----a-w- c:\program files\93.81_forceware_winxp2k_english.exe 2011-04-23 21:53:06 870464 ----a-w- c:\program files\Font_Xplorer_122_Free.exe 2011-04-16 10:06:16 4349192 ----a-w- c:\program files\DefragSetup.exe 2011-04-12 19:32:07 4770672 ----a-w- c:\program files\BitTorrent-7.2.1.exe 2011-04-10 01:44:29 13719264 ----a-w- c:\program files\aTube_Catcher.exe 2011-04-04 00:55:19 772904 ----a-w- c:\program files\Mats_Run.winfilefolder.exe 2011-03-31 04:04:40 11978408 ----a-w- c:\program files\winamp561_full_emusic-7plus_en-us.exe 2011-03-22 20:25:59 12580112 ----a-w- c:\program files\Firefox Setup 4.0.exe 2011-03-21 14:58:26 3436936 ----a-w- c:\program files\sd2setup.exe 2011-02-20 01:17:09 292184 ----a-w- c:\program files\dxwebsetup.exe 2011-02-06 18:40:54 883488 ----a-w- c:\program files\JavaSetup6u23.exe 2010-12-27 01:31:39 20739420 ----a-w- c:\program files\imedia-converter-win_full669.exe 2010-12-23 12:14:23 59325912 ----a-w- c:\program files\avira_antivir_personal_en(1).exe 2010-12-19 02:22:51 4734152 ----a-w- c:\program files\CITP.EXE 2010-12-09 21:22:03 31261760 ----a-w- c:\program files\GraboidVideoSetup-1.73-complete.exe 2010-12-09 21:06:23 36507944 ----a-w- c:\program files\GraboidVideoSetup-2.01a-Complete.exe 2010-12-09 08:54:50 11708760 ----a-w- c:\program files\winamp5601_full_emusic-7plus_en-us.exe 2010-12-02 16:44:51 5489976 ----a-w- c:\program files\fey-converter-setup.exe 2010-12-02 16:32:28 2546984 ----a-w- c:\program files\megamind-converter-setup.exe 2010-11-30 07:03:02 568648 ----a-w- c:\program files\GoogleEarthSetup.exe 2010-11-24 09:48:06 907010 ----a-w- c:\program files\vidmex.exe 2010-11-23 04:45:31 1391616 ----a-w- c:\program files\iview427_setup.exe 2010-11-13 15:59:20 19985265 ----a-w- c:\program files\vlc-1.1.5-win32.exe 2010-11-01 20:44:29 407240 ----a-w- c:\program files\nwc1upd_1754_175c.exe 2010-10-15 18:51:08 6274424 ----a-w- c:\program files\Silverlight.exe 2010-09-17 02:14:24 554256 ----a-w- c:\program files\Mats_Run.dvd.exe 2010-09-01 11:08:57 19657194 ----a-w- c:\program files\vlc-1.1.4-win32.exe 2010-08-31 12:21:27 43594664 ----a-w- c:\program files\DivXInstaller.exe 2010-07-24 06:54:10 11285608 ----a-w- c:\program files\winamp5581_full_emusic-7plus_en-us.exe 2010-06-02 08:05:13 33850672 ----a-w- c:\program files\QuickTimeInstaller.exe 2010-05-22 09:11:53 10196424 ----a-w- c:\program files\windows-kb890830-v3.7.exe 2010-05-18 07:06:44 368112 ----a-w- c:\program files\X16-69453_DLM.exe 2010-05-17 06:23:49 3170832 ----a-w- c:\program files\YouTubeDownloaderSetup255.exe 2010-05-07 03:43:14 833003 ----a-w- c:\program files\youtubesetup.exe 2010-04-23 01:49:44 142981 ----a-w- c:\program files\VTUploader2.0Setup.exe 2010-04-05 03:27:27 783515 ----a-w- c:\program files\AltarsoftVideoCapture.exe 2010-04-02 06:15:23 10327518 ----a-w- c:\program files\avidemux_2.5.2_win32.exe 2010-03-26 02:42:42 3105415 ----a-w- c:\program files\YouTubeDownloaderSetup254.exe 2010-03-24 04:24:01 916858 ----a-w- c:\program files\simpopdf2text.exe 2010-03-22 21:30:04 3315704 ----a-w- c:\program files\YouSendItExpressSetup2_5_0.exe 2010-03-09 00:03:46 24902766 ----a-w- c:\program files\K-Lite_Codec_Pack_570_Mega.exe 2010-03-08 23:54:08 818200 ----a-w- c:\program files\RealPlayerSPGold.exe 2010-03-08 23:21:02 1486161 ----a-w- c:\program files\tralih250164.exe 2010-03-07 19:59:36 647728 ----a-w- c:\program files\R92578.EXE 2010-03-03 22:55:05 1288264 ----a-w- c:\program files\Setup117_uk.exe 2010-02-22 07:50:01 741331 ----a-w- c:\program files\End Task 1.0 setup.exe 2010-02-19 05:45:45 12417842 ----a-w- c:\program files\klcodec520f.exe 2010-02-19 05:43:19 8666733 ----a-w- c:\program files\vdm_free.exe 2010-02-12 03:59:51 939956 ----a-w- c:\program files\7z465.exe 2010-02-08 06:44:36 10798496 ----a-w- c:\program files\winamp5572_full_emusic-7plus_en-us.exe 2010-01-26 18:11:08 444283 ----a-w- c:\program files\common files\WinPcapNmap.exe 2010-01-15 02:14:44 289584 ----a-w- c:\program files\utorrent.exe 2010-01-14 23:36:24 769120 ----a-w- c:\program files\avira_antivir_premium.exe 2010-01-12 18:23:39 6767744 ----a-w- c:\program files\Comcast Assisted Support Controls Setup.exe 2009-12-20 00:23:50 2549024 ----a-w- c:\program files\eac-0.99pb5.exe 2009-12-18 19:24:34 2125249 ----a-w- c:\program files\burrrn_package.exe 2009-12-16 23:32:07 2069319 ----a-w- c:\program files\ecdc_v402_dlx.exe 2009-12-16 23:23:29 623920 ----a-w- c:\program files\LADSPA_plugins-win-0.4.15.exe 2009-12-16 23:21:17 10898354 ----a-w- c:\program files\audacity-win-unicode-1.3.10.exe 2009-11-24 03:23:22 6973056 ----a-w- c:\program files\antispyware.exe 2009-11-14 13:56:27 13042504 ----a-w- c:\program files\WMEncoder64.exe 2009-11-14 13:50:34 9918872 ----a-w- c:\program files\WMEncoder.exe 2009-11-14 12:43:11 7405568 ----a-w- c:\program files\xVST_2_3-static.msi 2009-11-14 12:32:39 18539090 ----a-w- c:\program files\agree-free-avi-mpeg-mov-mp4-converter.exe 2009-11-14 11:31:40 10044064 ----a-w- c:\program files\cinemaforge.exe 2009-11-13 21:14:36 17259504 ----a-w- c:\program files\IE8-Setup-Full.exe 2009-11-13 06:33:56 1374154 ----a-w- c:\program files\wrar390.exe 2009-11-13 03:57:13 339257 ----a-w- c:\program files\CleanUp452.exe 2009-11-12 11:54:49 9429952 ----a-w- c:\program files\windows-kb890830-v3.1.exe 2009-11-12 11:52:15 5154304 ----a-w- c:\program files\WindowsDefender.msi 2009-11-12 11:50:44 7966432 ----a-w- c:\program files\runalyz-1.6.1.24.exe 2009-11-12 11:48:01 16409960 ----a-w- c:\program files\spybotsd162.exe 2009-11-12 11:43:53 4045528 ----a-w- c:\program files\mbam-setup.exe 2006-12-02 17:26:02 2572288 ----a-w- c:\program files\DCEz.exe 2006-10-01 18:00:32 155648 ----a-w- c:\program files\DCAux2.dll 2006-09-14 11:39:56 658944 ----a-w- c:\program files\WININET.dll 2006-07-12 16:01:04 5732096 ----a-w- c:\program files\wmfdist95.exe 2005-10-16 17:22:06 27136 ----a-w- c:\program files\AkRipDLL.dll 2003-07-09 00:46:50 1718576 ----a-w- c:\program files\gdiplus.dll . ============= FINISH: 16:15:34.85 ===============

02:13:28 Randolph IP-BLOCK 125.65.112.212 (Type: incoming) 02:57:17 Randolph MESSAGE Scheduled update executed successfully 02:57:18 Randolph MESSAGE IP Protection stopped 02:58:21 Randolph MESSAGE Database updated successfully 02:58:36 Randolph MESSAGE IP Protection started successfully 09:13:18 Randolph MESSAGE IP Protection stopped 09:17:03 Randolph MESSAGE Database updated successfully 09:17:29 Randolph MESSAGE IP Protection started successfully 14:11:27 (null) MESSAGE Protection started successfully 14:19:50 Randolph MESSAGE IP Protection started successfully 14:23:33 (null) IP-BLOCK 58.218.199.250 (Type: incoming) 14:28:56 Randolph MESSAGE Protection started successfully 14:30:59 Randolph MESSAGE IP Protection started successfully 14:33:29 Randolph IP-BLOCK 58.218.199.227 (Type: incoming) 14:33:29 Randolph IP-BLOCK 58.218.199.227 (Type: incoming) 14:33:41 Randolph IP-BLOCK 221.192.199.49 (Type: incoming) 14:33:41 Randolph IP-BLOCK 221.192.199.49 (Type: incoming)

. DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Randolph at 3:27:18 on 2011-08-02 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.283 [GMT -7:00] . AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\program files\real\realplayer\update\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Randolph\Application Data\mjusbsp\st00000\mjsetup.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Randolph\Application Data\mjusbsp\magicJack.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://news.google.com/ uSearch Page = hxxp://www.google.com uInternet Settings,ProxyOverride = 127.0.0.1;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: {fe698a24-d038-4282-b540-4bfbac2d2ae6} - c:\windows\system32\AudDesign32.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - No File TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [cdloader] "c:\documents and settings\randolph\application data\mjusbsp\cdloader2.exe" MAGICJACK mRun: [bCMSMMSG] BCMSMMSG.exe mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [updReg] c:\windows\UpdReg.EXE mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t mPolicies-explorer: <NO NAME> = IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258017400906 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258083680796 DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - hxxp://www.nero.com/doc/NeroVersionChecker.cab DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab TCP: DhcpNameServer = 68.87.69.150 68.87.85.102 TCP: Interfaces\{7E563539-5019-4530-94BC-C9E3FD5C9293} : DhcpNameServer = 68.87.69.150 68.87.85.102 Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\randolph\application data\mozilla\firefox\profiles\m98uu5g8.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 50505 FF - prefs.js: network.proxy.type - 1 FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\randolph\application data\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\documents and settings\randolph\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\npmirage.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\npwmsdrm.dll . ============= SERVICES / DRIVERS =============== . R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-4-16 13496] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-13 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-2-13 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-2-13 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-12 66616] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-11-12 366640] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-26 50704] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-12 22712] R3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys [2009-12-16 110752] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664] S2 NVSvc32;NVIDIA Display Driver Service ;c:\windows\system32\psnppagn32.exe --> c:\windows\system32\psnppagn32.exe [?] S2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providercomcast\bin\tgsrvc.exe /p providercomcast --> c:\program files\providercomcast\bin\tgsrvc.exe [?] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-2-17 16512] S3 BCASPROT;Advanced System Protector;\??\c:\program files\systweak\advanced system protector\sasprot32.sys --> c:\program files\systweak\advanced system protector\sasprot32.sys [?] S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-22 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-22 8320] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680] S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\mtk.sys --> c:\windows\system32\drivers\mtk.sys [?] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-9-3 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-11-14 25704] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2009-11-14 25704] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2009-11-14 25704] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2009-11-14 25704] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2009-11-14 25704] . =============== Created Last 30 ================ . 2011-08-02 10:26:57 607017 ------r- c:\program files\dds.scr 2011-08-02 09:50:24 50477 ----a-w- c:\program files\Defogger.exe 2011-08-02 09:21:32 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{1e2d8d44-89ab-4b29-b378-2e12bc1c4f02}\mpengine.dll 2011-07-30 02:42:18 343040 ----a-w- c:\windows\system32\AudDesign32.dll 2011-07-28 07:32:20 3081376 ----a-w- c:\program files\install_flash_player.exe 2011-07-26 11:15:12 0 ---ha-w- c:\documents and settings\randolph\tklwnvwzsp.tmp 2011-07-23 13:28:08 -------- d-----w- c:\program files\InfraRecorder 2011-07-23 13:27:46 2526968 ----a-w- c:\program files\ir043_ansi.exe 2011-07-23 11:48:50 5514668 ----a-w- c:\program files\SetupImgBurn_2.5.5.0.exe 2011-07-21 23:35:43 -------- d-----w- c:\program files\iPod 2011-07-21 23:35:37 -------- d-----w- c:\program files\iTunes 2011-07-21 23:30:31 -------- d-----w- c:\program files\Bonjour 2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll . ==================== Find3M ==================== . 2011-07-28 08:44:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-07 21:24:51 23126064 ----a-w- c:\program files\avc-free.exe 2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-30 12:21:12 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe 2011-06-29 00:01:19 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-06-19 04:13:31 3331742 ----a-w- c:\program files\streamtransport_setup.exe 2011-06-11 14:15:07 1402880 ----a-w- c:\program files\HijackThis.msi 2011-06-04 04:15:32 52676424 ----a-w- c:\program files\avira_antivir_personal_en.exe 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-31 15:09:36 38808920 ----a-w- c:\program files\FileFormatConverters.exe 2011-05-31 15:06:22 25685128 ----a-w- c:\program files\wordview_en-us.exe 2011-05-30 08:38:20 252316 ----a-w- c:\windows\system32\nvdrsdb0.bin 2011-05-30 08:38:20 1 ----a-w- c:\windows\system32\nvdrssel.bin 2011-05-30 08:36:00 252316 ----a-w- c:\windows\system32\nvdrsdb1.bin 2011-05-25 02:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-22 18:36:36 51 ----a-w- c:\windows\SW_Win9423X24.DLL 2011-05-22 01:30:51 16215744 ----a-w- c:\program files\Dropbox 1.1.34.exe 2011-05-20 04:56:45 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-05-20 04:56:45 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-05-15 11:09:43 2599696 ----a-w- c:\program files\setup.exe 2011-05-04 03:14:46 565893 ----a-w- c:\program files\PerfectScreenRulerSetup.exe 2011-05-04 03:11:39 907264 ----a-w- c:\program files\cruler2.exe 2011-04-26 01:20:31 20240744 ----a-w- c:\program files\gimp-2.6.11-i686-setup.exe 2011-04-24 08:46:27 33789712 ----a-w- c:\program files\93.81_forceware_winxp2k_english.exe 2011-04-23 21:53:06 870464 ----a-w- c:\program files\Font_Xplorer_122_Free.exe 2011-04-16 10:06:16 4349192 ----a-w- c:\program files\DefragSetup.exe 2011-04-12 19:32:07 4770672 ----a-w- c:\program files\BitTorrent-7.2.1.exe 2011-04-10 01:44:29 13719264 ----a-w- c:\program files\aTube_Catcher.exe 2011-04-04 00:55:19 772904 ----a-w- c:\program files\Mats_Run.winfilefolder.exe 2011-03-31 04:04:40 11978408 ----a-w- c:\program files\winamp561_full_emusic-7plus_en-us.exe 2011-03-22 20:25:59 12580112 ----a-w- c:\program files\Firefox Setup 4.0.exe 2011-03-21 14:58:26 3436936 ----a-w- c:\program files\sd2setup.exe 2011-02-20 01:17:09 292184 ----a-w- c:\program files\dxwebsetup.exe 2011-02-06 18:40:54 883488 ----a-w- c:\program files\JavaSetup6u23.exe 2010-12-27 01:31:39 20739420 ----a-w- c:\program files\imedia-converter-win_full669.exe 2010-12-23 12:14:23 59325912 ----a-w- c:\program files\avira_antivir_personal_en(1).exe 2010-12-19 02:22:51 4734152 ----a-w- c:\program files\CITP.EXE 2010-12-09 21:22:03 31261760 ----a-w- c:\program files\GraboidVideoSetup-1.73-complete.exe 2010-12-09 21:06:23 36507944 ----a-w- c:\program files\GraboidVideoSetup-2.01a-Complete.exe 2010-12-09 08:54:50 11708760 ----a-w- c:\program files\winamp5601_full_emusic-7plus_en-us.exe 2010-12-02 16:44:51 5489976 ----a-w- c:\program files\fey-converter-setup.exe 2010-12-02 16:32:28 2546984 ----a-w- c:\program files\megamind-converter-setup.exe 2010-11-30 07:03:02 568648 ----a-w- c:\program files\GoogleEarthSetup.exe 2010-11-24 09:48:06 907010 ----a-w- c:\program files\vidmex.exe 2010-11-23 04:45:31 1391616 ----a-w- c:\program files\iview427_setup.exe 2010-11-13 15:59:20 19985265 ----a-w- c:\program files\vlc-1.1.5-win32.exe 2010-11-01 20:44:29 407240 ----a-w- c:\program files\nwc1upd_1754_175c.exe 2010-10-15 18:51:08 6274424 ----a-w- c:\program files\Silverlight.exe 2010-09-17 02:14:24 554256 ----a-w- c:\program files\Mats_Run.dvd.exe 2010-09-01 11:08:57 19657194 ----a-w- c:\program files\vlc-1.1.4-win32.exe 2010-08-31 12:21:27 43594664 ----a-w- c:\program files\DivXInstaller.exe 2010-07-24 06:54:10 11285608 ----a-w- c:\program files\winamp5581_full_emusic-7plus_en-us.exe 2010-06-02 08:05:13 33850672 ----a-w- c:\program files\QuickTimeInstaller.exe 2010-05-22 09:11:53 10196424 ----a-w- c:\program files\windows-kb890830-v3.7.exe 2010-05-18 07:06:44 368112 ----a-w- c:\program files\X16-69453_DLM.exe 2010-05-17 06:23:49 3170832 ----a-w- c:\program files\YouTubeDownloaderSetup255.exe 2010-05-07 03:43:14 833003 ----a-w- c:\program files\youtubesetup.exe 2010-04-23 01:49:44 142981 ----a-w- c:\program files\VTUploader2.0Setup.exe 2010-04-05 03:27:27 783515 ----a-w- c:\program files\AltarsoftVideoCapture.exe 2010-04-02 06:15:23 10327518 ----a-w- c:\program files\avidemux_2.5.2_win32.exe 2010-03-26 02:42:42 3105415 ----a-w- c:\program files\YouTubeDownloaderSetup254.exe 2010-03-24 04:24:01 916858 ----a-w- c:\program files\simpopdf2text.exe 2010-03-22 21:30:04 3315704 ----a-w- c:\program files\YouSendItExpressSetup2_5_0.exe 2010-03-12 02:14:11 609746 ----a-w- c:\program files\121495_ENU_ia64_zip.exe 2010-03-09 00:03:46 24902766 ----a-w- c:\program files\K-Lite_Codec_Pack_570_Mega.exe 2010-03-08 23:54:08 818200 ----a-w- c:\program files\RealPlayerSPGold.exe 2010-03-08 23:21:02 1486161 ----a-w- c:\program files\tralih250164.exe 2010-03-07 19:59:36 647728 ----a-w- c:\program files\R92578.EXE 2010-03-03 22:55:05 1288264 ----a-w- c:\program files\Setup117_uk.exe 2010-02-22 07:50:01 741331 ----a-w- c:\program files\End Task 1.0 setup.exe 2010-02-19 05:45:45 12417842 ----a-w- c:\program files\klcodec520f.exe 2010-02-19 05:43:19 8666733 ----a-w- c:\program files\vdm_free.exe 2010-02-12 03:59:51 939956 ----a-w- c:\program files\7z465.exe 2010-02-08 06:44:36 10798496 ----a-w- c:\program files\winamp5572_full_emusic-7plus_en-us.exe 2010-01-26 18:11:08 444283 ----a-w- c:\program files\common files\WinPcapNmap.exe 2010-01-15 02:14:44 289584 ----a-w- c:\program files\utorrent.exe 2010-01-14 23:36:24 769120 ----a-w- c:\program files\avira_antivir_premium.exe 2010-01-12 18:23:39 6767744 ----a-w- c:\program files\Comcast Assisted Support Controls Setup.exe 2010-01-06 06:33:09 18234256 ----a-w- c:\program files\gimp-2.6.8-i686-setup.exe 2009-12-20 00:23:50 2549024 ----a-w- c:\program files\eac-0.99pb5.exe 2009-12-18 19:24:34 2125249 ----a-w- c:\program files\burrrn_package.exe 2009-12-16 23:32:07 2069319 ----a-w- c:\program files\ecdc_v402_dlx.exe 2009-12-16 23:23:29 623920 ----a-w- c:\program files\LADSPA_plugins-win-0.4.15.exe 2009-12-16 23:21:17 10898354 ----a-w- c:\program files\audacity-win-unicode-1.3.10.exe 2009-11-24 03:23:22 6973056 ----a-w- c:\program files\antispyware.exe 2009-11-14 13:56:27 13042504 ----a-w- c:\program files\WMEncoder64.exe 2009-11-14 13:50:34 9918872 ----a-w- c:\program files\WMEncoder.exe 2009-11-14 12:43:11 7405568 ----a-w- c:\program files\xVST_2_3-static.msi 2009-11-14 12:32:39 18539090 ----a-w- c:\program files\agree-free-avi-mpeg-mov-mp4-converter.exe 2009-11-14 11:31:40 10044064 ----a-w- c:\program files\cinemaforge.exe 2009-11-13 21:14:36 17259504 ----a-w- c:\program files\IE8-Setup-Full.exe 2009-11-13 06:33:56 1374154 ----a-w- c:\program files\wrar390.exe 2009-11-13 03:57:13 339257 ----a-w- c:\program files\CleanUp452.exe 2009-11-12 11:54:49 9429952 ----a-w- c:\program files\windows-kb890830-v3.1.exe 2009-11-12 11:52:15 5154304 ----a-w- c:\program files\WindowsDefender.msi 2009-11-12 11:50:44 7966432 ----a-w- c:\program files\runalyz-1.6.1.24.exe 2009-11-12 11:48:01 16409960 ----a-w- c:\program files\spybotsd162.exe 2009-11-12 11:43:53 4045528 ----a-w- c:\program files\mbam-setup.exe 2006-12-02 17:26:02 2572288 ----a-w- c:\program files\DCEz.exe . ============= FINISH: 3:29:42.98 =============== ark.zip attach.zip